Vypínání antiviru - pravděpodobně vir

Zpráva

stenly25 · #1 Příspěvek od **stenly25** » 30 srp 2010 22:26

Dobrý večer,
prosím o kontrolu logu, "něco" mi vypíná antivir. Měl jsem AVASt, nyní Panda Cloud, po pár dnech stále to samé. Díky moc předem:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2010-08-30 23:18:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (17%) free of 153 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:36, on 30.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\windows\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\windows\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\HijackThis.exe
C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c98d5c200745e8) (gupdate1c98d5c200745e8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe

--
End of file - 9616 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyPl.dll [2008-03-04 1470488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Board Software\NotebookPlugin.dll [2006-06-27 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-10-08 122880]
"ScreenManager Pro for LCD"=C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [2004-10-20 8925184]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2005-06-08 14565376]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-11-15 473928]
"Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]
"NPSStartup"= []
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\windows\system32\sti_ci.dll [2008-04-14 136704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
C:\PROGRA~1\SMARTB~1\SMARTB~2.EXE [2006-06-27 3371008]

Ad-Aware Update (Weekly).job
AppleSoftwareUpdate.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
SA.DAT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Team17 Software Ltd\WormsForts\WF.exe"="C:\Program Files\Team17 Software Ltd\WormsForts\WF.exe:*:Disabled:WF"
"C:\Program Files\Port Royale\PortRoyale.exe"="C:\Program Files\Port Royale\PortRoyale.exe:*:Enabled:Port Royale"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\OziExplorer\OziExp.exe"="C:\Program Files\OziExplorer\OziExp.exe:*:Enabled:OziExp"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Codemasters\Worms 4 Totalni narez\Worms 4 Mayhem.exe"="C:\Program Files\Codemasters\Worms 4 Totalni narez\Worms 4 Mayhem.exe:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-30 23:18:34 ----D---- C:\rsit
2010-08-30 23:18:34 ----D---- C:\Program Files\trend micro
2010-08-30 22:37:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-08-30 22:07:28 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-30 13:09:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-08-22 22:00:54 ----D---- C:\Documents and Settings\Petr\Data aplikací\Panda Security
2010-08-22 22:00:31 ----D---- C:\Documents and Settings\Petr\Data aplikací\SurfSecret Privacy Suite
2010-08-22 21:59:40 ----D---- C:\Program Files\Panda Security
2010-08-22 21:59:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2010-08-22 07:44:07 ----D---- C:\Program Files\Mount&Blade Warband
2010-08-21 20:50:32 ----D---- C:\Program Files\GameSpy
2010-08-13 17:17:49 ----HDC---- C:\windows\$NtUninstallKB982214$
2010-08-13 17:17:40 ----HDC---- C:\windows\$NtUninstallKB2115168$
2010-08-13 17:17:19 ----HDC---- C:\windows\$NtUninstallKB981852$
2010-08-13 17:17:06 ----HDC---- C:\windows\$NtUninstallKB2079403$
2010-08-13 17:13:21 ----HDC---- C:\windows\$NtUninstallKB2160329$
2010-08-13 17:13:13 ----HDC---- C:\windows\$NtUninstallKB980436$
2010-08-13 17:09:06 ----HDC---- C:\windows\$NtUninstallKB2286198$
2010-08-13 17:08:57 ----HDC---- C:\windows\$NtUninstallKB981997$
2010-08-13 17:08:45 ----HDC---- C:\windows\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-08-30 23:18:34 ----RD---- C:\Program Files
2010-08-30 23:02:01 ----D---- C:\windows\Prefetch
2010-08-30 23:01:59 ----D---- C:\windows\Temp
2010-08-30 23:00:51 ----A---- C:\windows\Filzip.ini
2010-08-30 22:53:30 ----D---- C:\Program Files\Mozilla Firefox
2010-08-30 22:50:40 ----D---- C:\Program Files\Ask & Record Toolbar
2010-08-30 22:40:01 ----D---- C:\windows\system32
2010-08-30 22:38:29 ----D---- C:\windows\system32\drivers
2010-08-30 22:10:17 ----D---- C:\windows\system32\CatRoot2
2010-08-30 22:10:14 ----SHD---- C:\windows\Installer
2010-08-30 22:07:04 ----D---- C:\Program Files\Microsoft AntiSpyware
2010-08-30 22:06:59 ----D---- C:\windows\system32\Lang
2010-08-30 22:06:46 ----D---- C:\WINDOWS
2010-08-30 22:06:01 ----A---- C:\windows\SchedLgU.Txt
2010-08-30 22:05:16 ----D---- C:\windows\system32\config
2010-08-30 22:04:16 ----RSD---- C:\windows\assembly
2010-08-30 22:03:17 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-30 21:46:38 ----D---- C:\Documents and Settings\Petr\Data aplikací\OpenOffice.org2
2010-08-26 15:50:26 ----A---- C:\windows\system32\PnkBstrB.exe
2010-08-26 12:04:01 ----D---- C:\Documents and Settings\Petr\Data aplikací\Canon
2010-08-22 07:44:40 ----D---- C:\windows\system32\DirectX
2010-08-22 07:44:37 ----HD---- C:\windows\inf
2010-08-20 18:51:40 ----D---- C:\Program Files\QuickTime
2010-08-20 18:49:20 ----D---- C:\Program Files\Safari
2010-08-16 10:48:32 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2010-08-13 19:38:38 ----D---- C:\windows\Microsoft.NET
2010-08-13 17:17:53 ----RSHDC---- C:\windows\system32\dllcache
2010-08-13 17:17:46 ----HD---- C:\windows\$hf_mig$
2010-08-13 17:17:42 ----A---- C:\windows\imsins.BAK
2010-08-13 17:16:42 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-08-13 17:16:22 ----D---- C:\windows\WinSxS
2010-08-13 17:13:44 ----D---- C:\Program Files\Internet Explorer
2010-08-13 17:13:34 ----D---- C:\windows\ie8updates
2010-08-13 17:08:59 ----D---- C:\Program Files\Movie Maker
2010-08-03 20:09:31 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\windows\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\windows\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 PSINKNC;PSINKNC; C:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 PSINAflt;PSINAflt; C:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
R2 PSINProc;PSINProc; C:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
R2 PSINProt;PSINProt; C:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
R3 Arp1394;Protokol 1394 ARP Client; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVerE506;AVerE506 service; C:\windows\system32\DRIVERS\AVerE506.sys [2005-08-22 512384]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\windows\system32\DRIVERS\e1e5132.sys [2005-07-06 176128]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\windows\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2005-06-08 3160576]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 PAC207;e-Messenger 112; C:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\windows\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\windows\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\windows\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder iPod Edition\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; C:\windows\system32\drivers\GMSIPCI.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2007-04-04 17480]
S3 MPE;Filtr MPE BDA; C:\windows\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\windows\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\windows\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\windows\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\windows\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\windows\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\windows\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 Pcouffin;Low level access layer for CD devices; C:\windows\System32\Drivers\Pcouffin.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 FsUsbExService;FsUsbExService; C:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2010-07-21 75064]
R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2010-08-26 215016]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Board Software\SMARTBoardService.exe [2006-06-27 970752]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 30 srp 2010 22:48

