"seknutný" pravý alt teď už i CTRL

[vospunt]

Dobrý den,
prosím Vás, když se hýbu v textu šipkama tak to přeskakuje po slově ( stisknutý ctrl ) ale nemám ho stisknutý jakoby sám se občas držel a někdy se mi sám stiskne pravý alt že klávesnice píše znaky
prosím jaký mám dát test na co byste se mi mohli podívat. jo a občas mi vynechává klávesnice ale to a ode dneška. prosím o rychlé řešení.
velice děkuji

[Rudy]

Nejdřív bych doporučil na zkoušku použít jinou klávesnici.

[vospunt]

to jsem už zkoušel ...
jde o notebook a jako druhou klávesnici jsem zkusil bezdrátovou

[Rudy]

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[vospunt]

oba odkazy ke stažení mi nefungují.... nemohli byste to dát někam kde bych to mohl rozjet?

mám windows xp sp3

[vospunt]

dobrý už jsem ho našel na netu:
jo a něco se mi ntb zpomalil ... načítá pomalu složky i www stránky


Logfile of random's system information tool 1.06 (written by random/random)
Run by vospunt at 2010-08-16 16:39:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 16 GB (27%) free of 60 GB
Total RAM: 2038 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:50, on 16.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\vospunt\Plocha\RSIT.exe
D:\Program Files\trend micro\vospunt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.giga-music.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - D:\Program Files\Rightdown Software SearchBar\rssb.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snp2std] D:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6705646671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6705756046
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6549 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1390067357-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1390067357-839522115-1003UA.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{E3B0378E-AAF7-41C5-A46E-851A18A138BB}.job
D:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-25 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - Rightdown Software SearchBar - D:\Program Files\Rightdown Software SearchBar\rssb.dll [2008-12-18 317440]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"igfxtray"=D:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=D:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=D:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ISUSPM Startup"=D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"snp2std"=D:\WINDOWS\vsnp2std.exe [2006-09-15 675840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-09-02 205256]
"Google Update"=D:\Documents and Settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Miranda IM\miranda32.exe"="D:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Google\Google Earth\plugin\geplugin.exe"="D:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe"="D:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe:*:Enabled:CS 1.8 Goiceasoft"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\TeamViewer\Version5\TeamViewer.exe"="D:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\WaterProof\PHPEdit\3.6.0\PHPEdit.exe"="D:\Program Files\WaterProof\PHPEdit\3.6.0\PHPEdit.exe:*:Enabled:PHPEdit"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{362ed640-8037-11df-afae-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d69ee88-7926-11df-af8f-001e370e58a3}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9ef255-7f9e-11df-afad-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9ef256-7f9e-11df-afad-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9ef25b-7f9e-11df-afad-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a115c20-7dcf-11df-afa8-002127cc9828}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97123e82-8042-11df-afaf-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37cdc75-a7e2-11df-afda-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba2de4f8-7c5a-11df-afa4-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3ef9fe0-8fd4-11df-afc4-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3ef9fe6-8fd4-11df-afc4-001e370e58a3}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f49e9bfc-7e9c-11df-afa9-002127cc9828}]
shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======File associations======

