Prosím o kontrolu logu

Zpráva

NiiKUss · #1 Příspěvek od **NiiKUss** » 24 črc 2010 20:25

Zdravím
Mám takoví malí dojem že už v něčem zase lítám..

Někde se mě ztrácí cca 50MB RAM
A při hraní podle hodnot FPS mi přijde jako kdyby vždy po pár sekundách klesalo, již uvedené FPS.
Service Pack mám 3jku jelikož kdysi sem potřeboval ty windows okleštit tak sem musel přepsat v registrech hodnotu DWORD na SV2...
(S tím volným místem na systémovém disku [759MB] už se pracuje

)

//EDIT:Ještě bych poprosil o radu jak nejlépe odstranil ovladače děkuji

// Jelikož odinstalace proběhla ale znáte, to bordel zanechali pěkný.. Konkrétně sem se snažil rozchodit BlueTooth...

Logfile of random's system information tool 1.08 (written by random/random)
Run by NiiKUss at 2010-07-24 21:15:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 759 MB (5%) free of 16 GB
Total RAM: 1535 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:15, on 2010-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\Alwil Software\Avast5\avastUI.exe
C:\Program Files\DU Meter\DUMeter.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
C:\Stahování\RSIT.exe
\?\D:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\Program Files\trend micro\NiiKUss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\Alwil Software\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MirandaIM] "D:\Program Files\Komunikace\Miranda IM\miranda32.exe" "D:\Program Files\Komunikace\Miranda IM\profiles\profile"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Typle.lnk = C:\Program Files\Typle2.0v\Typle.exe
O4 - Global Startup: Typle.lnk = C:\Program Files\Typle2.0v\Typle.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\nwprovau.dll' missing
O15 - Trusted IP range: http://192.168.1.254
O15 - ESC Trusted IP range: http://192.168.1.254
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5576602281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4286418343
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UPS - Unknown owner - D:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\www\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\www\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 5827 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
D:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
D:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
D:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
D:\WINDOWS\tasks\AdobeAAMUpdater-1.0-NIIKUSS-NiiKUss.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=D:\PROGRA~1\Alwil Software\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MirandaIM"=D:\Program Files\Komunikace\Miranda IM\miranda32.exe [2009-12-14 696928]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-03-13 1058816]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-04 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
D:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
D:\Program Files\AutoHideIP\AutoHideIP.exe [2010-03-30 2436952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CairoShell]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Documents and Settings\NiiKUss\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
D:\Program Files\Download Manager\DLM.exe [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 9\InCD\InCD.exe [2009-05-08 1116696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe [2009-05-08 1593880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroRebootSetup]
D:\Documents and Settings\NiiKUss\Local Settings\temp\nro.tmp\SetupX.exe SC -Reboot PIINSTALLTYPE=0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
D:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
D:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Steam\Steam.exe [2009-09-14 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system34]
D:\WINDOWS\SoftwareProtection\systemvital.exe [2010-03-17 624608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE [2010-07-01 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^NiiKUss^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
D:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2010-02-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WudfSvc"=3
"WMPNetworkSvc"=3
"idsvc"=3
"Bonjour Service"=2
"Ati HotKey Poller"=2
"Autodesk Licensing Service"=3
"avast! Mail Scanner"=3
"Spooler"=3
"SCardSvr"=3
"napagent"=3
"RDSessMgr"=0
"PnkBstrB"=3
"PnkBstrA"=3
"JavaQuickStarterService"=2

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Typle.lnk - C:\Program Files\Typle2.0v\Typle.exe

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Typle.lnk - C:\Program Files\Typle2.0v\Typle.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
D:\WINDOWS\system32\antiwpa.dll [2006-07-22 5376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMMyPictures"=1
"NoSMHelp"=1
"NoUserNameInStartMenu"=1
"NoDriveAutoRun"=67108863
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"HideRunAsVerb"=1
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoFileAssociate"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoResolveSearch"=1
"NoPopUpsOnBoot"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-24 21:07:29 ----D---- D:\Program Files\trend micro
2010-07-24 21:07:28 ----D---- D:\rsit
2010-07-24 17:46:55 ----D---- D:\WINDOWS\lhsp
2010-07-24 17:46:39 ----D---- D:\WINDOWS\speech
2010-07-22 21:43:17 ----A---- D:\nc.exe
2010-07-22 19:52:42 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\Ventrilo
2010-07-22 15:17:44 ----D---- D:\WINDOWS\pss
2010-07-22 02:01:59 ----A---- D:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2010-07-22 02:01:58 ----A---- D:\WINDOWS\system32\drivers\stream.sys
2010-07-22 02:01:57 ----A---- D:\WINDOWS\system32\drivers\portcls.sys
2010-07-22 02:01:56 ----A---- D:\WINDOWS\system32\ksuser.dll
2010-07-22 02:01:55 ----A---- D:\WINDOWS\system32\drivers\ks.sys
2010-07-22 02:01:55 ----A---- D:\WINDOWS\system32\drivers\drmk.sys
2010-07-21 21:41:53 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\TS3Client
2010-07-21 16:06:15 ----D---- D:\tools
2010-07-21 11:40:02 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-07-21 04:21:07 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\THeUDS
2010-07-20 18:43:52 ----D---- D:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2010-07-12 02:51:19 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\vlc
2010-07-08 19:20:32 ----D---- D:\Program Files\sXe Injected
2010-07-05 13:46:57 ----HDC---- D:\WINDOWS\ie8
2010-07-04 20:42:09 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-04 11:21:24 ----D---- D:\WINDOWS\Simple Port Forwarding
2010-07-03 01:42:26 ----D---- D:\Documents and Settings\All Users\Data aplikací\Nokia
2010-07-03 01:39:45 ----D---- D:\Program Files\MSXML 6.0
2010-07-03 01:29:32 ----N---- D:\WINDOWS\system32\spmsgXP_2k3.dll
2010-07-03 01:29:30 ----HDC---- D:\WINDOWS\$NtUninstallWdf01009$
2010-07-02 01:46:01 ----HDC---- D:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-07-02 01:20:20 ----D---- D:\Program Files\Microsoft.NET
2010-07-01 22:19:13 ----A---- D:\WINDOWS\system32\BASSMOD.dll
2010-07-01 22:17:23 ----D---- D:\Program Files\Common Files\Screaming Bee
2010-07-01 20:01:05 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\Nokia
2010-07-01 20:01:00 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\PC Suite
2010-07-01 20:00:58 ----D---- D:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-07-01 19:58:59 ----D---- D:\Program Files\Common Files\PCSuite
2010-07-01 19:58:23 ----D---- D:\Program Files\Common Files\Nokia
2010-07-01 19:56:57 ----D---- D:\Program Files\DIFX
2010-07-01 19:56:56 ----A---- D:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-07-01 19:56:33 ----D---- D:\Program Files\PC Connectivity Solution
2010-07-01 19:55:56 ----A---- D:\WINDOWS\system32\usbser_lowerfltj.sys
2010-07-01 19:55:55 ----A---- D:\WINDOWS\system32\usbser_lowerflt.sys
2010-07-01 19:55:54 ----A---- D:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-07-01 19:55:46 ----A---- D:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-07-01 19:55:46 ----A---- D:\WINDOWS\system32\nmwcdcocls.dll
2010-07-01 19:55:46 ----A---- D:\WINDOWS\system32\drivers\ccdcmb.sys
2010-07-01 19:55:33 ----A---- D:\WINDOWS\system32\nmwcdcls.dll
2010-07-01 01:25:56 ----D---- D:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-07-01 01:19:47 ----A---- D:\WINDOWS\system32\antiwpa.dll
2010-07-01 01:07:28 ----D---- D:\Program Files\Sun
2010-07-01 01:00:13 ----D---- D:\Program Files\Microsoft
2010-06-30 23:27:02 ----D---- D:\Documents and Settings\All Users\Data aplikací\IObit
2010-06-28 23:22:19 ----A---- D:\WINDOWS\system32\NVAPI.DLL
2010-06-28 23:19:36 ----D---- D:\Documents and Settings\All Users\Data aplikací\Caphyon
2010-06-28 23:19:34 ----D---- D:\Documents and Settings\All Users\Data aplikací\nHancer
2010-06-28 19:38:08 ----D---- D:\Program Files\GSC World Publishing
2010-06-28 19:02:39 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\IGN_DLM
2010-06-28 19:01:55 ----D---- D:\Program Files\Download Manager
2010-06-25 16:01:16 ----A---- D:\WINDOWS\system32\VBoxNetFltNotify.dll
2010-06-25 16:01:16 ----A---- D:\WINDOWS\system32\drivers\VBoxNetFlt.sys