Dobrý večer

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

Spusťte combofix podle tohoto návodu, předtím ho přejmenujte na žížala.com
http://www.bleepingcomputer.com/combofi ... t-combofix

stenly25 · #3 Příspěvek od **stenly25** » 30 srp 2010 23:43

Tak jsem tady.
Spustil jsem Rkill, stáhnul ComboFix, bohužel mi jej Firefox nabídl uložení jen pod původním jménem, nemohl jsme uložit s jiným. Přesto jsem jej projel, nakonec po vypsání logu sám restartoval PC.
Log tady:

ComboFix 10-08-29.04 - Petr 31.08.2010 0:20:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.512 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Petr\Plocha\combofix.exe.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 22:02:21 . 2010-08-30 22:09:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2010-08-30 21:18:34 . 2010-08-30 21:18:40 -------- d-----w- C:\rsit
2010-08-30 21:18:34 . 2010-08-30 21:18:36 -------- d-----w- C:\Program Files\trend micro
2010-08-30 20:30:43 . 2010-08-30 20:30:43 0 ----a-w- C:\windows\system32\psnupd.dat
2010-08-30 20:10:12 . 2010-08-30 20:10:12 264 ----a-w- C:\windows\system32\PSUNCpl.dat
2010-08-22 19:59:40 . 2010-08-30 20:09:50 -------- d-----w- C:\Program Files\Panda Security
2010-08-22 05:44:07 . 2010-08-22 05:51:50 -------- d-----w- C:\Program Files\Mount&Blade Warband
2010-08-21 18:50:32 . 2010-08-21 18:50:32 -------- d-----w- C:\Program Files\GameSpy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 20:50:40 . 2010-01-03 12:00:02 -------- d-----w- C:\Program Files\Ask & Record Toolbar
2010-08-30 20:07:04 . 2006-02-22 15:39:38 -------- d-----w- C:\Program Files\Microsoft AntiSpyware
2010-08-30 20:03:17 . 2006-11-16 20:28:01 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2010-08-26 13:50:45 . 2010-07-21 17:16:44 138184 ----a-w- C:\windows\system32\drivers\PnkBstrK.sys
2010-08-26 13:50:26 . 2010-07-21 17:16:26 215016 ----a-w- C:\windows\system32\PnkBstrB.exe
2010-08-21 19:07:21 . 2009-09-18 20:32:31 17584 ---ha-w- C:\windows\system32\mlfcache.dat
2010-08-20 16:51:40 . 2009-12-28 15:15:00 -------- d-----w- C:\Program Files\QuickTime
2010-08-20 16:49:20 . 2010-03-17 17:51:04 -------- d-----w- C:\Program Files\Safari
2010-08-13 15:16:42 . 2004-08-18 12:00:00 82552 ----a-w- C:\windows\system32\perfc005.dat
2010-08-13 15:16:42 . 2004-08-18 12:00:00 437832 ----a-w- C:\windows\system32\perfh005.dat
2010-07-23 14:20:56 . 2009-09-17 19:40:18 -------- d-----w- C:\Program Files\iTunes
2010-07-23 14:20:01 . 2009-10-08 14:33:12 -------- d-----w- C:\Program Files\iPod
2010-07-23 14:19:59 . 2009-09-17 19:37:42 -------- d-----w- C:\Program Files\Common Files\Apple
2010-07-21 17:16:18 . 2010-07-21 17:16:18 75064 ----a-w- C:\windows\system32\PnkBstrA.exe
2010-07-21 17:16:18 . 2010-07-21 17:16:18 2427248 ----a-w- C:\windows\system32\pbsvc_heroes.exe
2010-07-21 17:06:54 . 2006-02-23 17:47:00 -------- d-----w- C:\Program Files\EA GAMES
2010-06-30 12:33:04 . 2004-08-18 12:00:00 149504 ----a-w- C:\windows\system32\schannel.dll
2010-06-26 19:25:26 . 2009-04-06 19:03:25 664 ----a-w- C:\windows\system32\d3d9caps.dat
2010-06-24 12:27:28 . 2004-08-18 12:00:00 916480 ----a-w- C:\windows\system32\wininet.dll
2010-06-24 09:02:48 . 2004-08-18 12:00:00 1851904 ----a-w- C:\windows\system32\win32k.sys
2010-06-21 15:27:11 . 2004-08-18 12:00:00 354304 ----a-w- C:\windows\system32\drivers\srv.sys
2010-06-17 14:03:52 . 2004-08-18 12:00:00 80384 ----a-w- C:\windows\system32\iccvid.dll
2010-06-14 14:31:20 . 2006-02-22 14:45:37 744448 ----a-w- C:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-18 12:00:00 1172480 ----a-w- C:\windows\system32\msxml3.dll
2004-10-01 14:00:16 . 2006-02-26 17:11:26 40960 ----a-w- C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 11:44:40 1470488 ----a-w- C:\Program Files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04:48 320832 ----a-w- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04:48 320832 ----a-w- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 09:57:36 1451520]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 12:01:00 13529088]