.js - edit -
.js - open - "D:\Program Files\WaterProof\PHPEdit\3.6.0\PHPEdit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-08-16 16:39:04 ----D---- D:\rsit
2010-08-16 16:39:04 ----D---- D:\Program Files\trend micro
2010-08-16 16:28:48 ----D---- D:\WINDOWS\ERDNT
2010-08-16 16:28:48 ----D---- D:\Qoobox
2010-08-16 16:28:47 ----D---- D:\ComboFix
2010-08-16 16:28:47 ----A---- D:\WINDOWS\system32\CF29749.exe
2010-08-16 10:28:08 ----A---- D:\WINDOWS\SGDetectionTool.dll0820.old
2010-08-16 10:28:08 ----A---- D:\WINDOWS\PCTBDCore.dll0820.old
2010-08-16 10:28:08 ----A---- D:\WINDOWS\BDTSupport.dll0820.old
2010-08-16 10:27:47 ----D---- D:\Program Files\Common Files\PC Tools
2010-08-15 15:45:58 ----D---- D:\totalcmd
2010-08-15 12:11:18 ----A---- D:\WINDOWS\system32\TUProgSt.exe
2010-08-15 12:11:16 ----A---- D:\WINDOWS\system32\uxtuneup.dll
2010-08-15 12:11:15 ----A---- D:\WINDOWS\system32\TuneUpDefragService.exe
2010-08-14 13:54:09 ----D---- D:\Program Files\HYPERMAX
2010-08-14 10:27:32 ----D---- D:\Program Files\IObit
2010-08-11 02:01:31 ----D---- D:\Program Files\NVIDIA Corporation
2010-08-11 02:01:21 ----A---- D:\WINDOWS\system32\XAudio2_7.dll
2010-08-11 02:01:21 ----A---- D:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-11 02:01:21 ----A---- D:\WINDOWS\system32\xactengine3_7.dll
2010-08-11 02:01:21 ----A---- D:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-11 02:01:20 ----A---- D:\WINDOWS\system32\D3DX9_43.dll
2010-08-11 02:01:20 ----A---- D:\WINDOWS\system32\d3dx11_43.dll
2010-08-11 02:01:20 ----A---- D:\WINDOWS\system32\d3dx10_43.dll
2010-08-11 02:01:20 ----A---- D:\WINDOWS\system32\d3dcsx_43.dll
2010-08-11 02:01:19 ----A---- D:\WINDOWS\system32\XAudio2_6.dll
2010-08-11 02:01:19 ----A---- D:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-11 02:01:19 ----A---- D:\WINDOWS\system32\xactengine3_6.dll
2010-08-11 02:01:19 ----A---- D:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-11 02:01:18 ----A---- D:\WINDOWS\system32\XAudio2_5.dll
2010-08-11 02:01:18 ----A---- D:\WINDOWS\system32\xactengine3_5.dll
2010-08-11 02:01:17 ----A---- D:\WINDOWS\system32\d3dcsx_42.dll
2010-08-11 02:01:17 ----A---- D:\WINDOWS\system32\D3DCompiler_42.dll
2010-08-11 02:01:16 ----A---- D:\WINDOWS\system32\d3dx11_42.dll
2010-08-11 02:01:16 ----A---- D:\WINDOWS\system32\d3dx10_42.dll
2010-08-11 02:01:15 ----A---- D:\WINDOWS\system32\D3DX9_42.dll
2010-08-11 02:01:15 ----A---- D:\WINDOWS\system32\D3DX9_41.dll
2010-08-11 02:01:15 ----A---- D:\WINDOWS\system32\d3dx10_41.dll
2010-08-11 02:01:15 ----A---- D:\WINDOWS\system32\D3DCompiler_41.dll
2010-08-11 02:01:14 ----A---- D:\WINDOWS\system32\XAudio2_4.dll
2010-08-11 02:01:14 ----A---- D:\WINDOWS\system32\XAPOFX1_3.dll
2010-08-11 02:01:14 ----A---- D:\WINDOWS\system32\xactengine3_4.dll
2010-08-11 02:01:13 ----A---- D:\WINDOWS\system32\X3DAudio1_6.dll
2010-08-11 02:01:13 ----A---- D:\WINDOWS\system32\D3DX9_40.dll
2010-08-11 02:01:13 ----A---- D:\WINDOWS\system32\d3dx10_40.dll
2010-08-11 02:01:13 ----A---- D:\WINDOWS\system32\D3DCompiler_40.dll
2010-08-11 02:01:12 ----A---- D:\WINDOWS\system32\XAudio2_3.dll
2010-08-11 02:01:12 ----A---- D:\WINDOWS\system32\XAPOFX1_2.dll
2010-08-11 02:01:12 ----A---- D:\WINDOWS\system32\xactengine3_3.dll
2010-08-11 02:01:11 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2010-08-11 02:01:11 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2010-08-11 02:01:11 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2010-08-11 02:01:11 ----A---- D:\WINDOWS\system32\X3DAudio1_5.dll
2010-08-11 02:01:10 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2010-08-11 02:01:10 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2010-08-11 02:01:10 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2010-08-11 02:01:09 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2010-08-11 02:01:09 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2010-08-11 02:01:09 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2010-08-11 02:01:08 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2010-08-11 02:01:08 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2010-08-11 02:01:08 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2010-08-11 02:01:08 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2010-08-11 02:00:23 ----D---- D:\WINDOWS\Logs
2010-07-26 18:09:25 ----A---- D:\WINDOWS\wincmd.ini
2010-07-21 20:26:24 ----D---- D:\Documents and Settings\All Users\Data aplikací\hide cool shim link
2010-07-21 20:25:09 ----D---- D:\Program Files\WinZix
2010-07-21 20:00:11 ----D---- D:\Program Files\Postal2
2010-07-21 19:24:01 ----A---- D:\WINDOWS\unvise32.exe
2010-07-20 00:09:59 ----D---- D:\Program Files\Jurosoft
2010-07-20 00:06:08 ----HD---- D:\WINDOWS\PIF
2010-07-19 07:33:21 ----D---- D:\Documents and Settings\vospunt\Data aplikací\XnView
2010-07-19 07:33:13 ----D---- D:\Program Files\XnView
2010-07-18 20:01:05 ----A---- D:\WINDOWS\system32\vfwwdm32.dll
2010-07-18 20:00:53 ----A---- D:\WINDOWS\WindowsXP-KB822603-x86.exe
2010-07-18 20:00:53 ----A---- D:\WINDOWS\amcap.exe
2010-07-18 20:00:52 ----A---- D:\WINDOWS\vsnp2std.exe
2010-07-18 20:00:52 ----A---- D:\WINDOWS\snp2std.ini
2010-07-18 20:00:49 ----A---- D:\WINDOWS\system32\vsnp2std.dll
2010-07-18 20:00:49 ----A---- D:\WINDOWS\system32\rsnp2std.dll
2010-07-18 20:00:48 ----D---- D:\Program Files\Common Files\snp2std
2010-07-18 20:00:48 ----A---- D:\WINDOWS\system32\csnp2std.dll
2010-07-18 20:00:39 ----D---- D:\Documents and Settings\vospunt\Data aplikací\InstallShield
2010-07-18 06:51:06 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2010-07-17 16:12:52 ----D---- D:\Program Files\Mozilla Firefox
2010-07-17 11:58:15 ----D---- D:\Program Files\Microsoft Virtual PC
2010-07-17 11:48:41 ----D---- D:\Program Files\3D-Fahrschule