======List of files/folders modified in the last 1 months======

2010-07-24 21:12:53 ----D---- D:\WINDOWS\Temp
2010-07-24 21:11:35 ----HD---- D:\WINDOWS\inf
2010-07-24 21:11:34 ----D---- D:\WINDOWS\system32\CatRoot2
2010-07-24 21:11:33 ----D---- D:\WINDOWS
2010-07-24 21:09:56 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\HLSW
2010-07-24 21:09:55 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\Skype
2010-07-24 21:07:29 ----RD---- D:\Program Files
2010-07-24 20:52:45 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\AIMP
2010-07-24 20:18:28 ----SD---- D:\WINDOWS\Tasks
2010-07-24 17:49:06 ----SHD---- D:\WINDOWS\Installer
2010-07-24 17:49:06 ----D---- D:\Config.Msi
2010-07-24 17:47:11 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-07-24 17:47:11 ----D---- D:\Program Files\Common Files
2010-07-24 17:46:55 ----RSD---- D:\WINDOWS\Fonts
2010-07-24 16:09:29 ----D---- D:\WINDOWS\Prefetch
2010-07-24 16:05:10 ----D---- D:\Program Files\totalcmd
2010-07-24 16:02:54 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\skypePM
2010-07-24 15:19:12 ----D---- D:\WINDOWS\system32
2010-07-24 15:19:12 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-07-22 19:56:43 ----SD---- D:\Documents and Settings\NiiKUss\Data aplikací\Microsoft
2010-07-22 15:17:04 ----D---- D:\WINDOWS\system32\drivers
2010-07-22 04:00:32 ----D---- D:\Program Files\Steam
2010-07-22 02:02:17 ----D---- D:\WINDOWS\system32\dllcache
2010-07-21 21:19:39 ----A---- D:\WINDOWS\win.ini
2010-07-21 21:19:39 ----A---- D:\WINDOWS\system.ini
2010-07-21 04:15:29 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\dvdcss
2010-07-21 03:42:53 ----DC---- D:\WINDOWS\system32\DRVSTORE
2010-07-12 18:48:52 ----D---- D:\WINDOWS\Debug
2010-07-12 02:57:11 ----A---- D:\WINDOWS\NeroDigital.ini
2010-07-09 09:46:54 ----RSD---- D:\WINDOWS\assembly
2010-07-05 13:50:56 ----D---- D:\WINDOWS\Help
2010-07-05 13:50:56 ----D---- D:\Program Files\Internet Explorer
2010-07-05 13:47:11 ----D---- D:\WINDOWS\WBEM
2010-07-05 13:47:11 ----D---- D:\WINDOWS\system32\en-us
2010-07-05 13:47:08 ----RD---- D:\WINDOWS\Offline Web Pages
2010-07-05 13:47:08 ----D---- D:\WINDOWS\Media
2010-07-05 13:37:23 ----D---- D:\WINDOWS\system32\cs-cz
2010-07-04 20:23:42 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\Adobe
2010-07-04 20:21:47 ----D---- D:\Program Files\Common Files\Adobe
2010-07-04 10:49:13 ----D---- D:\WINDOWS\WinSxS
2010-07-03 01:40:39 ----D---- D:\Documents and Settings\All Users\Data aplikací\Installations
2010-07-02 12:56:18 ----D---- D:\WINDOWS\Microsoft.NET
2010-07-02 01:45:48 ----D---- D:\WINDOWS\system32\XPSViewer
2010-07-02 01:45:32 ----D---- D:\WINDOWS\system32\mui
2010-07-01 22:24:01 ----D---- D:\Documents and Settings\All Users\Data aplikací\Screaming Bee
2010-07-01 22:17:42 ----D---- D:\WINDOWS\system32\config
2010-07-01 20:15:18 ----SD---- D:\WINDOWS\system32\Microsoft
2010-07-01 01:29:49 ----D---- D:\Documents and Settings\NiiKUss\Data aplikací\BITS
2010-07-01 01:27:11 ----SD---- D:\WINDOWS\Downloaded Program Files
2010-07-01 01:07:36 ----D---- D:\Documents and Settings\All Users\Data aplikací\Sun
2010-07-01 01:06:10 ----D---- D:\Program Files\Java
2010-06-28 22:24:31 ----D---- D:\WINDOWS\Minidump
2010-06-28 22:23:40 ----D---- D:\Program Files\CCleaner
2010-06-28 18:48:38 ----D---- D:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; D:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-17 64288]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; D:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; D:\WINDOWS\system32\DRIVERS\nvatabus.sys [2010-03-20 89856]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver; D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2010-03-20 16640]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); D:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); D:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); D:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-04-11 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;AMD Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2010-03-20 39424]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 ATITool;ATITool Overclocking Utility; D:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 InCDRec;Nero UDF File System Recognizer Driver; D:\WINDOWS\system32\DRIVERS\InCDRec.sys [2009-05-08 19096]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SBRE;SBRE; \??\D:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 VBoxDrv;VirtualBox Service; D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 41936]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 InCDFs;Nero UDF File System Driver; D:\WINDOWS\system32\DRIVERS\InCDFs.sys [2009-05-08 129944]
R3 InCDPass;Nero InCDPass Driver; D:\WINDOWS\system32\DRIVERS\InCDPass.sys [2009-05-08 48280]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-04 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-20 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-20 22016]
R3 Ps2;PS2; D:\WINDOWS\system32\DRIVERS\PS2.sys [2010-03-20 19072]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; D:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-05-04 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; D:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
R3 VBoxNetFlt;VBoxNetFlt Service; D:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
S3 arf1x067;arf1x067; D:\WINDOWS\system32\drivers\arf1x067.sys []
S3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\NiiKUss\LOCALS~1\Temp\catchme.sys []
S3 esihdrv;esihdrv; \??\D:\DOCUME~1\NiiKUss\LOCALS~1\Temp\esihdrv.sys []
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 aspnet_state;Stavová služba ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-15 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
S3 npggsvc;nProtect GameGuard Service; D:\WINDOWS\system32\GameMon.des [2009-10-11 3369044]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SwitchBoard;SwitchBoard; D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 wampapache;wampapache; c:\www\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\www\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 InCDSrv;InCD Helper; C:\Program Files\Nero\Nero 9\InCD\InCDSrv.exe [2009-05-08 1493528]
S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
S4 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2009-05-08 109080]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-03-17 75064]
S4 PnkBstrB;PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [2010-03-17 215104]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 24 črc 2010 21:10