"Startup Cleaner"="C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 17:59:20 122880]
"ScreenManager Pro for LCD"="C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2004-10-20 06:21:32 8925184]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 06:42:12 14565376]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24:46 32768]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 10:45:12 75304]
"nwiz"="nwiz.exe" [2008-05-16 12:01:00 1630208]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 12:01:00 86016]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 11:12:14 473928]
"PAC207_Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01:16 319488]
"Monitor"="C:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01:16 319488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-08-10 03:15:54 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-07-21 13:53:04 141608]
"PSUNMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 13:06:30 406848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\windows\system32\sti_ci.dll" [2008-04-14 03:22:03 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
backup=C:\WINDOWS\pss\Nástroje SMART Board.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\Team17 Software Ltd\\WormsForts\\WF.exe"=
"C:\\Program Files\\Port Royale\\PortRoyale.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\OziExplorer\\OziExp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [5.7.2006 14:46:06 63352]
R1 PSINKNC;PSINKNC;C:\WINDOWS\system32\drivers\PSINKNC.sys [4.5.2010 8:36:54 129928]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [7.2.2010 20:04:43 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [12.6.2009 21:04:45 222968]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.4.2010 13:47:30 136448]
R2 PSINAFLT;PSINAflt;C:\WINDOWS\system32\drivers\PSINAflt.sys [27.5.2010 18:39:32 141384]
R2 PSINFILE;PSINFile;C:\WINDOWS\system32\drivers\PSINFile.sys [30.4.2010 13:46:52 97032]
R2 PSINPROC;PSINProc;C:\WINDOWS\system32\drivers\PSINProc.sys [30.4.2010 13:46:52 111624]
R2 PSINPROT;PSINProt;C:\WINDOWS\system32\drivers\PSINProt.sys [12.5.2010 10:58:12 110920]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\drivers\AVerE506.sys [22.8.2005 18:05:04 512384]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [7.2.2010 20:04:43 36608]
R3 PAC207;e-Messenger 112;C:\WINDOWS\system32\drivers\PFC027.SYS [9.2.2009 17:12:59 616064]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8);C:\Program Files\Google\Update\GoogleUpdate.exe [12.2.2009 23:51:56 133104]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [7.2.2010 20:04:58 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [7.2.2010 20:04:58 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [7.2.2010 20:04:58 121856]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\drivers\w600bus.sys [15.8.2005 15:04:54 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\w600mdfl.sys [15.8.2005 15:04:50 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\drivers\w600mdm.sys [15.8.2005 15:04:48 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\drivers\w600mgmt.sys [15.8.2005 15:04:44 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\drivers\w600obex.sys [15.8.2005 15:04:42 85952]
S4 PsBoot;Panda boot driver;C:\windows\system32\Drivers\PsBoot.sys --> C:\windows\system32\Drivers\PsBoot.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - NANOSERVICEMAIN
*NewlyCreated* - PSINAFLT
*NewlyCreated* - PSINFILE
*NewlyCreated* - PSINKNC
*NewlyCreated* - PSINPROC
*NewlyCreated* - PSINPROT
*NewlyCreated* - RKREVEAL150
*Deregistered* - RKREVEAL150
.
Obsah adresáře 'Naplánované úlohy'