======List of files/folders modified in the last 1 months======

2010-08-16 16:39:10 ----D---- D:\WINDOWS\Temp
2010-08-16 16:39:04 ----RD---- D:\Program Files
2010-08-16 16:28:49 ----D---- D:\WINDOWS\system32\CatRoot2
2010-08-16 16:28:48 ----D---- D:\WINDOWS\system32
2010-08-16 16:28:48 ----D---- D:\WINDOWS
2010-08-16 10:36:20 ----AD---- D:\Documents and Settings\All Users\Data aplikací\TEMP
2010-08-16 10:36:12 ----D---- D:\Program Files\Spyware Doctor
2010-08-16 10:36:10 ----D---- D:\WINDOWS\system32\drivers
2010-08-16 10:27:47 ----D---- D:\Program Files\Common Files
2010-08-16 10:05:15 ----D---- D:\Program Files\Mozilla Thunderbird
2010-08-16 08:29:40 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-08-16 08:27:43 ----HD---- D:\WINDOWS\inf
2010-08-16 07:58:36 ----D---- D:\Documents and Settings\vospunt\Data aplikací\Skype
2010-08-15 19:02:56 ----D---- D:\Program Files\Zoom Player
2010-08-15 16:44:30 ----SD---- D:\WINDOWS\Tasks
2010-08-15 16:40:25 ----D---- D:\Documents and Settings\vospunt\Data aplikací\skypePM
2010-08-15 16:24:45 ----HD---- D:\Program Files\InstallShield Installation Information
2010-08-15 12:14:56 ----SHD---- D:\System Volume Information
2010-08-15 12:14:56 ----D---- D:\WINDOWS\system32\Restore
2010-08-15 12:14:52 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-08-15 12:14:47 ----D---- D:\WINDOWS\system32\CatRoot
2010-08-15 12:12:34 ----A---- D:\WINDOWS\BRWMARK.INI
2010-08-15 12:12:34 ----A---- D:\WINDOWS\BRPP2KA.INI
2010-08-15 12:12:04 ----D---- D:\Program Files\TuneUp Utilities 2009
2010-08-15 12:11:20 ----SHD---- D:\WINDOWS\Installer
2010-08-14 13:57:36 ----D---- D:\WINDOWS\Prefetch
2010-08-14 11:35:58 ----D---- D:\Documents and Settings\vospunt\Data aplikací\IObit
2010-08-14 11:35:03 ----D---- D:\WINDOWS\system32\config
2010-08-14 11:35:03 ----D---- D:\Documents and Settings\vospunt\Data aplikací\TeamViewer
2010-08-14 11:35:01 ----D---- D:\WINDOWS\security
2010-08-14 11:34:23 ----D---- D:\Documents and Settings\vospunt\Data aplikací\uTorrent
2010-08-13 17:17:54 ----D---- D:\Documents and Settings\vospunt\Data aplikací\FileZilla
2010-08-11 02:11:20 ----D---- D:\WINDOWS\Minidump
2010-08-11 02:01:23 ----D---- D:\WINDOWS\system32\DirectX
2010-08-11 02:00:55 ----RSD---- D:\WINDOWS\assembly
2010-08-04 19:17:05 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2010-07-31 08:02:25 ----D---- D:\Program Files\uTorrent
2010-07-25 12:26:21 ----A---- D:\WINDOWS\AviSplitter.INI
2010-07-24 15:42:14 ----SD---- D:\Documents and Settings\vospunt\Data aplikací\Microsoft
2010-07-24 09:51:42 ----D---- D:\WINDOWS\WinSxS
2010-07-22 08:45:51 ----RSD---- D:\WINDOWS\Fonts
2010-07-18 20:01:43 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-07-18 20:00:53 ----A---- D:\WINDOWS\win.ini
2010-07-18 20:00:52 ----D---- D:\WINDOWS\twain_32
2010-07-17 16:13:22 ----D---- D:\Documents and Settings\vospunt\Data aplikací\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; D:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 vmm;Virtual Machine Monitor; \??\D:\WINDOWS\system32\Drivers\vmm.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; D:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 BthEnum;Služba Bluetooth Enumerator; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Microsoft AC Adapter Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EMSCR;EMSCR; D:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-03-23 61056]
R3 ESDCR;ESDCR; D:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-03-23 37888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 seehcri;Sony Ericsson seehcri Device Driver; D:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-06-24 27632]
R3 sffdisk;Ovladač třídy úložiště SFF; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; D:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; D:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-03-15 244608]
S3 a3z5oq7v;a3z5oq7v; D:\WINDOWS\system32\drivers\a3z5oq7v.sys []
S3 BTHPORT;Ovladač portu Bluetooth; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ggflt;SEMC USB Flash Driver Filter; D:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-06-24 13224]
S3 ggsemc;SEMC USB Flash Driver; D:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-06-24 25512]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RT73;TL-WN321G USB Wireless Adapter; D:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); D:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); D:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); D:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); D:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-06-25 153376]
R2 NwSapAgent;Agent SAP; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 OMSI download service;Sony Ericsson OMSI download service; D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-07-03 75064]
R2 SSHNAS;SSHNAS; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; D:\WINDOWS\System32\TUProgSt.exe [2010-08-15 603904]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\WINDOWS\System32\TuneUpDefragService.exe [2010-08-15 360192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vospunt]

nefunguje mi ALT+TAB nefunguje WinKey..... půjde to opravit? nebo musím reinstalovat okna?