Zdravím, vlož sem prosím log bez CODE blbě se to čte.

NiiKUss · #3 Příspěvek od **NiiKUss** » 25 črc 2010 12:33

Roli píše:Zdravím, vlož sem prosím log bez CODE blbě se to čte.

Doufám že postačí že sem předchozí příspěvek upravil, aby byl bez

Kód: Vybrat vše

#4 Příspěvek od **Roli** » 25 črc 2010 20:29

Tohle :

MiNODLogin

má být jako co ?

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

NiiKUss · #5 Příspěvek od **NiiKUss** » 26 črc 2010 00:26

Zmiňovaným programem jsem udělal prasárnu

Známému jsem jednorázově projel PC ESS4... (Já vím, zhřešil sem...)
A chtěl bych se zeptat na NetCat (NC.exe)? Vím že za určitých podmínek funguje jako BackDoor, ale už léta ho hojně používám. [Bez komplikací/problémů]

Jinak už nyní, mohu potvrdit zlepšení stavu. Konkrétně FPS čili bych řekl spíše CPU..

Log z ComboFix
ComboFix 10-07-24.04 - NiiKUss 2010-07-25 23:49:06.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1535.1186 [GMT 2:00]
Spuštěný z: d:\documents and settings\NiiKUss\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\NC.EXE
d:\windows\regedit.com
d:\windows\system32\1997D1067C.dll
d:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-25 do 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 08:56 . 2010-07-25 08:56 142592 ----a-w- d:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-25 08:56 . 2010-07-25 09:01 -------- d-----w- d:\program files\Spyware Terminator
2010-07-25 00:34 . 2010-07-25 00:18 15880 ----a-w- d:\windows\system32\lsdelete.exe
2010-07-24 19:07 . 2010-07-24 19:15 -------- d-----w- d:\program files\trend micro
2010-07-24 19:07 . 2010-07-24 19:07 -------- d-----w- D:\rsit
2010-07-24 17:19 . 2010-07-24 17:20 -------- d-----w- d:\documents and settings\NiiKUss\.android
2010-07-24 15:46 . 2010-07-24 15:46 -------- d-----w- d:\windows\lhsp
2010-07-24 15:46 . 2010-07-24 15:47 -------- d-----w- d:\windows\speech
2010-07-22 00:01 . 2006-09-26 21:21 21920 ----a-w- d:\windows\system32\drivers\ScreamingBAudio.sys
2010-07-22 00:01 . 2008-04-14 05:53 23552 ----a-w- d:\windows\system32\wdmaud.drv
2010-07-22 00:01 . 2008-04-13 20:15 49408 ----a-w- d:\windows\system32\drivers\stream.sys
2010-07-22 00:01 . 2008-04-13 20:49 146048 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-22 00:01 . 2008-04-14 05:51 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-22 00:01 . 2008-04-13 20:46 141056 ----a-w- d:\windows\system32\drivers\ks.sys
2010-07-22 00:01 . 2008-04-13 20:15 60160 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-21 14:06 . 2010-07-24 15:31 -------- d-----w- D:\tools
2010-07-21 01:44 . 2010-07-21 02:08 -------- d-----w- d:\documents and settings\NiiKUss\.VirtualBox
2010-07-08 17:20 . 2010-07-08 17:20 -------- d-----w- d:\program files\sXe Injected
2010-07-05 11:46 . 2010-07-05 11:47 -------- dc-h--w- d:\windows\ie8
2010-07-04 09:21 . 2010-07-04 09:21 -------- d-----w- d:\windows\Simple Port Forwarding
2010-07-02 23:39 . 2010-07-02 23:39 -------- d-----w- d:\program files\MSXML 6.0
2010-07-02 23:29 . 2008-11-07 16:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-07-01 23:20 . 2010-07-01 23:20 -------- d-----w- d:\program files\Microsoft.NET
2010-07-01 20:17 . 2010-07-01 20:17 -------- d-----w- d:\program files\Common Files\Screaming Bee
2010-07-01 17:58 . 2010-07-01 17:58 -------- d-----w- d:\program files\Common Files\PCSuite
2010-07-01 17:58 . 2010-07-09 07:45 -------- d-----w- d:\program files\Common Files\Nokia
2010-07-01 17:56 . 2010-07-01 17:56 -------- d-----w- d:\program files\DIFX
2010-07-01 17:56 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-07-01 17:56 . 2010-07-01 17:56 -------- d-----w- d:\program files\PC Connectivity Solution
2010-07-01 17:55 . 2010-02-26 12:32 8192 ----a-w- d:\windows\system32\usbser_lowerfltj.sys
2010-07-01 17:55 . 2010-02-26 12:32 8192 ----a-w- d:\windows\system32\usbser_lowerflt.sys
2010-07-01 17:55 . 2010-02-26 12:32 22528 ----a-w- d:\windows\system32\drivers\ccdcmbo.sys
2010-07-01 17:55 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-07-01 17:55 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-07-01 17:55 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-07-01 17:55 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-06-30 23:19 . 2006-07-22 21:49 5376 ----a-w- d:\windows\system32\antiwpa.dll
2010-06-30 23:07 . 2010-06-30 23:07 -------- d-----w- d:\program files\Sun
2010-06-30 23:00 . 2010-06-30 23:00 -------- d-----w- d:\program files\Microsoft
2010-06-30 22:55 . 2010-06-30 23:15 -------- d-----w- d:\documents and settings\NiiKUss\.nbi
2010-06-28 21:22 . 2004-01-18 23:35 6656 ----a-w- d:\windows\system32\NVAPI.DLL
2010-06-28 17:38 . 2010-06-28 17:38 -------- d-----w- d:\program files\GSC World Publishing
2010-06-28 17:01 . 2010-06-28 17:01 -------- d-----w- d:\program files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 21:46 . 2001-10-25 14:00 600742 ----a-w- d:\windows\system32\perfh005.dat
2010-07-25 21:46 . 2001-10-25 14:00 128488 ----a-w- d:\windows\system32\perfc005.dat
2010-07-25 08:17 . 2010-02-06 21:35 -------- d-----w- d:\program files\Komunikace
2010-07-24 23:57 . 2010-06-10 16:14 -------- d-----w- d:\program files\Lavasoft
2010-07-24 14:05 . 2010-03-05 22:07 -------- d-----w- d:\program files\totalcmd
2010-07-22 02:00 . 2010-01-23 02:30 -------- d-----w- d:\program files\Steam
2010-07-04 18:21 . 2010-01-26 22:24 -------- d-----w- d:\program files\Common Files\Adobe
2010-07-02 23:29 . 2010-07-02 23:29 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-02 23:29 . 2010-07-02 23:29 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-30 23:06 . 2009-12-30 00:37 -------- d-----w- d:\program files\Java
2010-06-28 20:23 . 2010-02-23 17:53 -------- d-----w- d:\program files\CCleaner
2010-06-25 14:01 . 2010-03-23 23:36 41936 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-25 14:01 . 2010-06-25 14:01 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll
2010-06-25 14:01 . 2010-06-25 14:01 111312 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-25 14:01 . 2010-03-23 23:36 142992 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2010-06-25 14:01 . 2010-02-12 19:34 100496 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-24 18:46 . 2010-01-22 23:14 -------- d-----w- d:\program files\Microsoft Bootvis
2010-06-20 13:49 . 2010-03-28 19:18 -------- d-----w- d:\program files\IrfanView
2010-06-19 13:31 . 2010-03-10 18:14 273508 ---ha-w- d:\windows\system32\mlfcache.dat
2010-06-16 22:17 . 2010-06-16 22:17 95024 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-06-16 22:16 . 2010-06-10 16:30 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2010-06-16 20:05 . 2010-06-16 20:05 -------- d-----w- d:\program files\Common Files\Skype
2010-06-10 16:20 . 2010-06-10 16:20 -------- d-----w- d:\program files\FCleaner
2010-06-10 15:46 . 2010-01-22 23:13 -------- d-----w- d:\program files\Smart PC Solutions
2010-06-10 15:39 . 2010-04-13 17:14 -------- d-----w- d:\program files\IObit
2010-06-10 14:38 . 2010-06-10 14:38 18944 ----a-w- d:\windows\system32\vbCPUInf.dll
2010-06-10 14:37 . 2010-06-10 14:37 -------- d-----w- d:\program files\CM Data Software
2010-06-10 14:37 . 2010-06-10 14:37 737280 ----a-w- d:\windows\iun6002.exe
2010-06-10 14:37 . 2010-06-10 14:37 -------- d-----w- d:\program files\Runtime Software
2010-06-10 14:34 . 2010-06-10 14:34 -------- d-----w- d:\program files\Recuva
2010-06-05 18:50 . 2010-05-02 10:31 -------- d-----w- d:\program files\AIMP2
2010-05-31 06:15 . 2010-05-31 06:15 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-05-30 22:17 . 2010-05-30 17:39 -------- d-----w- d:\program files\RegCleaner
2010-05-30 17:33 . 2010-05-30 17:33 -------- d-----w- d:\program files\ClearProg
2010-05-06 20:59 . 2010-04-10 22:47 38848 ----a-w- d:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-04-10 22:47 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-10 22:48 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-10 22:48 164048 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-10 22:48 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-04-10 22:48 100432 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-04-10 22:48 94800 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-04-10 22:48 19024 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-04-10 22:48 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-06-10 21:26 . 2010-02-13 22:13 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
.

------- Sigcheck -------

[-] 2004-05-13 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . d:\windows\system32\srsvc.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-05-08 16:14 97816 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MirandaIM"="d:\program files\Komunikace\Miranda IM\miranda32.exe" [2009-12-14 696928]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=d:\windows\pss\Bluetooth.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
backup=d:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Typle.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Typle.lnk
backup=d:\windows\pss\Typle.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^NiiKUss^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
backup=d:\windows\pss\OpenOffice.org 3.2.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CairoShell

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-04 18:15 500208 ------w- d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- d:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-14 17:24 307200 ----a-r- d:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
2010-03-30 13:51 2436952 ----a-w- d:\program files\AutoHideIP\AutoHideIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-05-06 20:59 2815192 ----a-w- d:\progra~1\Alwil Software\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ------w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-21 20:53 135664 ----atw- d:\documents and settings\NiiKUss\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- d:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2009-05-08 16:14 1116696 ----a-w- c:\program files\Nero\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 06:52 171008 ----a-w- d:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
2009-05-08 16:14 1593880 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-07-25 08:56 3037696 ----a-w- d:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13 61440 ----a-w- d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-09-14 10:57 1217808 ----a-w- d:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system34]
2010-03-17 19:06 624608 ----a-w- d:\windows\SoftwareProtection\systemvital.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Spooler"=3 (0x3)
"SCardSvr"=3 (0x3)
"napagent"=3 (0x3)
"RDSessMgr"=0 (0x0)
"PnkBstrB"=3 (0x3)
"PnkBstrA"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-06-10 64288]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;d:\windows\system32\drivers\nvcchflt.sys [2010-03-20 16640]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-04-11 164048]
R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [2010-06-17 95024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;d:\windows\system32\drivers\sp_rsdrv2.sys [2010-07-25 142592]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2010-03-24 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2010-03-24 41936]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-04-11 19024]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-07-20 504832]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-22 21920]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2010-02-12 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2010-06-25 111312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 esihdrv;esihdrv;\??\d:\docume~1\NiiKUss\LOCALS~1\Temp\esihdrv.sys --> d:\docume~1\NiiKUss\LOCALS~1\Temp\esihdrv.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-13 1352832]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2009-05-08 109080]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [2010-03-09 691696]

NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 1).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 2).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 3).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 4).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\AdobeAAMUpdater-1.0-NIIKUSS-NiiKUss.job
- d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-04 18:15]

2010-07-25 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:14]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
LSP: d:\windows\system32\LOILSP.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-NeroRebootSetup - d:\documents and settings\NiiKUss\Local Settings\temp\nro.tmp\SetupX.exe
AddRemove-HijackThis - I:\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 23:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,0a,07,fe,6b,3b,9b,47,97,97,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,0a,07,fe,6b,3b,9b,47,97,97,18,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="5A2D3B20AB5D8B345D72549F3286730738226A46016D6B13B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A9C6AECB7A5D1407453FF68D43E843BE3055479AF918FB7E791790DB0D500CF0D4AF04A350C556F967427B1C97F467D559B78B8E7082ED25391F6B322C9D0D88269BA31032F37046D4E19AF730BD400C61C85E7B8DCC5733EAE3538C37BB559F06372492B39FF9A680708627124DCC8A6DBACE539A32A00A0818D6E45FB9DA7063542FCC8CC6924CEB7FA7171935FC9EB500226A39F2A7AD9F2F3499A928075B4208A047C5EAD490B0651799F48736B788D14DFA5D543F4954E3E0ED6F1D3BE0392E0A6CBD14CBEEFA3FA3E1A7DC52EC47ABFEA14D9FADAA5C3285875C324AAA74E4328DA5CB77870A6B500708CF1D74E6CE146026A0AC43015CFE70F104F880B20D115B83A14D1FB40CD2084081D7AD703FA11CD628E9AA2266DC1805360554C74ED56FB0A8B39B600A95C35095389801C36E20248A0818B01A6450BE6D9CB7191262C4DA75868A0B0F38FD0AB1E659CA69F596A4211DEBB3058ED01A52E061A386C93A84A3979A448B0CE0940400B91200689245C73226C37707B169946B2BF69CD79383D329A1313219F7E9B995A6B19C290BC4DF466E12072FF151E34696B58C09F780A5F394887918B3DA882DB09516CE56B74E4B8DDE8C99F5CAF7F0C417CF8FF27B42A492199C796887A7BE0D3F0AA63485FAA6F08126908222885DFCE5A34F734352D959409BDDCEE8D13814C3D7AEC569D1B32C633390417854732A028B64CD0085A8CDF3399C82C8C6F9434C239A8EF445BEF3835A4AC2C11C8D5BDE4C1A382A0E19773B7C4106464BD83B175453F989498A22720521F747A67B448371734F90A2A502B4B009BA54A61EC1F4197255E0D6CC35595F2E37A6BD00B90C49A413530041BD8EE4676AB8A387BD4A5E48D006E8314EEFDABE3A4FAD51B7A5E31864E9E04D9E8D6C81428E13C43D925C5803D703D334852C52A187481C5E96986B0D1D8B23BB8ADEB251C548FB72D808DA648C27C751FC4D9D6EE5647EED3303EFB68BC38ED1F1168A8D201AC5AF3F9EBAD229DF1231CBFA8887D8DA8A5068FDAA72A6D6CEC043B149CDB4642F70FAA097100B38AD87FB36B1372289C98D34AF56B2B491190D929667CF6D87394FD4D14540E141092B2D44672B5352B4D62C7A5F4ECDC615DC89688F338B67590FAB3A4A6EB111851310AE3076581B3B7E758BE602E0CD5EFDE2961E7C9EEA7893EEA66287D1BE78DEEBC2420FECCC41794C4FC36CAF8185DD6FCCA7138FFD726625A67EDBEC672CD199900CD0A0541D6500F7FE1150BF8E93137FF145978F19B2E68EC0A184AB5FCF0A6E2E77D9A419"
"OODEFRAG12.00.00.01PROFESSIONAL"="A7D303A035304B5ABB2848AC9630C08947F7461FDDC5EBBE0E385A27AD7110E0DA1ABFA99BAC1D1DAB051E8DC42667C3AC20719BB39BB0A98A6C31E991B581A086725861AE0052FE6A76B1C452E601B5404B7ACF66CB1DF361A351EDE12C7CE0D105F5ED984A2863EC3EDF58C5F990F2E1F09347F76A1983812E605D3F10EEF8D71FD4BBB811B2B01CC118155B4D6F94E8B183CDA2EBE342CE041B25007F9BC32A2EC4F6203CD854D488E08C01B347B69F4D2574522B8B1D203E50F7AC80189E4C48AA161818D43C6840D3115BE0197BC2ABE5112767F688BF9E64CC03F8CD6DB5A4FD4E18D435DDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A9C6AECB7A5D1407B12CDE6DF49652A51D90EA34A712B4D67474F50F37B89C774915788C1BBF1DAE8B65DA356AC79E6D65F3394A2688CBAFE9EDF0144998C8590D20873E303EBA16779851C9C951A1D01A4DF98A1F2DFE40A3D8D133A9345276B6C36E78F1E3DB89F7DD1D3987723B4C6A2C1F43C5095292205F3D1E677D8209AF622AEB6C2AB1170470AD544DD0235E7B44AB877D0AA3384FCE6CC74649FBD1D502460EE170C051873087B17A706288E3ED38AD64FD1F449616AC683DD0B117FA4C669845F8E0CB619DBFAD9EBFD6D230A471D2C71C484C4F4CDF7DF732E9A06690400840694022E36103E27F8B33466089965528F975EE4628FAC5D56E42BAD03E1F9D2E4D5F70D6458FB61889FBF2E85EFDD7BE96534ABB8887C4EAEAA9B6E86CDF5E201292D9F4B9BA4D13CF0B6B310D8DC1F551DE82666DA144FEF064E8D0D57514D98A83826D506911D5D98EC59520C23EE96EEABEEDFAFC500C2F09A91ED666CBD5ED2D1563BF18B0F286889BE6482EBC6F151FAB6F7B5C38C3B485D5DA724DD5BED4E2BF6C64569D359A4E0FE758F2EF0CD376777CDB1A110879974E06CD58C875BFC632963C478F99BC893ED04A4B4FFA1ABDD61A2CA232F054D37811B3C7FB0F0F53235DE9A17E52F839D34E3881962ABC9A80C02179384A05223BE012740E540B55CDB635B02A44BE2DF700E1F6C3BB7381B15D94310213AABD8351F9C7DE40DBEBEC0808D394095F8CD9F92C9F1B865C3E29D10374B5FE4DB7442EA1BF1585128E45AD71FE04ED94D0ACC31F83A296F4EF2AF28C01BA7654F1EEBCE26F99879F831AF326B881757848275A66402628A387FC0978A73C930DA5FE30BB7B98DD5A6835A0F91D5B540C13032D518334AE314EEC52ACCD2C262A5E6FB3CDA004D5FC2F65EAE95B25F330A8FEA154932151485DC97E376BBC33C0FAC0E45FAA1071251AFBFB153534722E52DF8D07C8046AF924E6B4CA0FE76FC9B078D65A7D37E256454EF33C032221B1ADE8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1008)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\antiwpa.dll
.
Celkový čas: 2010-07-25 23:54:47
ComboFix-quarantined-files.txt 2010-07-25 21:54