2010-08-20 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

2010-06-15 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 21:51:56 . 2009-02-12 21:51:49]

2010-06-15 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 21:51:56 . 2009-02-12 21:51:49]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {0446CF07-24EC-44FA-8C33-09384CB705B8} = 62.240.178.250,10.0.0.1
FF - ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\nnum2yml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-PowerBar - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-ShockwaveFlash - C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe

#4 Příspěvek od **motji** » 31 srp 2010 00:14

Log není celý.
Rootkit reveal jste spouštěl? Měl by jste z něj log?

stenly25 · #5 Příspěvek od **stenly25** » 31 srp 2010 00:42

Tady je:

HKU\S-1-5-21-1390067357-220523388-682003330-1004\Console 31.8.2010 1:13 0 bytes Security mismatch.
HKU\S-1-5-21-1390067357-220523388-682003330-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 14.7.2010 13:58 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-1390067357-220523388-682003330-1004\Software\SecuROM\License information* 23.7.2010 7:49 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 22.2.2006 17:21 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 22.2.2006 17:21 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 31.8.2010 1:25 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\PSUNCPL 30.8.2010 22:10 31 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\DelegateFolders\{E211B736-43FD-11D1-9EFB-0000F8757FCD}\ 20.6.2010 18:55 19 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 31.8.2010 0:09 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 31.8.2010 0:09 0 bytes Security mismatch.

#6 Příspěvek od **motji** » 31 srp 2010 10:15

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

stenly25 · #7 Příspěvek od **stenly25** » 31 srp 2010 20:22

Našel 4 pravděpodobné mršky, log tady:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4513

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.8.2010 21:19:49
mbam-log-2010-08-31 (21-19-49).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 336366
Uplynulý čas: 1 hodina(y), 43 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Petr\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

#8 Příspěvek od **motji** » 31 srp 2010 22:12

V mbamu vše smažte.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Firefox::
FF - ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\nnum2yml.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda ... 1_0yatb&p=

registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Folder::
C:\Program Files\Ask & Record Toolbar

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

stenly25 · #9 Příspěvek od **stenly25** » 31 srp 2010 22:37

Přetažen script, spuštěn Combofix. Asi u 50 fáze naráz restart PC. Žádný nový log nemohu v adresáři najít. Je tam jen ten minulý. Mám zkusit opakovat ?