[vospunt]

jéé možná to není registrama ale virem..nainstaloval jsem si teď norton 2010 na zkoušku a našel mi nějakej soubor odstranil a zatím to pracuje jak má ale pro jistotu mohl byste se mi prosím podívat na ten výpis? děkuji moc

[Rudy]

Máte to dost slušně zasviněné. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[vospunt]

ComboFix 10-08-16.01 - vospunt 16.08.2010 23:20:56.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1557 [GMT 2:00]
Spuštěný z: d:\documents and settings\vospunt\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\Rightdown Software SearchBar\rsSB.dll
d:\windows\system32\sshnas21.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-16 do 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-16 18:51 . 2010-08-16 18:52 -------- d-----w- d:\program files\Common Files\Adobe
2010-08-16 17:24 . 2010-08-16 17:31 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-08-16 17:24 . 2010-08-16 17:24 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2010-08-16 17:24 . 2010-08-16 17:24 124976 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Symantec
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\windows\system32\drivers\NIS
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Norton Internet Security
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Windows Sidebar
2010-08-16 17:23 . 2010-08-16 17:23 -------- d-----w- d:\program files\NortonInstaller
2010-08-16 14:39 . 2010-08-16 14:39 -------- d-----w- d:\program files\trend micro
2010-08-16 14:39 . 2010-08-16 14:39 -------- d-----w- D:\rsit
2010-08-16 14:28 . 2010-08-16 14:28 390144 ----a-w- d:\windows\system32\CF29749.exe
2010-08-15 13:45 . 2010-08-15 13:46 -------- d-----w- D:\totalcmd
2010-08-15 10:11 . 2010-08-15 10:11 603904 ----a-w- d:\windows\system32\TUProgSt.exe
2010-08-15 10:11 . 2008-12-11 11:31 27904 ----a-w- d:\windows\system32\uxtuneup.dll
2010-08-15 10:11 . 2010-08-15 10:11 360192 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2010-08-14 11:54 . 2010-08-14 11:54 -------- d-----w- d:\program files\HYPERMAX
2010-08-14 08:27 . 2010-08-14 11:25 -------- d-----w- d:\program files\IObit
2010-08-11 00:00 . 2010-08-11 00:00 -------- d-----w- d:\windows\Logs
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\UC.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\RAR.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\PKZIP.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\LHA.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\ARJ.PIF
2010-07-21 22:32 . 2010-07-22 20:08 76536 ----a-w- d:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-21 18:00 . 2010-07-21 18:00 -------- d-----w- d:\program files\Postal2
2010-07-21 17:24 . 1999-12-17 06:13 86016 ----a-w- d:\windows\unvise32.exe
2010-07-19 22:09 . 2010-07-19 22:28 -------- d-----w- d:\program files\Jurosoft
2010-07-19 22:06 . 2010-07-19 22:06 -------- d--h--w- d:\windows\PIF
2010-07-19 05:33 . 2010-07-19 05:33 -------- d-----w- d:\program files\XnView
2010-07-18 18:00 . 2006-07-03 08:31 94208 ----a-w- d:\windows\amcap.exe
2010-07-18 18:00 . 2005-01-26 13:45 349472 ----a-w- d:\windows\WindowsXP-KB822603-x86.exe
2010-07-18 18:00 . 2006-09-15 11:21 675840 ----a-w- d:\windows\vsnp2std.exe
2010-07-18 18:00 . 2007-01-25 16:48 25472 ----a-w- d:\windows\system32\drivers\sncamd.sys
2010-07-18 18:00 . 2007-04-09 09:38 12039552 ----a-w- d:\windows\system32\drivers\snp2sxp.sys
2010-07-18 18:00 . 2007-03-29 14:04 249856 ----a-w- d:\windows\system32\vsnp2std.dll
2010-07-18 18:00 . 2006-10-12 15:21 151552 ----a-w- d:\windows\system32\rsnp2std.dll
2010-07-18 18:00 . 2010-07-18 18:00 -------- d-----w- d:\program files\Common Files\snp2std
2010-07-18 18:00 . 2006-11-16 13:57 77824 ----a-w- d:\windows\system32\csnp2std.dll
2010-07-18 04:51 . 2010-07-18 04:51 98304 ----a-w- d:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 21:24 . 2010-06-22 08:43 -------- d-----w- d:\program files\Rightdown Software SearchBar
2010-08-16 19:33 . 2010-06-16 18:22 -------- d-----w- d:\program files\Mozilla Thunderbird
2010-08-16 17:35 . 2010-06-16 20:14 -------- d-----w- d:\program files\Spyware Doctor
2010-08-16 17:24 . 2010-08-16 17:24 805 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2010-08-16 17:24 . 2010-08-16 17:24 7443 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2010-08-15 17:02 . 2010-06-21 17:55 -------- d-----w- d:\program files\Zoom Player
2010-08-15 14:24 . 2010-06-16 08:08 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-08-15 10:14 . 2001-10-25 14:00 498030 ----a-w- d:\windows\system32\perfh005.dat
2010-08-15 10:14 . 2001-10-25 14:00 102880 ----a-w- d:\windows\system32\perfc005.dat
2010-08-15 10:12 . 2010-06-22 07:31 -------- d-----w- d:\program files\TuneUp Utilities 2009
2010-08-11 00:01 . 2010-08-11 00:01 -------- d-----w- d:\program files\NVIDIA Corporation
2010-08-04 17:17 . 2010-07-03 18:16 138328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-08-04 17:17 . 2010-07-03 18:16 214816 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-07-31 06:02 . 2010-06-22 18:02 -------- d-----w- d:\program files\uTorrent
2010-07-17 09:58 . 2010-07-17 09:58 -------- d-----w- d:\program files\Microsoft Virtual PC
2010-07-17 09:53 . 2010-07-17 09:48 -------- d-----w- d:\program files\3D-Fahrschule
2010-07-13 17:48 . 2010-07-13 17:48 -------- d-----w- d:\program files\Lavalys
2010-07-13 07:37 . 2010-07-13 07:37 -------- d-----w- d:\program files\FreeTime
2010-07-11 22:04 . 2010-06-23 19:20 -------- d-----r- d:\program files\Skype
2010-07-11 08:26 . 2010-07-11 08:26 -------- d-----w- d:\program files\Common Files\Corel
2010-07-11 08:26 . 2010-06-16 08:03 -------- d-----w- d:\program files\Common Files\InstallShield
2010-07-11 08:26 . 2010-07-11 08:26 -------- d-----w- d:\program files\Corel
2010-07-04 20:17 . 2010-07-04 20:16 -------- d-----w- d:\program files\Opera
2010-07-03 18:16 . 2010-07-03 18:16 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-07-03 18:01 . 2010-07-03 14:24 -------- d-----w- d:\program files\Wolfenstein - Enemy Territory
2010-07-03 10:26 . 2010-07-03 10:26 -------- d-----w- d:\program files\Atari
2010-07-03 10:23 . 2010-07-03 10:23 -------- d-----w- d:\program files\SystemRequirementsLab
2010-07-01 18:05 . 2010-07-01 18:05 -------- d-----w- d:\program files\Trellian
2010-07-01 08:03 . 2010-07-01 07:54 -------- d-----w- d:\program files\CoffeeCup Software
2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- d:\program files\TeamViewer
2010-06-25 19:48 . 2010-06-25 19:48 -------- d-----w- d:\program files\Common Files\Java
2010-06-25 19:48 . 2010-06-25 19:48 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-06-25 19:48 . 2010-06-25 19:48 -------- d-----w- d:\program files\Java
2010-06-25 19:35 . 2010-06-25 19:35 -------- d-----w- d:\program files\FileZilla FTP Client
2010-06-24 20:18 . 2010-06-24 09:02 -------- d-----w- d:\program files\Sony Ericsson
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-06-24 09:03 . 2010-06-24 09:03 27632 ----a-w- d:\windows\system32\drivers\seehcri.sys
2010-06-24 09:03 . 2010-06-24 09:03 25512 ----a-w- d:\windows\system32\drivers\ggsemc.sys
2010-06-24 09:03 . 2010-06-24 09:03 13224 ----a-w- d:\windows\system32\drivers\ggflt.sys
2010-06-24 09:03 . 2010-06-24 09:03 1112288 ----a-w- d:\windows\system32\WdfCoInstaller01007.dll
2010-06-23 19:21 . 2010-06-23 19:21 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-06-23 19:20 . 2010-06-23 19:20 -------- d-----w- d:\program files\Common Files\Skype
2010-06-23 19:14 . 2010-06-23 19:14 -------- d-----w- d:\program files\ESET
2010-06-22 19:27 . 2010-06-22 19:27 30 ----a-w- d:\windows\mscpt.dat
2010-06-22 19:27 . 2010-06-22 19:27 -------- d-----w- d:\program files\TLKGAMES
2010-06-22 08:44 . 2010-06-22 08:43 -------- d-----w- d:\program files\3D Chess
2010-06-22 07:29 . 2010-06-22 07:29 -------- d-----w- d:\program files\CCleaner
2010-06-20 17:25 . 2010-06-20 17:25 -------- d-----w- d:\program files\Goiceasoft Studios
2010-06-20 14:51 . 2010-06-20 14:50 -------- d-----w- d:\program files\Google
2010-06-19 15:08 . 2010-06-19 15:08 -------- d-----w- d:\program files\Microsoft.NET
2010-06-18 12:12 . 2010-06-16 07:53 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-18 12:12 . 2010-06-16 07:53 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-18 12:10 . 2010-06-16 07:53 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-16 18:22 . 2010-06-16 18:22 0 -c--a-w- d:\windows\nsreg.dat
2010-06-16 09:04 . 2010-06-16 09:04 717296 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-06-16 08:08 . 2010-06-16 08:08 737280 ----a-w- d:\windows\iun6002.exe
2010-06-16 07:50 . 2010-06-16 07:50 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-02 02:55 . 2010-08-11 00:01 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-11 00:01 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-11 00:01 239960 ----a-w- d:\windows\system32\xactengine3_7.dll
2010-05-26 09:41 . 2010-08-11 00:01 2106216 ----a-w- d:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 470880 ----a-w- d:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 248672 ----a-w- d:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 1998168 ----a-w- d:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 1868128 ----a-w- d:\windows\system32\d3dcsx_43.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"Google Update"="d:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp2std"="d:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\WaterProof\\PHPEdit\\3.6.0\\PHPEdit.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5339:TCP"= 5339:TCP:faoezfkf