Před spuštěním: 948,318,208
Po spuštění: 976,465,920

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[Boot Loader]
timeout=2
default=F:\
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP NiiKUss LITE" /noexecute=optin /fastdetect /usepmtimer /noguiboot

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 022275C12339BEA28AD82393E9AC0E9A

#6 Příspěvek od **Roli** » 26 črc 2010 21:43

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::  
c:\program files\ESET

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

NiiKUss · #7 Příspěvek od **NiiKUss** » 26 črc 2010 23:10

ComboFix 10-07-24.06 - NiiKUss 2010-07-26 23:58:31.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1535.978 [GMT 2:00]
Spuštěný z: d:\documents and settings\NiiKUss\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\NiiKUss\Plocha\CFScript.txt.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ESET
c:\program files\ESET\MiNODLogin\MiNODLogin.exe
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll
c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe
c:\program files\ESET\MiNODLogin\servidores.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-26 do 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-25 22:10 . 2010-06-28 20:57 38848 ----a-w- d:\windows\avastSS.scr
2010-07-25 08:56 . 2010-07-25 08:56 142592 ----a-w- d:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-25 08:56 . 2010-07-25 09:01 -------- d-----w- d:\program files\Spyware Terminator
2010-07-25 00:34 . 2010-07-25 00:18 15880 ----a-w- d:\windows\system32\lsdelete.exe
2010-07-24 19:07 . 2010-07-24 19:15 -------- d-----w- d:\program files\trend micro
2010-07-24 19:07 . 2010-07-24 19:07 -------- d-----w- D:\rsit
2010-07-24 17:19 . 2010-07-24 17:20 -------- d-----w- d:\documents and settings\NiiKUss\.android
2010-07-24 15:46 . 2010-07-24 15:46 -------- d-----w- d:\windows\lhsp
2010-07-24 15:46 . 2010-07-24 15:47 -------- d-----w- d:\windows\speech
2010-07-22 00:01 . 2006-09-26 21:21 21920 ----a-w- d:\windows\system32\drivers\ScreamingBAudio.sys
2010-07-22 00:01 . 2008-04-14 05:53 23552 ----a-w- d:\windows\system32\wdmaud.drv
2010-07-22 00:01 . 2008-04-13 20:15 49408 ----a-w- d:\windows\system32\drivers\stream.sys
2010-07-22 00:01 . 2008-04-13 20:49 146048 ----a-w- d:\windows\system32\drivers\portcls.sys
2010-07-22 00:01 . 2008-04-14 05:51 4096 ----a-w- d:\windows\system32\ksuser.dll
2010-07-22 00:01 . 2008-04-13 20:46 141056 ----a-w- d:\windows\system32\drivers\ks.sys
2010-07-22 00:01 . 2008-04-13 20:15 60160 ----a-w- d:\windows\system32\drivers\drmk.sys
2010-07-21 14:06 . 2010-07-24 15:31 -------- d-----w- D:\tools
2010-07-21 01:44 . 2010-07-21 02:08 -------- d-----w- d:\documents and settings\NiiKUss\.VirtualBox
2010-07-08 17:20 . 2010-07-08 17:20 -------- d-----w- d:\program files\sXe Injected
2010-07-05 11:46 . 2010-07-05 11:47 -------- dc-h--w- d:\windows\ie8
2010-07-04 09:21 . 2010-07-04 09:21 -------- d-----w- d:\windows\Simple Port Forwarding
2010-07-02 23:39 . 2010-07-02 23:39 -------- d-----w- d:\program files\MSXML 6.0
2010-07-02 23:29 . 2008-11-07 16:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-07-01 23:20 . 2010-07-01 23:20 -------- d-----w- d:\program files\Microsoft.NET
2010-07-01 20:17 . 2010-07-01 20:17 -------- d-----w- d:\program files\Common Files\Screaming Bee
2010-07-01 17:58 . 2010-07-01 17:58 -------- d-----w- d:\program files\Common Files\PCSuite
2010-07-01 17:58 . 2010-07-09 07:45 -------- d-----w- d:\program files\Common Files\Nokia
2010-07-01 17:56 . 2010-07-01 17:56 -------- d-----w- d:\program files\DIFX
2010-07-01 17:56 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-07-01 17:56 . 2010-07-01 17:56 -------- d-----w- d:\program files\PC Connectivity Solution
2010-07-01 17:55 . 2010-02-26 12:32 8192 ----a-w- d:\windows\system32\usbser_lowerfltj.sys
2010-07-01 17:55 . 2010-02-26 12:32 8192 ----a-w- d:\windows\system32\usbser_lowerflt.sys
2010-07-01 17:55 . 2010-02-26 12:32 22528 ----a-w- d:\windows\system32\drivers\ccdcmbo.sys
2010-07-01 17:55 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-07-01 17:55 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-07-01 17:55 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-07-01 17:55 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-06-30 23:19 . 2006-07-22 21:49 5376 ----a-w- d:\windows\system32\antiwpa.dll
2010-06-30 23:07 . 2010-06-30 23:07 -------- d-----w- d:\program files\Sun
2010-06-30 23:00 . 2010-06-30 23:00 -------- d-----w- d:\program files\Microsoft
2010-06-30 22:55 . 2010-06-30 23:15 -------- d-----w- d:\documents and settings\NiiKUss\.nbi
2010-06-28 21:22 . 2004-01-18 23:35 6656 ----a-w- d:\windows\system32\NVAPI.DLL
2010-06-28 17:38 . 2010-06-28 17:38 -------- d-----w- d:\program files\GSC World Publishing
2010-06-28 17:01 . 2010-06-28 17:01 -------- d-----w- d:\program files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 21:56 . 2001-10-25 14:00 600742 ----a-w- d:\windows\system32\perfh005.dat
2010-07-26 21:56 . 2001-10-25 14:00 128488 ----a-w- d:\windows\system32\perfc005.dat
2010-07-25 08:17 . 2010-02-06 21:35 -------- d-----w- d:\program files\Komunikace
2010-07-24 23:57 . 2010-06-10 16:14 -------- d-----w- d:\program files\Lavasoft
2010-07-24 14:05 . 2010-03-05 22:07 -------- d-----w- d:\program files\totalcmd
2010-07-22 02:00 . 2010-01-23 02:30 -------- d-----w- d:\program files\Steam
2010-07-04 18:21 . 2010-01-26 22:24 -------- d-----w- d:\program files\Common Files\Adobe
2010-07-02 23:29 . 2010-07-02 23:29 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-02 23:29 . 2010-07-02 23:29 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-30 23:06 . 2009-12-30 00:37 -------- d-----w- d:\program files\Java
2010-06-28 20:57 . 2010-04-10 22:47 165032 ----a-w- d:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-10 22:48 46672 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-10 22:48 165456 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-10 22:48 23376 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-10 22:48 100176 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-10 22:48 94544 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-10 22:48 17744 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-10 22:48 28880 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-06-28 20:23 . 2010-02-23 17:53 -------- d-----w- d:\program files\CCleaner
2010-06-25 14:01 . 2010-03-23 23:36 41936 ----a-w- d:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-25 14:01 . 2010-06-25 14:01 133648 ----a-w- d:\windows\system32\VBoxNetFltNotify.dll
2010-06-25 14:01 . 2010-06-25 14:01 111312 ----a-w- d:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-25 14:01 . 2010-03-23 23:36 142992 ----a-w- d:\windows\system32\drivers\VBoxDrv.sys
2010-06-25 14:01 . 2010-02-12 19:34 100496 ----a-w- d:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-24 18:46 . 2010-01-22 23:14 -------- d-----w- d:\program files\Microsoft Bootvis
2010-06-20 13:49 . 2010-03-28 19:18 -------- d-----w- d:\program files\IrfanView
2010-06-19 13:31 . 2010-03-10 18:14 273508 ---ha-w- d:\windows\system32\mlfcache.dat
2010-06-16 22:17 . 2010-06-16 22:17 95024 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-06-16 22:16 . 2010-06-10 16:30 64288 ----a-w- d:\windows\system32\drivers\Lbd.sys
2010-06-16 20:05 . 2010-06-16 20:05 -------- d-----w- d:\program files\Common Files\Skype
2010-06-10 16:20 . 2010-06-10 16:20 -------- d-----w- d:\program files\FCleaner
2010-06-10 15:46 . 2010-01-22 23:13 -------- d-----w- d:\program files\Smart PC Solutions
2010-06-10 15:39 . 2010-04-13 17:14 -------- d-----w- d:\program files\IObit
2010-06-10 14:38 . 2010-06-10 14:38 18944 ----a-w- d:\windows\system32\vbCPUInf.dll
2010-06-10 14:37 . 2010-06-10 14:37 -------- d-----w- d:\program files\CM Data Software
2010-06-10 14:37 . 2010-06-10 14:37 737280 ----a-w- d:\windows\iun6002.exe
2010-06-10 14:37 . 2010-06-10 14:37 -------- d-----w- d:\program files\Runtime Software
2010-06-10 14:34 . 2010-06-10 14:34 -------- d-----w- d:\program files\Recuva
2010-06-05 18:50 . 2010-05-02 10:31 -------- d-----w- d:\program files\AIMP2
2010-05-31 06:15 . 2010-05-31 06:15 -------- d-----w- d:\program files\Common Files\Adobe AIR
2010-05-30 22:17 . 2010-05-30 17:39 -------- d-----w- d:\program files\RegCleaner
2010-05-30 17:33 . 2010-05-30 17:33 -------- d-----w- d:\program files\ClearProg
2009-06-10 21:26 . 2010-02-13 22:13 9633792 --sha-r- d:\windows\Fonts\StaticCache.dat
.