#10 Příspěvek od **motji** » 31 srp 2010 22:38

U fáze 50 se pc restartuje, to je normální.
Spusťte ho znovu ale bez skriptu

stenly25 · #11 Příspěvek od **stenly25** » 31 srp 2010 23:20

Tady je:

ComboFix 10-08-29.04 - Petr 31.08.2010 23:46:11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.470 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Petr\Plocha\combofix.exe.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 15:24:57 . 2010-04-29 13:39:38 38224 ----a-w- C:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 15:24:54 . 2010-08-31 15:25:02 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 15:24:54 . 2010-04-29 13:39:26 20952 ----a-w- C:\windows\system32\drivers\mbam.sys
2010-08-30 23:40:54 . 2010-08-30 23:40:54 -------- d-----r- C:\Documents and Settings\LocalService\Dokumenty
2010-08-30 23:13:03 . 2010-08-30 23:13:50 -------- d-----w- C:\combofix.exe3659c
2010-08-30 22:19:26 . 2010-08-30 22:36:38 -------- d-----w- C:\combofix.exe
2010-08-30 22:02:21 . 2010-08-30 22:09:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2010-08-30 21:18:34 . 2010-08-30 21:18:40 -------- d-----w- C:\rsit
2010-08-30 21:18:34 . 2010-08-30 21:18:36 -------- d-----w- C:\Program Files\trend micro
2010-08-30 20:10:12 . 2010-08-30 20:10:12 264 ----a-w- C:\windows\system32\PSUNCpl.dat
2010-08-22 19:59:40 . 2010-08-30 20:09:50 -------- d-----w- C:\Program Files\Panda Security
2010-08-22 05:44:07 . 2010-08-22 05:51:50 -------- d-----w- C:\Program Files\Mount&Blade Warband
2010-08-21 18:50:32 . 2010-08-21 18:50:32 -------- d-----w- C:\Program Files\GameSpy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 21:28:53 . 2006-02-22 15:39:38 -------- d-----w- C:\Program Files\Microsoft AntiSpyware
2010-08-31 20:51:57 . 2006-11-16 20:28:01 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2010-08-30 20:50:40 . 2010-01-03 12:00:02 -------- d-----w- C:\Program Files\Ask & Record Toolbar
2010-08-26 13:50:45 . 2010-07-21 17:16:44 138184 ----a-w- C:\windows\system32\drivers\PnkBstrK.sys
2010-08-26 13:50:26 . 2010-07-21 17:16:26 215016 ----a-w- C:\windows\system32\PnkBstrB.exe
2010-08-21 19:07:21 . 2009-09-18 20:32:31 17584 ---ha-w- C:\windows\system32\mlfcache.dat
2010-08-20 16:51:40 . 2009-12-28 15:15:00 -------- d-----w- C:\Program Files\QuickTime
2010-08-20 16:49:20 . 2010-03-17 17:51:04 -------- d-----w- C:\Program Files\Safari
2010-08-13 15:16:42 . 2004-08-18 12:00:00 82552 ----a-w- C:\windows\system32\perfc005.dat
2010-08-13 15:16:42 . 2004-08-18 12:00:00 437832 ----a-w- C:\windows\system32\perfh005.dat
2010-07-23 14:20:56 . 2009-09-17 19:40:18 -------- d-----w- C:\Program Files\iTunes
2010-07-23 14:20:01 . 2009-10-08 14:33:12 -------- d-----w- C:\Program Files\iPod
2010-07-23 14:19:59 . 2009-09-17 19:37:42 -------- d-----w- C:\Program Files\Common Files\Apple
2010-07-21 17:16:18 . 2010-07-21 17:16:18 75064 ----a-w- C:\windows\system32\PnkBstrA.exe
2010-07-21 17:16:18 . 2010-07-21 17:16:18 2427248 ----a-w- C:\windows\system32\pbsvc_heroes.exe
2010-07-21 17:06:54 . 2006-02-23 17:47:00 -------- d-----w- C:\Program Files\EA GAMES
2010-06-30 12:33:04 . 2004-08-18 12:00:00 149504 ----a-w- C:\windows\system32\schannel.dll
2010-06-26 19:25:26 . 2009-04-06 19:03:25 664 ----a-w- C:\windows\system32\d3d9caps.dat
2010-06-24 12:27:28 . 2004-08-18 12:00:00 916480 ----a-w- C:\windows\system32\wininet.dll
2010-06-24 09:02:48 . 2004-08-18 12:00:00 1851904 ----a-w- C:\windows\system32\win32k.sys
2010-06-21 15:27:11 . 2004-08-18 12:00:00 354304 ----a-w- C:\windows\system32\drivers\srv.sys
2010-06-17 14:03:52 . 2004-08-18 12:00:00 80384 ----a-w- C:\windows\system32\iccvid.dll
2010-06-14 14:31:20 . 2006-02-22 14:45:37 744448 ----a-w- C:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-18 12:00:00 1172480 ----a-w- C:\windows\system32\msxml3.dll
2004-10-01 14:00:16 . 2006-02-26 17:11:26 40960 ----a-w- C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_22.31.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-20 16:49:24 . 2010-08-31 16:13:02 897024 C:\windows\Installer\{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}\SafariIco.exe