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1105000.07F\SymDS.sys [16.8.2010 19:24 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1105000.07F\SymEFA.sys [16.8.2010 19:24 172592]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [19.7.2010 23:30 692272]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [16.8.2010 19:24 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1105000.07F\Ironx86.sys [16.8.2010 19:24 116272]
R2 NIS;Norton Internet Security;d:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [16.8.2010 19:24 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.6.2010 11:03 90112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.8.2010 22:45 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100813.004\IDSXpx86.sys [16.8.2010 22:46 331640]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [24.6.2010 11:03 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [20.6.2010 16:50 136176]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [24.6.2010 11:03 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [24.6.2010 11:03 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [24.6.2010 11:03 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [24.6.2010 11:03 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [24.6.2010 11:03 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [24.6.2010 11:03 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [24.6.2010 11:03 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [24.6.2010 11:03 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [16.6.2010 11:04 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
fyagon
.
Obsah adresáře 'Naplánované úlohy'

2010-08-16 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-08-16 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 08:23]

2010-08-16 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 08:23]

2010-08-16 d:\windows\Tasks\User_Feed_Synchronization-{E3B0378E-AAF7-41C5-A46E-851A18A138BB}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-08-16 d:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.giga-music.net/
FF - ProfilePath - d:\documents and settings\vospunt\Data aplikací\Mozilla\Firefox\Profiles\1z0lc7i0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.giga-music.net/
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 23:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"d:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"d:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(612)
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Microsoft Virtual PC\VPCShExH.DLL
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\rundll32.exe
d:\windows\RTHDCPL.EXE
d:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
d:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-08-16 23:30:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-16 21:30

Před spuštěním: Volných bajtů: 16 422 813 696
Po spuštění: Volných bajtů: 16 324 022 272

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 82AB6596972ADF1E439A8C85EEA2B7E3

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[vospunt]

tohle je log co mi to vyhodilo pro provedení příkazu:


ComboFix 10-08-16.01 - vospunt 17.08.2010 15:19:27.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1485 [GMT 2:00]
Spuštěný z: d:\documents and settings\vospunt\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\vospunt\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-17 do 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-16 18:51 . 2010-08-16 18:52 -------- d-----w- d:\program files\Common Files\Adobe
2010-08-16 17:24 . 2010-08-16 17:31 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-08-16 17:24 . 2010-08-16 17:24 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2010-08-16 17:24 . 2010-08-16 17:24 124976 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Symantec
2010-08-16 17:24 . 2010-08-17 06:06 -------- d-----w- d:\windows\system32\drivers\NIS
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Norton Internet Security
2010-08-16 17:24 . 2010-08-16 17:24 -------- d-----w- d:\program files\Windows Sidebar
2010-08-16 17:23 . 2010-08-16 17:23 -------- d-----w- d:\program files\NortonInstaller
2010-08-16 14:39 . 2010-08-16 14:39 -------- d-----w- d:\program files\trend micro
2010-08-16 14:39 . 2010-08-16 14:39 -------- d-----w- D:\rsit
2010-08-16 14:28 . 2010-08-16 14:28 390144 ----a-w- d:\windows\system32\CF29749.exe
2010-08-15 13:45 . 2010-08-15 13:46 -------- d-----w- D:\totalcmd
2010-08-15 10:11 . 2010-08-15 10:11 603904 ----a-w- d:\windows\system32\TUProgSt.exe
2010-08-15 10:11 . 2008-12-11 11:31 27904 ----a-w- d:\windows\system32\uxtuneup.dll
2010-08-15 10:11 . 2010-08-15 10:11 360192 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2010-08-14 11:54 . 2010-08-14 11:54 -------- d-----w- d:\program files\HYPERMAX
2010-08-14 08:27 . 2010-08-14 11:25 -------- d-----w- d:\program files\IObit
2010-08-11 00:00 . 2010-08-11 00:00 -------- d-----w- d:\windows\Logs
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\UC.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\RAR.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\PKZIP.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\PKUNZIP.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\NOCLOSE.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\LHA.PIF
2010-07-26 16:09 . 2007-06-21 05:01 545 ----a-w- d:\windows\ARJ.PIF
2010-07-21 22:32 . 2010-07-22 20:08 76536 ----a-w- d:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-21 18:00 . 2010-07-21 18:00 -------- d-----w- d:\program files\Postal2
2010-07-21 17:24 . 1999-12-17 06:13 86016 ----a-w- d:\windows\unvise32.exe
2010-07-19 22:09 . 2010-07-19 22:28 -------- d-----w- d:\program files\Jurosoft
2010-07-19 22:06 . 2010-07-19 22:06 -------- d--h--w- d:\windows\PIF
2010-07-19 05:33 . 2010-07-19 05:33 -------- d-----w- d:\program files\XnView
2010-07-18 18:00 . 2006-07-03 08:31 94208 ----a-w- d:\windows\amcap.exe
2010-07-18 18:00 . 2005-01-26 13:45 349472 ----a-w- d:\windows\WindowsXP-KB822603-x86.exe
2010-07-18 18:00 . 2006-09-15 11:21 675840 ----a-w- d:\windows\vsnp2std.exe
2010-07-18 18:00 . 2007-01-25 16:48 25472 ----a-w- d:\windows\system32\drivers\sncamd.sys
2010-07-18 18:00 . 2007-04-09 09:38 12039552 ----a-w- d:\windows\system32\drivers\snp2sxp.sys
2010-07-18 18:00 . 2007-03-29 14:04 249856 ----a-w- d:\windows\system32\vsnp2std.dll
2010-07-18 18:00 . 2006-10-12 15:21 151552 ----a-w- d:\windows\system32\rsnp2std.dll
2010-07-18 18:00 . 2010-07-18 18:00 -------- d-----w- d:\program files\Common Files\snp2std
2010-07-18 18:00 . 2006-11-16 13:57 77824 ----a-w- d:\windows\system32\csnp2std.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 06:06 . 2010-06-16 18:22 -------- d-----w- d:\program files\Mozilla Thunderbird
2010-08-16 21:24 . 2010-06-22 08:43 -------- d-----w- d:\program files\Rightdown Software SearchBar
2010-08-16 17:35 . 2010-06-16 20:14 -------- d-----w- d:\program files\Spyware Doctor
2010-08-16 17:24 . 2010-08-16 17:24 805 ----a-w- d:\windows\system32\drivers\SYMEVENT.INF
2010-08-16 17:24 . 2010-08-16 17:24 7443 ----a-w- d:\windows\system32\drivers\SYMEVENT.CAT
2010-08-15 17:02 . 2010-06-21 17:55 -------- d-----w- d:\program files\Zoom Player
2010-08-15 14:24 . 2010-06-16 08:08 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-08-15 10:14 . 2001-10-25 14:00 498030 ----a-w- d:\windows\system32\perfh005.dat
2010-08-15 10:14 . 2001-10-25 14:00 102880 ----a-w- d:\windows\system32\perfc005.dat
2010-08-15 10:12 . 2010-06-22 07:31 -------- d-----w- d:\program files\TuneUp Utilities 2009
2010-08-11 00:01 . 2010-08-11 00:01 -------- d-----w- d:\program files\NVIDIA Corporation
2010-08-04 17:17 . 2010-07-03 18:16 138328 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-08-04 17:17 . 2010-07-03 18:16 214816 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-07-31 06:02 . 2010-06-22 18:02 -------- d-----w- d:\program files\uTorrent
2010-07-18 04:51 . 2010-07-18 04:51 98304 ----a-w- d:\windows\system32\CmdLineExt.dll
2010-07-17 09:58 . 2010-07-17 09:58 -------- d-----w- d:\program files\Microsoft Virtual PC
2010-07-17 09:53 . 2010-07-17 09:48 -------- d-----w- d:\program files\3D-Fahrschule
2010-07-13 17:48 . 2010-07-13 17:48 -------- d-----w- d:\program files\Lavalys
2010-07-13 07:37 . 2010-07-13 07:37 -------- d-----w- d:\program files\FreeTime
2010-07-11 22:04 . 2010-06-23 19:20 -------- d-----r- d:\program files\Skype
2010-07-11 08:26 . 2010-07-11 08:26 -------- d-----w- d:\program files\Common Files\Corel
2010-07-11 08:26 . 2010-06-16 08:03 -------- d-----w- d:\program files\Common Files\InstallShield
2010-07-11 08:26 . 2010-07-11 08:26 -------- d-----w- d:\program files\Corel
2010-07-04 20:17 . 2010-07-04 20:16 -------- d-----w- d:\program files\Opera
2010-07-03 18:16 . 2010-07-03 18:16 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-07-03 18:01 . 2010-07-03 14:24 -------- d-----w- d:\program files\Wolfenstein - Enemy Territory
2010-07-03 10:26 . 2010-07-03 10:26 -------- d-----w- d:\program files\Atari
2010-07-03 10:23 . 2010-07-03 10:23 -------- d-----w- d:\program files\SystemRequirementsLab
2010-07-01 18:05 . 2010-07-01 18:05 -------- d-----w- d:\program files\Trellian
2010-07-01 08:03 . 2010-07-01 07:54 -------- d-----w- d:\program files\CoffeeCup Software
2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- d:\program files\TeamViewer
2010-06-25 19:48 . 2010-06-25 19:48 -------- d-----w- d:\program files\Common Files\Java
2010-06-25 19:48 . 2010-06-25 19:48 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-06-25 19:48 . 2010-06-25 19:48 -------- d-----w- d:\program files\Java
2010-06-25 19:35 . 2010-06-25 19:35 -------- d-----w- d:\program files\FileZilla FTP Client
2010-06-24 20:18 . 2010-06-24 09:02 -------- d-----w- d:\program files\Sony Ericsson
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-06-24 09:09 . 2010-06-24 09:09 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-06-24 09:03 . 2010-06-24 09:03 27632 ----a-w- d:\windows\system32\drivers\seehcri.sys
2010-06-24 09:03 . 2010-06-24 09:03 25512 ----a-w- d:\windows\system32\drivers\ggsemc.sys
2010-06-24 09:03 . 2010-06-24 09:03 13224 ----a-w- d:\windows\system32\drivers\ggflt.sys
2010-06-24 09:03 . 2010-06-24 09:03 1112288 ----a-w- d:\windows\system32\WdfCoInstaller01007.dll
2010-06-23 19:21 . 2010-06-23 19:21 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2010-06-23 19:20 . 2010-06-23 19:20 -------- d-----w- d:\program files\Common Files\Skype
2010-06-23 19:14 . 2010-06-23 19:14 -------- d-----w- d:\program files\ESET
2010-06-22 19:27 . 2010-06-22 19:27 30 ----a-w- d:\windows\mscpt.dat
2010-06-22 19:27 . 2010-06-22 19:27 -------- d-----w- d:\program files\TLKGAMES
2010-06-22 08:44 . 2010-06-22 08:43 -------- d-----w- d:\program files\3D Chess
2010-06-22 07:29 . 2010-06-22 07:29 -------- d-----w- d:\program files\CCleaner
2010-06-20 17:25 . 2010-06-20 17:25 -------- d-----w- d:\program files\Goiceasoft Studios
2010-06-20 14:51 . 2010-06-20 14:50 -------- d-----w- d:\program files\Google
2010-06-19 15:08 . 2010-06-19 15:08 -------- d-----w- d:\program files\Microsoft.NET
2010-06-18 12:12 . 2010-06-16 07:53 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-18 12:12 . 2010-06-16 07:53 2740 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-18 12:10 . 2010-06-16 07:53 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-16 18:22 . 2010-06-16 18:22 0 -c--a-w- d:\windows\nsreg.dat
2010-06-16 09:04 . 2010-06-16 09:04 717296 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-06-16 08:08 . 2010-06-16 08:08 737280 ----a-w- d:\windows\iun6002.exe
2010-06-16 07:50 . 2010-06-16 07:50 21812 ----a-w- d:\windows\system32\emptyregdb.dat
2010-06-02 02:55 . 2010-08-11 00:01 74072 ----a-w- d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-11 00:01 527192 ----a-w- d:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-11 00:01 239960 ----a-w- d:\windows\system32\xactengine3_7.dll
2010-05-26 09:41 . 2010-08-11 00:01 2106216 ----a-w- d:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 470880 ----a-w- d:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 248672 ----a-w- d:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 1998168 ----a-w- d:\windows\system32\D3DX9_43.dll
2010-05-26 09:41 . 2010-08-11 00:01 1868128 ----a-w- d:\windows\system32\d3dcsx_43.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-16_21.26.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 06:08 . 2010-08-17 06:08 16384 d:\windows\Temp\Perflib_Perfdata_da8.dat
+ 2010-08-17 06:05 . 2010-08-17 06:05 16384 d:\windows\Temp\Perflib_Perfdata_3dc.dat
+ 2010-08-16 21:51 . 2010-04-22 02:29 43696 d:\windows\system32\drivers\NIS\1107000.00C\srtspx.sys
+ 2010-08-16 21:51 . 2010-05-06 04:01 339504 d:\windows\system32\drivers\NIS\1107000.00C\symtdiv.sys
+ 2010-08-16 21:51 . 2010-05-06 04:01 361904 d:\windows\system32\drivers\NIS\1107000.00C\symtdi.sys
+ 2010-08-16 21:51 . 2010-04-22 03:02 173104 d:\windows\system32\drivers\NIS\1107000.00C\symefa.sys
+ 2010-08-16 21:51 . 2009-10-15 03:50 328752 d:\windows\system32\drivers\NIS\1107000.00C\symds.sys
+ 2010-08-16 21:51 . 2010-04-22 02:29 325680 d:\windows\system32\drivers\NIS\1107000.00C\srtsp.sys
+ 2010-08-16 21:51 . 2010-04-29 05:03 116784 d:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys
+ 2010-08-16 21:51 . 2010-02-26 00:22 501888 d:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys
+ 2010-08-17 00:13 . 2010-08-17 00:13 262144 d:\windows\system32\config\systemprofile\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"Google Update"="d:\documents and settings\vospunt\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"snp2std"="d:\windows\vsnp2std.exe" [2006-09-15 675840]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\WaterProof\\PHPEdit\\3.6.0\\PHPEdit.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NIS\1107000.00C\symds.sys [16.8.2010 23:51 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [16.8.2010 23:51 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [19.7.2010 23:30 692272]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [16.8.2010 23:51 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [16.8.2010 23:51 116784]
R2 NIS;Norton Internet Security;d:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [16.8.2010 23:50 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.8.2010 22:45 102448]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100813.004\IDSXpx86.sys [16.8.2010 22:46 331640]
R3 seehcri;Sony Ericsson seehcri Device Driver;d:\windows\system32\drivers\seehcri.sys [24.6.2010 11:03 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [20.6.2010 16:50 136176]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.6.2010 11:03 90112]
S3 ggflt;SEMC USB Flash Driver Filter;d:\windows\system32\drivers\ggflt.sys [24.6.2010 11:03 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [24.6.2010 11:03 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;d:\windows\system32\drivers\s0016mdfl.sys [24.6.2010 11:03 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;d:\windows\system32\drivers\s0016mdm.sys [24.6.2010 11:03 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s0016mgmt.sys [24.6.2010 11:03 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);d:\windows\system32\drivers\s0016nd5.sys [24.6.2010 11:03 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;d:\windows\system32\drivers\s0016obex.sys [24.6.2010 11:03 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);d:\windows\system32\drivers\s0016unic.sys [24.6.2010 11:03 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [16.6.2010 11:04 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
fyagon
.
Obsah adresáře 'Naplánované úlohy'

2010-08-17 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-08-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 08:23]

2010-08-17 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 08:23]

2010-08-17 d:\windows\Tasks\User_Feed_Synchronization-{E3B0378E-AAF7-41C5-A46E-851A18A138BB}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-08-17 d:\windows\Tasks\Úklid 1 kliknutím.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.giga-music.net/
FF - ProfilePath - d:\documents and settings\vospunt\Data aplikací\Mozilla\Firefox\Profiles\1z0lc7i0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.giga-music.net/
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 15:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"d:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"d:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(6076)
d:\progra~1\WINDOW~2\wmpband.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-17 15:27:15
ComboFix-quarantined-files.txt 2010-08-17 13:27
ComboFix2.txt 2010-08-16 21:30

Před spuštěním: Volných bajtů: 30 040 612 864
Po spuštění: Volných bajtů: 30 028 423 168

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3ED41A61B86A58E8603E76BB44D8FC85

[Rudy]

Log je, myslím, čistý. Nastala nějaká změna?

[vospunt]

říkám když jsem nainstaloval norton a odstranil vir co našel v nějakým autorun tak potíže přestali a chtěl jsem už jen jestli tam něco navíc nevidíte takže pokud je čistý tak moc děkuji byl to tedy ten vir

[Rudy]

Ano, log vypadá čistý. Nemáte zač!