------- Sigcheck -------

[-] 2004-05-13 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . d:\windows\system32\srsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-25_21.53.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 14:00 . 2010-07-26 21:56 607332 d:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-07-25 21:46 607332 d:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-07-26 21:56 110184 d:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-07-25 21:46 110184 d:\windows\system32\perfc009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-05-08 16:14 97816 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MirandaIM"="d:\program files\Komunikace\Miranda IM\miranda32.exe" [2009-12-14 696928]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoPopUpsOnBoot"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=d:\windows\pss\Bluetooth.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Privoxy.lnk]
backup=d:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Typle.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Typle.lnk
backup=d:\windows\pss\Typle.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^NiiKUss^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
backup=d:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-04 18:15 500208 ------w- d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- d:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-14 17:24 307200 ----a-r- d:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
2010-03-30 13:51 2436952 ----a-w- d:\program files\AutoHideIP\AutoHideIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- d:\progra~1\Alwil Software\Avast5\AvastUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ------w- d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-21 20:53 135664 ----atw- d:\documents and settings\NiiKUss\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- d:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2009-05-08 16:14 1116696 ----a-w- c:\program files\Nero\Nero 9\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 06:52 171008 ----a-w- d:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui]
2009-05-08 16:14 1593880 ----a-w- c:\program files\Nero\Nero 9\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- d:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-07-25 08:56 3037696 ----a-w- d:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13 61440 ----a-w- d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-09-14 10:57 1217808 ----a-w- d:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system34]
2010-03-17 19:06 624608 ----a-w- d:\windows\SoftwareProtection\systemvital.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Spooler"=3 (0x3)
"SCardSvr"=3 (0x3)
"napagent"=3 (0x3)
"RDSessMgr"=0 (0x0)
"PnkBstrB"=3 (0x3)
"PnkBstrA"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-06-10 64288]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;d:\windows\system32\drivers\nvcchflt.sys [2010-03-20 16640]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-04-11 165456]
R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [2010-06-17 95024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;d:\windows\system32\drivers\sp_rsdrv2.sys [2010-07-25 142592]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2010-03-24 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2010-03-24 41936]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-04-11 17744]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-07-20 504832]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-22 21920]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2010-02-12 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2010-06-25 111312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 esihdrv;esihdrv;\??\d:\docume~1\NiiKUss\LOCALS~1\Temp\esihdrv.sys --> d:\docume~1\NiiKUss\LOCALS~1\Temp\esihdrv.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-13 1352832]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2009-05-08 109080]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [2010-03-09 691696]

NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Obsah adresáře 'Naplánované úlohy'

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 1).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 2).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 3).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\Ad-Aware Update (Daily 4).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-04-13 00:18]

2010-07-25 d:\windows\Tasks\AdobeAAMUpdater-1.0-NIIKUSS-NiiKUss.job
- d:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-04 18:15]