- 2010-08-20 16:49:24 . 2010-08-30 11:17:13 897024 C:\windows\Installer\{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}\SafariIco.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 11:44:40 1470488 ----a-w- C:\Program Files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyPl.dll" [2008-03-04 11:44:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04:48 320832 ----a-w- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04:48 320832 ----a-w- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" [BU]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 09:57:36 1451520]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 12:01:00 13529088]
"Startup Cleaner"="C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 17:59:20 122880]
"ScreenManager Pro for LCD"="C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2004-10-20 06:21:32 8925184]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 06:42:12 14565376]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24:46 32768]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 10:45:12 75304]
"nwiz"="nwiz.exe" [2008-05-16 12:01:00 1630208]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 12:01:00 86016]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 11:12:14 473928]
"NPSStartup"="" [BU]
"PAC207_Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01:16 319488]
"Monitor"="C:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 10:01:16 319488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-08-10 03:15:54 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-07-21 13:53:04 141608]
"PSUNMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 13:06:30 406848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\windows\system32\sti_ci.dll" [2008-04-14 03:22:03 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
backup=C:\WINDOWS\pss\Nástroje SMART Board.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\Team17 Software Ltd\\WormsForts\\WF.exe"=
"C:\\Program Files\\Port Royale\\PortRoyale.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\OziExplorer\\OziExp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [5.7.2006 14:46:06 63352]
R1 PSINKNC;PSINKNC;C:\WINDOWS\system32\drivers\PSINKNC.sys [4.5.2010 8:36:54 129928]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [7.2.2010 20:04:43 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [12.6.2009 21:04:45 222968]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.4.2010 13:47:30 136448]
R2 PSINAflt;PSINAflt;C:\WINDOWS\system32\drivers\PSINAflt.sys [27.5.2010 18:39:32 141384]
R2 PSINFile;PSINFile;C:\WINDOWS\system32\drivers\PSINFile.sys [30.4.2010 13:46:52 97032]
R2 PSINProc;PSINProc;C:\WINDOWS\system32\drivers\PSINProc.sys [30.4.2010 13:46:52 111624]
R2 PSINProt;PSINProt;C:\WINDOWS\system32\drivers\PSINProt.sys [12.5.2010 10:58:12 110920]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\drivers\AVerE506.sys [22.8.2005 18:05:04 512384]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [7.2.2010 20:04:43 36608]
R3 PAC207;e-Messenger 112;C:\WINDOWS\system32\drivers\PFC027.SYS [9.2.2009 17:12:59 616064]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8);C:\Program Files\Google\Update\GoogleUpdate.exe [12.2.2009 23:51:56 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [31.8.2010 17:24:57 38224]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [7.2.2010 20:04:58 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [7.2.2010 20:04:58 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [7.2.2010 20:04:58 121856]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\drivers\w600bus.sys [15.8.2005 15:04:54 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\w600mdfl.sys [15.8.2005 15:04:50 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\drivers\w600mdm.sys [15.8.2005 15:04:48 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\drivers\w600mgmt.sys [15.8.2005 15:04:44 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\drivers\w600obex.sys [15.8.2005 15:04:42 85952]
S3 YSBWMAZG;YSBWMAZG;C:\DOCUME~1\Petr\LOCALS~1\Temp\YSBWMAZG.exe --> C:\DOCUME~1\Petr\LOCALS~1\Temp\YSBWMAZG.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-20 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

2010-06-15 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 21:51:56 . 2009-02-12 21:51:49]

2010-06-15 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 21:51:56 . 2009-02-12 21:51:49]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {0446CF07-24EC-44FA-8C33-09384CB705B8} = 62.240.178.250,10.0.0.1
FF - ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\nnum2yml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

#12 Příspěvek od **motji** » 01 zář 2010 09:13

Ten skript není celý, pravděpodobně se vám combofix nedokončil?

.
jak to vypadá s počítačem?

stenly25 · #13 Příspěvek od **stenly25** » 01 zář 2010 09:18

Mám pustit znovu Combofix s tím scriptem ? Jak jsem psal výše, při jeho prvním spuštění přes CF mi to restartovalo nějak neočekávaně rychle bez hlášky, že se vypisuje log.
PC se chová vcelku normálně, ale to předtím také, jen mi to po 1-2 dnech vypínalo tu Pandu Cloud.

#14 Příspěvek od **motji** » 01 zář 2010 09:26

Ne, nespouštějte.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

stenly25 · #15 Příspěvek od **stenly25** » 01 zář 2010 10:13

Hotovo, PC funguje stále stejně, tedy navenek O.K. Pokud se objeví znovu potíž s vypínaním antiviru, dám vědět.
Zatím moc děkuji.
Je potřeba ještě něco udělat ?

Log tady:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2010-09-01 11:11:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (30%) free of 153 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:14, on 1.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\PixArt\PAC207\Monitor.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c98d5c200745e8) (gupdate1c98d5c200745e8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: YSBWMAZG - Unknown owner - C:\DOCUME~1\Petr\LOCALS~1\Temp\YSBWMAZG.exe (file missing)
O23 - Service: ZipToA - Unknown owner - (no file)

--
End of file - 9451 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyPl.dll [2008-03-04 1470488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Board Software\NotebookPlugin.dll [2006-06-27 602112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-10-08 122880]
"ScreenManager Pro for LCD"=C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [2004-10-20 8925184]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2005-06-08 14565376]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-11-15 473928]
"NPSStartup"= []
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\windows\system32\sti_ci.dll [2008-04-14 136704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"= []
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
C:\PROGRA~1\SMARTB~1\SMARTB~2.EXE [2006-06-27 3371008]

AppleSoftwareUpdate.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
SA.DAT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Team17 Software Ltd\WormsForts\WF.exe"="C:\Program Files\Team17 Software Ltd\WormsForts\WF.exe:*:Disabled:WF"
"C:\Program Files\Port Royale\PortRoyale.exe"="C:\Program Files\Port Royale\PortRoyale.exe:*:Enabled:Port Royale"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\OziExplorer\OziExp.exe"="C:\Program Files\OziExplorer\OziExp.exe:*:Enabled:OziExp"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Codemasters\Worms 4 Totalni narez\Worms 4 Mayhem.exe"="C:\Program Files\Codemasters\Worms 4 Totalni narez\Worms 4 Mayhem.exe:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-01 11:11:07 ----D---- C:\rsit
2010-09-01 10:59:40 ----D---- C:\Program Files\CCleaner
2010-09-01 10:49:44 ----SD---- C:\combofix.exe15888c
2010-09-01 00:14:58 ----SHD---- C:\RECYCLER
2010-09-01 00:05:30 ----D---- C:\windows\temp
2010-08-31 18:13:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-08-31 17:25:08 ----D---- C:\Documents and Settings\Petr\Data aplikací\Malwarebytes
2010-08-31 17:24:57 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 17:24:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-31 17:24:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 17:24:54 ----A---- C:\windows\system32\drivers\mbam.sys
2010-08-31 01:13:03 ----D---- C:\combofix.exe3659c
2010-08-31 00:05:44 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2010-08-31 00:02:21 ----D---- C:\32788R22FWJFW.0.tmp
2010-08-30 23:18:34 ----D---- C:\Program Files\trend micro
2010-08-30 22:37:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
2010-08-30 22:07:28 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-30 13:09:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-08-22 22:00:54 ----D---- C:\Documents and Settings\Petr\Data aplikací\Panda Security
2010-08-22 22:00:31 ----D---- C:\Documents and Settings\Petr\Data aplikací\SurfSecret Privacy Suite
2010-08-22 21:59:40 ----D---- C:\Program Files\Panda Security
2010-08-22 21:59:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2010-08-22 07:44:07 ----D---- C:\Program Files\Mount&Blade Warband
2010-08-21 20:50:32 ----D---- C:\Program Files\GameSpy
2010-08-13 17:17:49 ----HDC---- C:\windows\$NtUninstallKB982214$
2010-08-13 17:17:40 ----HDC---- C:\windows\$NtUninstallKB2115168$
2010-08-13 17:17:19 ----HDC---- C:\windows\$NtUninstallKB981852$
2010-08-13 17:17:06 ----HDC---- C:\windows\$NtUninstallKB2079403$
2010-08-13 17:13:21 ----HDC---- C:\windows\$NtUninstallKB2160329$
2010-08-13 17:13:13 ----HDC---- C:\windows\$NtUninstallKB980436$
2010-08-13 17:09:06 ----HDC---- C:\windows\$NtUninstallKB2286198$
2010-08-13 17:08:57 ----HDC---- C:\windows\$NtUninstallKB981997$
2010-08-13 17:08:45 ----HDC---- C:\windows\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-09-01 11:10:20 ----D---- C:\Program Files\Mozilla Firefox
2010-09-01 11:09:25 ----D---- C:\WINDOWS
2010-09-01 11:09:05 ----D---- C:\windows\system32\CatRoot2
2010-09-01 11:08:43 ----A---- C:\windows\Filzip.ini
2010-09-01 11:08:29 ----D---- C:\Program Files\Microsoft AntiSpyware
2010-09-01 11:08:27 ----D---- C:\windows\system32\Lang
2010-09-01 11:08:22 ----D---- C:\windows\system32
2010-09-01 11:06:47 ----A---- C:\windows\SchedLgU.Txt
2010-09-01 11:01:37 ----D---- C:\windows\Debug
2010-09-01 10:59:40 ----RD---- C:\Program Files
2010-09-01 10:57:40 ----D---- C:\windows\Minidump
2010-09-01 10:57:38 ----D---- C:\windows\Prefetch
2010-09-01 00:05:50 ----A---- C:\windows\system.ini
2010-08-31 23:56:43 ----D---- C:\windows\system32\drivers
2010-08-31 23:56:43 ----D---- C:\windows\AppPatch
2010-08-31 23:56:40 ----D---- C:\Program Files\Common Files
2010-08-31 22:53:39 ----D---- C:\Documents and Settings\Petr\Data aplikací\OpenOffice.org2
2010-08-31 22:51:57 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-31 18:13:03 ----SHD---- C:\windows\Installer
2010-08-31 00:35:13 ----SD---- C:\windows\Tasks
2010-08-30 22:50:40 ----D---- C:\Program Files\Ask & Record Toolbar
2010-08-30 22:05:16 ----D---- C:\windows\system32\config
2010-08-30 22:04:16 ----RSD---- C:\windows\assembly
2010-08-26 15:50:26 ----A---- C:\windows\system32\PnkBstrB.exe
2010-08-26 12:04:01 ----D---- C:\Documents and Settings\Petr\Data aplikací\Canon
2010-08-22 07:44:40 ----D---- C:\windows\system32\DirectX
2010-08-22 07:44:37 ----HD---- C:\windows\inf
2010-08-20 18:51:40 ----D---- C:\Program Files\QuickTime
2010-08-20 18:49:20 ----D---- C:\Program Files\Safari
2010-08-16 10:48:32 ----D---- C:\Documents and Settings\Petr\Data aplikací\XnView
2010-08-13 19:38:38 ----D---- C:\windows\Microsoft.NET
2010-08-13 17:17:53 ----RSHDC---- C:\windows\system32\dllcache
2010-08-13 17:17:46 ----HD---- C:\windows\$hf_mig$
2010-08-13 17:16:42 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-08-13 17:16:22 ----D---- C:\windows\WinSxS
2010-08-13 17:13:44 ----D---- C:\Program Files\Internet Explorer
2010-08-13 17:13:34 ----D---- C:\windows\ie8updates
2010-08-13 17:08:59 ----D---- C:\Program Files\Movie Maker
2010-08-03 20:09:31 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\windows\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\windows\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 PSINKNC;PSINKNC; C:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 PSINAflt;PSINAflt; C:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
R2 PSINProc;PSINProc; C:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
R2 PSINProt;PSINProt; C:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
R3 Arp1394;Protokol 1394 ARP Client; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVerE506;AVerE506 service; C:\windows\system32\DRIVERS\AVerE506.sys [2005-08-22 512384]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\windows\system32\DRIVERS\e1e5132.sys [2005-07-06 176128]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\windows\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2005-06-08 3160576]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 PAC207;e-Messenger 112; C:\windows\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\windows\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\windows\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\windows\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder iPod Edition\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; C:\windows\system32\drivers\GMSIPCI.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2007-04-04 17480]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
S3 MPE;Filtr MPE BDA; C:\windows\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\windows\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\windows\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\windows\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w600bus;Sony Ericsson W600 driver (WDM); C:\windows\system32\DRIVERS\w600bus.sys [2005-08-15 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter; C:\windows\system32\DRIVERS\w600mdfl.sys [2005-08-15 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers; C:\windows\system32\DRIVERS\w600mdm.sys [2005-08-15 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\w600mgmt.sys [2005-08-15 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\w600obex.sys [2005-08-15 85952]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 Pcouffin;Low level access layer for CD devices; C:\windows\System32\Drivers\Pcouffin.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 FsUsbExService;FsUsbExService; C:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2010-07-21 75064]
R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2010-08-26 215016]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Board Software\SMARTBoardService.exe [2006-06-27 970752]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 YSBWMAZG;YSBWMAZG; C:\DOCUME~1\Petr\LOCALS~1\Temp\YSBWMAZG.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Vypínání antiviru - pravděpodobně vir

Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir

Re: Vypínání antiviru - pravděpodobně vir