2010-07-26 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 16:14]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
LSP: d:\windows\system32\LOILSP.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-MiNODLogin - c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 00:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,0a,07,fe,6b,3b,9b,47,97,97,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,0a,07,fe,6b,3b,9b,47,97,97,18,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="5A2D3B20AB5D8B345D72549F3286730738226A46016D6B13B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A9C6AECB7A5D1407453FF68D43E843BE3055479AF918FB7E791790DB0D500CF0D4AF04A350C556F967427B1C97F467D559B78B8E7082ED25391F6B322C9D0D88269BA31032F37046D4E19AF730BD400C61C85E7B8DCC5733EAE3538C37BB559F06372492B39FF9A680708627124DCC8A6DBACE539A32A00A0818D6E45FB9DA7063542FCC8CC6924CEB7FA7171935FC9EB500226A39F2A7AD9F2F3499A928075B4208A047C5EAD490B0651799F48736B788D14DFA5D543F4954E3E0ED6F1D3BE0392E0A6CBD14CBEEFA3FA3E1A7DC52EC47ABFEA14D9FADAA5C3285875C324AAA74E4328DA5CB77870A6B500708CF1D74E6CE146026A0AC43015CFE70F104F880B20D115B83A14D1FB40CD2084081D7AD703FA11CD628E9AA2266DC1805360554C74ED56FB0A8B39B600A95C35095389801C36E20248A0818B01A6450BE6D9CB7191262C4DA75868A0B0F38FD0AB1E659CA69F596A4211DEBB3058ED01A52E061A386C93A84A3979A448B0CE0940400B91200689245C73226C37707B169946B2BF69CD79383D329A1313219F7E9B995A6B19C290BC4DF466E12072FF151E34696B58C09F780A5F394887918B3DA882DB09516CE56B74E4B8DDE8C99F5CAF7F0C417CF8FF27B42A492199C796887A7BE0D3F0AA63485FAA6F08126908222885DFCE5A34F734352D959409BDDCEE8D13814C3D7AEC569D1B32C633390417854732A028B64CD0085A8CDF3399C82C8C6F9434C239A8EF445BEF3835A4AC2C11C8D5BDE4C1A382A0E19773B7C4106464BD83B175453F989498A22720521F747A67B448371734F90A2A502B4B009BA54A61EC1F4197255E0D6CC35595F2E37A6BD00B90C49A413530041BD8EE4676AB8A387BD4A5E48D006E8314EEFDABE3A4FAD51B7A5E31864E9E04D9E8D6C81428E13C43D925C5803D703D334852C52A187481C5E96986B0D1D8B23BB8ADEB251C548FB72D808DA648C27C751FC4D9D6EE5647EED3303EFB68BC38ED1F1168A8D201AC5AF3F9EBAD229DF1231CBFA8887D8DA8A5068FDAA72A6D6CEC043B149CDB4642F70FAA097100B38AD87FB36B1372289C98D34AF56B2B491190D929667CF6D87394FD4D14540E141092B2D44672B5352B4D62C7A5F4ECDC615DC89688F338B67590FAB3A4A6EB111851310AE3076581B3B7E758BE602E0CD5EFDE2961E7C9EEA7893EEA66287D1BE78DEEBC2420FECCC41794C4FC36CAF8185DD6FCCA7138FFD726625A67EDBEC672CD199900CD0A0541D6500F7FE1150BF8E93137FF145978F19B2E68EC0A184AB5FCF0A6E2E77D9A419"
"OODEFRAG12.00.00.01PROFESSIONAL"="A7D303A035304B5ABB2848AC9630C08947F7461FDDC5EBBE0E385A27AD7110E0DA1ABFA99BAC1D1DAB051E8DC42667C3AC20719BB39BB0A98A6C31E991B581A086725861AE0052FE6A76B1C452E601B5404B7ACF66CB1DF361A351EDE12C7CE0D105F5ED984A2863EC3EDF58C5F990F2E1F09347F76A1983812E605D3F10EEF8D71FD4BBB811B2B01CC118155B4D6F94E8B183CDA2EBE342CE041B25007F9BC32A2EC4F6203CD854D488E08C01B347B69F4D2574522B8B1D203E50F7AC80189E4C48AA161818D43C6840D3115BE0197BC2ABE5112767F688BF9E64CC03F8CD6DB5A4FD4E18D435DDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A9C6AECB7A5D1407B12CDE6DF49652A51D90EA34A712B4D67474F50F37B89C774915788C1BBF1DAE8B65DA356AC79E6D65F3394A2688CBAFE9EDF0144998C8590D20873E303EBA16779851C9C951A1D01A4DF98A1F2DFE40A3D8D133A9345276B6C36E78F1E3DB89F7DD1D3987723B4C6A2C1F43C5095292205F3D1E677D8209AF622AEB6C2AB1170470AD544DD0235E7B44AB877D0AA3384FCE6CC74649FBD1D502460EE170C051873087B17A706288E3ED38AD64FD1F449616AC683DD0B117FA4C669845F8E0CB619DBFAD9EBFD6D230A471D2C71C484C4F4CDF7DF732E9A06690400840694022E36103E27F8B33466089965528F975EE4628FAC5D56E42BAD03E1F9D2E4D5F70D6458FB61889FBF2E85EFDD7BE96534ABB8887C4EAEAA9B6E86CDF5E201292D9F4B9BA4D13CF0B6B310D8DC1F551DE82666DA144FEF064E8D0D57514D98A83826D506911D5D98EC59520C23EE96EEABEEDFAFC500C2F09A91ED666CBD5ED2D1563BF18B0F286889BE6482EBC6F151FAB6F7B5C38C3B485D5DA724DD5BED4E2BF6C64569D359A4E0FE758F2EF0CD376777CDB1A110879974E06CD58C875BFC632963C478F99BC893ED04A4B4FFA1ABDD61A2CA232F054D37811B3C7FB0F0F53235DE9A17E52F839D34E3881962ABC9A80C02179384A05223BE012740E540B55CDB635B02A44BE2DF700E1F6C3BB7381B15D94310213AABD8351F9C7DE40DBEBEC0808D394095F8CD9F92C9F1B865C3E29D10374B5FE4DB7442EA1BF1585128E45AD71FE04ED94D0ACC31F83A296F4EF2AF28C01BA7654F1EEBCE26F99879F831AF326B881757848275A66402628A387FC0978A73C930DA5FE30BB7B98DD5A6835A0F91D5B540C13032D518334AE314EEC52ACCD2C262A5E6FB3CDA004D5FC2F65EAE95B25F330A8FEA154932151485DC97E376BBC33C0FAC0E45FAA1071251AFBFB153534722E52DF8D07C8046AF924E6B4CA0FE76FC9B078D65A7D37E256454EF33C032221B1ADE8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1000)
d:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-07-27 00:05:03
ComboFix-quarantined-files.txt 2010-07-26 22:04
ComboFix2.txt 2010-07-25 21:54

Před spuštěním: 992,448,512
Po spuštění: 981,962,752

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - A2093053EFC4881092E029C773C70B11

#8 Příspěvek od **Roli** » 27 črc 2010 21:04

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu