Samovolna zmena homepage

Zpráva

Alfajk · #1 Příspěvek od **Alfajk** » 05 zář 2010 17:22

zacalo to dnes,sama se zmenila homepage a ted vecer,po aktualizaci nasel nod cosi ve slozce windows (obrazek http://img831.imageshack.us/img831/6560/nod32s.jpg ) ,nemam tuseni jak se to do pc dostalo

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-09-05 18:20:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive G: has 6 GB (23%) free of 25 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:38, on 5.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Eset\nod32kui.exe
H:\Program Files\PowerISO\PWRISOVM.EXE
H:\Program Files\QIP Infium\infium.exe
H:\Program Files\Samsung\Kies\KiesTrayAgent.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
G:\WINDOWS\system32\dgdersvc.exe
G:\WINDOWS\system32\FsUsbExService.Exe
G:\WINDOWS\jusched.exe
G:\Program Files\Eset\nod32krn.exe
G:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
G:\WINDOWS\system32\taskmgr.exe
G:\Documents and Settings\Admin\Plocha\RSIT.exe
G:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "h:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "H:\Program Files\QIP Infium\infium.exe" /autorun /autorun /autorun /autorun /autorun
O4 - HKCU\..\Run: [KiesTrayAgent] H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "G:\DOCUME~1\Admin\LOCALS~1\Temp\E_S1190.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Java developer Script Browse] G:\WINDOWS\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - G:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - G:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - G:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - H:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6492 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\1-Click Maintenance.job
G:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=G:\WINDOWS\RTHDCPL.EXE [2005-05-04 14396416]
"nod32kui"=G:\Program Files\Eset\nod32kui.exe [2009-08-26 949376]
"PWRISOVM.EXE"=H:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"Adobe ARM"=G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"NvCplDaemon"=G:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=G:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"KernelFaultCheck"=G:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=G:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DAEMON Tools Lite"=G:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"Steam"=h:\program files\steam\steam.exe [2010-08-24 1242448]
"Infium"=H:\Program Files\QIP Infium\infium.exe [2009-03-25 5245440]
"KiesTrayAgent"=H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600]
"EPSON SX110 Series"=G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"Java developer Script Browse"=G:\WINDOWS\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3
"LightScribeService"=2
"gupdate"=2
"NMIndexingService"=3

G:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"RestrictRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"G:\WINDOWS\system32\PnkBstrA.exe"="G:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"G:\WINDOWS\system32\PnkBstrB.exe"="G:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\XBlades\xblades.exe"="H:\Program Files\XBlades\xblades.exe:*:Enabled:xblades.exe"
"H:\Program Files\XBlades\launcher.exe"="H:\Program Files\XBlades\launcher.exe:*:Enabled:launcher.exe"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
"H:\Program Files\Dragon Age\DAOriginsLauncher.exe"="H:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:${SafeProductName} ${FirewallName_Launcher}"
"H:\Program Files\Dragon Age\bin_ship\daorigins.exe"="H:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:${SafeProductName} ${FirewallName_Game}"
"H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:${SafeProductName} ${FirewallName_Updater}"
"H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe"="H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe:*:Enabled:Bionic Commando"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe:*:Enabled:Bionic Commando"
"G:\Program Files\Skype\Plugin Manager\skypePM.exe"="G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"G:\WINDOWS\system32\muzapp.exe"="G:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"G:\Documents and Settings\Admin\Plocha\PIC675799074533-JPG-www.facebook.com.exe"="G:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse"
"H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"G:\Program Files\Skype\Phone\Skype.exe"="G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-15 08:34:24 ----D---- G:\Program Files\Common Files\INCA Shared
2010-08-12 08:14:07 ----D---- G:\Documents and Settings\Admin\Data aplikací\OGREALMS
2010-08-11 02:29:05 ----D---- G:\Temp
2010-08-11 02:26:42 ----D---- G:\Program Files\AviSynth 2.5
2010-08-10 13:07:28 ----D---- G:\32788R22FWJFW
2010-08-09 16:48:28 ----D---- G:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2010-08-09 16:48:15 ----D---- G:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-08 19:54:18 ----SHD---- G:\RECYCLER
2010-08-08 19:05:57 ----D---- G:\WINDOWS\temp
2010-08-08 19:05:55 ----A---- G:\ComboFix.txt
2010-08-08 18:56:57 ----D---- G:\WINDOWS\CSC
2010-08-08 18:56:52 ----A---- G:\WINDOWS\ntbtlog.txt
2010-08-08 16:55:54 ----A---- G:\WINDOWS\zip.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\SWSC.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\SWREG.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\sed.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\PEV.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\NIRCMD.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\MBR.exe
2010-08-08 16:55:54 ----A---- G:\WINDOWS\grep.exe
2010-08-08 16:55:53 ----A---- G:\WINDOWS\SWXCACLS.exe
2010-08-08 16:55:38 ----D---- G:\WINDOWS\ERDNT
2010-08-08 16:53:16 ----AD---- G:\Qoobox
2010-08-08 13:35:21 ----D---- G:\Documents and Settings\Admin\Data aplikací\SPORE

======List of files/folders modified in the last 1 months======

2010-09-05 18:20:38 ----D---- G:\WINDOWS\Prefetch
2010-09-05 18:17:51 ----D---- G:\WINDOWS
2010-09-05 11:00:49 ----D---- G:\WINDOWS\system32\CatRoot2
2010-09-05 10:20:19 ----D---- G:\Documents and Settings\Admin\Data aplikací\Skype
2010-09-05 08:30:58 ----D---- G:\Documents and Settings\Admin\Data aplikací\skypePM
2010-09-05 08:15:22 ----D---- G:\WINDOWS\system32\Lang
2010-09-05 00:20:30 ----A---- G:\WINDOWS\SchedLgU.Txt
2010-09-03 18:18:30 ----D---- G:\Documents and Settings\Admin\Data aplikací\Mumble
2010-09-01 10:47:10 ----D---- G:\WINDOWS\system32
2010-08-29 19:39:51 ----HD---- G:\Program Files\InstallShield Installation Information
2010-08-29 19:38:16 ----SHD---- G:\WINDOWS\Installer
2010-08-29 19:38:15 ----D---- G:\Config.Msi
2010-08-22 01:22:55 ----D---- G:\Program Files\Common Files\Adobe
2010-08-18 11:58:23 ----RSD---- G:\WINDOWS\Fonts
2010-08-15 09:55:27 ----D---- G:\WINDOWS\system32\drivers
2010-08-15 08:34:24 ----D---- G:\Program Files\Common Files
2010-08-14 12:59:23 ----D---- G:\Program Files\Common Files\BioWare
2010-08-11 02:26:42 ----RD---- G:\Program Files
2010-08-11 01:55:22 ----A---- G:\WINDOWS\NeroDigital.ini
2010-08-08 19:04:19 ----A---- G:\WINDOWS\system.ini
2010-08-08 19:02:23 ----D---- G:\WINDOWS\AppPatch
2010-08-08 17:40:56 ----D---- G:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; G:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; G:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-26 15424]
R1 SbFw;SbFw; G:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; G:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; G:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; G:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; G:\WINDOWS\system32\drivers\amon.sys [2009-08-26 512096]
R3 BlueletAudio;Bluetooth Audio Service; G:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; G:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 dgderdrv;dgderdrv; G:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\G:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; G:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); G:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-04 2951680]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; G:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2006-03-27 26752]
R3 nv;nv; G:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 pcouffin;VSO Software pcouffin; G:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-29 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; G:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; G:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tap0901;TAP-Win32 Adapter V9; G:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-10-02 25984]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; G:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; G:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; G:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; G:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; G:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
S3 BT;Bluetooth PAN Network Adapter; G:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; G:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 catchme;catchme; \??\G:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 hamachi;Hamachi Network Interface; G:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-26 25280]
S3 npkcrypt;npkcrypt; \??\H:\Program Files\Interlude\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\HRY\RO\npkycryp.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; G:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); G:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); G:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; G:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; G:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; G:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; G:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\H:\Program Files\Karaoke Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; G:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; G:\WINDOWS\System32\Drivers\sptd.sys [2009-08-26 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 dgdersvc;Device Error Recovery Service; G:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 FsUsbExService;FsUsbExService; G:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 NOD32krn;NOD32 Kernel Service; G:\Program Files\Eset\nod32krn.exe [2009-08-26 552064]
R2 NVSvc;NVIDIA Display Driver Service; G:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; G:\WINDOWS\system32\PnkBstrA.exe [2009-10-09 66872]
R2 SbPF.Launcher;SbPF.Launcher; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UxTuneUp;TuneUp Theme Extension; G:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; G:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 SPF4;Sunbelt Personal Firewall 4; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; G:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 npggsvc;nProtect GameGuard Service; G:\WINDOWS\system32\GameMon.des [2009-10-11 3369044]
S3 OpenVPNService;OpenVPN Service; H:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-10-02 36352]
S3 ServiceLayer;ServiceLayer; G:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 gupdate;Služba Google Update (gupdate); G:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; G:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service; G:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-19 306432]

-----------------EOF-----------------

snad se to obejde bez combofixu,protoze muj PC ma pak problemy normalne fungovat (nechce se zapnout)

#2 Příspěvek od **Caroprd111** » 05 zář 2010 19:41

Zdravím

Bez ComboFixu se obejdeme.

Poprosím Vás o druhý log z RSIT (info.txt).

Alfajk · #3 Příspěvek od **Alfajk** » 05 zář 2010 19:44

info.txt nemuzu najit, v "G:\rsit " neni a ani po novym spusteni rsit sem ho nikde nenasel

/edit> tak jsem nasel nejakej starej,ten smazal a udelal novej log,objevil se novej info.txt

info.txt logfile of random's system information tool 1.06 2010-09-05 20:46:26

======Uninstall list======

-->G:\WINDOWS\IsUninst.exe -f"G:\Program Files\Gigabyte\ITE Raid Driver Setup\Uninst.isu"
-->G:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->G:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->G:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->G:\WINDOWS\UNRecode.exe /UNINSTALL
-->H:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
1.0.5-->"C:\Program Files\Vitamini\unins000.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 5.0-->G:\WINDOWS\ISUNINST.EXE -f"G:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"G:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->g:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->G:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->G:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
Age Of Emerald-->"H:\Program Files\GameTop.com\Age Of Emerald\unins000.exe"
Age of Empires III-->G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alien Swarm-->"H:\program files\steam\steam.exe" steam://uninstall/630
Alien Terminator Deluxe-->"H:\Program Files\GameTop.com\Alien Terminator Deluxe\unins000.exe"
Anders Kjersem: Startup Control Panel-->"H:\Program Files\Anders Kjersem\Startup Control Panel\unins000.exe"
Antivirový systém NOD32-->G:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Around the World in 80 Days-->"H:\Program Files\GameTop.com\Around the World in 80 Days\unins000.exe"
Atlantis Quest-->"H:\Program Files\MyPlayCity.com\Atlantis Quest\unins000.exe"
Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->G:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u G:\WINDOWS\system32\DRVSTORE\amdk8_272AB57A055A98BD494E3A7FDA0E8216ECE25347\amdk8.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->G:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u G:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Bato-->"H:\Program Files\GameTop.com\Bato\unins000.exe"
Bionic Commando Rearmed-->"G:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Bionic Commando-->"G:\Program Files\InstallShield Installation Information\{E1071C00-B001-4633-B9C3-164C856D5730}\setup.exe" -runfromtemp -l0x0009 -removeonly
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Call of Juarez-->"D:\Program Files\TopCD\Call of Juarez\unins000.exe"
Command & Conquer Generals-->G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\Intel 32\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Renegade-->H:\Westwood\Renegade\Uninstll.exe
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Convert MP3 V3.02-->"H:\Program Files\ConvertMP3\unins000.exe"
ConvertXtoDVD 4.0.5.315-->"H:\Program Files\VSO\ConvertX\4\unins000.exe"
Counter-Strike Source Non-Steam patch v44-->"H:\Program Files\CSS-new\Counter-Strike Source\Counter-Strike Source\unins000.exe"
Crysis WARHEAD(R)-->"G:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->G:\Documents and Settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Defcon Patch 1.43-->"H:\Program Files\Defcon\unins000.exe"
Diamond Lines-->"H:\Program Files\GameTop.com\Diamond Lines\unins000.exe"
Dragon Age: Prameny-->G:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
DriverCD-->G:\WINDOWS\IsUninst.exe -f"G:\Program Files\GIGABYTE\DriverCD\Uninst.isu"
Epson Easy Photo Print 2-->G:\Program Files\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x0009 UNINST -removeonly
Epson Event Manager-->RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x9 -u
EPSON Scan-->G:\Program Files\epson\escndv\setup\setup.exe /r
Epson Stylus SX110_TX110 Manuál-->G:\Program Files\EPSON\TPMANUAL\ESSX110_TX110\CZE\USE_G\DOCUNINS.EXE
EPSON SX110 Series Printer Uninstall-->G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFBE.EXE /R /APD /P:"EPSON SX110 Series"
EPSON Web-To-Page-->RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
GOM Player-->"H:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hamachi 1.0.3.0-->H:\Program Files\Hamachi\uninstall.exe
Heart Of Darkness-->C:\PROGRA~1\HEARTO~1\UNWISE.EXE C:\PROGRA~1\HEARTO~1\INSTALL.LOG
Heroes of Might and Magic III Complete-->G:\Program Files\InstallShield Installation Information\{EDFB64A7-5BFD-4137-943D-5663149A15F5}\setup.exe -runfromtemp -l0x0405
High Definition Audio - KB888111-->"G:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"G:\Program Files\trend micro\HijackThis.exe" /uninstall
ImgBurn-->"H:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Jets N Guns-->"C:\Program Files\Jets N Guns\ReflexiveArcade\unins000.exe"
Kies-->"G:\Program Files\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\Setup.exe" -runfromtemp -l0x0405 -removeonly
Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}
Kill Deal-->"H:\Program Files\MyPlayCity.com\Kill Deal\unins000.exe"
K-Lite Mega Codec Pack 6.2.0-->"G:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead 2 Demo-->"H:\Program Files\Steam\steam.exe" steam://uninstall/590
Left 4 Dead-->"H:\Program Files\Steam\steam.exe" steam://uninstall/500
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marine Puzzle-->"H:\Program Files\GameTop.com\Marine Puzzle\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0-->G:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office XP Professional s aplikací FrontPage-->MsiExec.exe /I{90280405-6000-11D3-8CFE-0050048383C9}
Microsoft Rise Of Nations-->"H:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"G:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mini Ninjas 1.0-->H:\Program Files\Eidos\Mini Ninjas\uninst.exe
MobMap 3.53-->"D:\Program Files\WoW_wotlk\World of Warcraft\Interface\AddOns\MobMapUpdater\unins000.exe"
MozBackup 1.4.9-->H:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox (3.6.8)-->H:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"H:\Program Files\GNU\MPEG2\Uninstall.exe"
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Mumble and Murmur-->H:\Program Files\Mumble\Uninstall.exe
Need for Speed Underground 2-->C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need4 Software Launcher 6.2-->H:\Program Files\Need4 Software Launcher\uninst.exe
Need4 YouTube Download 6-->H:\Program Files\Need4 YouTube Download 6\uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641029}
Ninja Blade-->"H:\Program Files\TopCD\Ninja Blade\unins000.exe"
NVIDIA Drivers-->G:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->G:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL-->"G:\Program Files\OpenAL\oalinst.exe" /U
OpenVPN 2.1_rc20-->H:\Program Files\OpenVPN\Uninstall.exe
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
PIF DESIGNER-->RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Pirates: Battle for the Caribbean-->"H:\Program Files\GameTop.com\Pirates\unins000.exe"
PowerISO-->"H:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->G:\WINDOWS\system32\pbsvc.exe -u
QT Lite 3.0.0-->"H:\Program Files\QT Lite\unins000.exe"
Ragnarok Renewal-->"G:\WINDOWS\IFinst27.exe" -UD:\HRY\RO\IFUA72.inf
Real Alternative 2.0.1-->"G:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Re-MortalRO v1.0-->"D:\HRY\Re-mortalRO\RO\unins000.exe"
RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}
Revo Uninstaller 1.83-->G:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SAMSUNG USB Driver for Mobile Phones-->G:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Software tiskárny EPSON-->G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE™-->"G:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0005 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
SWAT 4-->G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\Intel 32\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
System Requirements Lab-->G:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims™ 3 Cestovní horečka-->"G:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0005 -removeonly
The Sims™ 3-->"G:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0005 -removeonly
Tibet Quest-->"H:\Program Files\GameTop.com\Tibet Quest\unins000.exe"
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x5 -removeonly
Total Video Converter 3.70 100621-->"H:\Program Files\Total Video Converter\unins000.exe"
TQ Defiler.NET-->MsiExec.exe /I{A61A59E2-5499-4164-B588-470387E149C9}
TQ Defiler-->MsiExec.exe /I{10209B87-55D6-493E-A30A-12A265AA324E}
TQ Portable.NET-->MsiExec.exe /I{9F1B135A-F28C-45CD-9F6F-5989D62142E3}
Treasure Puzzle-->"H:\Program Files\GameTop.com\Treasure Puzzle\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Underwater Puzzle-->"G:\Program Files\GameTop.com\Underwater Puzzle\unins000.exe"
Winamp-->"H:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"G:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"G:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"G:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"G:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR-->G:\Program Files\WinRAR\uninstall.exe
X-Blades-->MsiExec.exe /X{27018D57-D152-44EF-BCE0-5E3B3445EABE}
XviD4PSP 5.0-->H:\Program Files\Winnydows\XviD4PSP5\Uninstall.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background [2010-02-22]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2010-02-22]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe [2010-02-22]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2010-02-22]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe" [2010-02-22]
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE [2010-02-22]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-02-22]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe [2010-02-22]

======Security center information======

AV: Eset NOD32 Antivirus 2.70
FW: Sunbelt Personal Firewall

======System event log======

Computer Name: PC
Event Code: 7036
Message: Stav služby Načítání obrázků (WIA) byl změněn na: Spuštěno

Record Number: 14655
Source Name: Service Control Manager
Time Written: 20100627112611.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 8033
Message: Prohledávač vyvolal v síti \Device\NetBT_Tcpip_{A5175002-7ED6-413E-BFEC-43AEB2D8425E} volby, protože hlavní prohledávač byl zastaven.

Record Number: 14654
Source Name: BROWSER
Time Written: 20100627112552.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 4201
Message: Sytém zjistil, že síťový adaptér ASUS...Network Adapter - Packet Scheduler Miniport byl připojen k síti
a inicializoval normální činnost přes síťový adaptér.

Record Number: 14653
Source Name: Tcpip
Time Written: 20100627112552.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 35
Message: Služba Systémový čas nyní synchronizuje systémový čas s časem
zdroje time.windows.com (ntp.m|0x1|192.168.1.3:123->207.46.197.32:123).

Record Number: 14652
Source Name: W32Time
Time Written: 20100627105514.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 34
Message: Služba Systémový čas zjistila, že je nutné změnit
systémový čas o -31535283 sekund. Služba Systémový čas nemění systémový
čas o více než -54000 sekund. Ověřte správnost času a časového pásma, a zda zdroj času time.windows.com (ntp.m|0x1|192.168.1.3:123->207.46.197.32:123) pracuje správně.

Record Number: 14651
Source Name: W32Time
Time Written: 20110627104256.000000+120
Event Type: Chyba
User:

=====Application event log=====

Computer Name: PC
Event Code: 103
Message: wuaueng.dll (3568) SUS20ClientDataStore: Databázový stroj zastavil instanci (0).

Record Number: 5
Source Name: ESENT
Time Written: 20100521202957.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 102
Message: wuaueng.dll (3568) SUS20ClientDataStore: Databázový stroj spustil novou instanci (0).

Record Number: 4
Source Name: ESENT
Time Written: 20100521202455.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 100
Message: wuauclt (3568) Databázový stroj 5.01.2600.2180 byl spuštěn.

Record Number: 3
Source Name: ESENT
Time Written: 20100521202455.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20100521202410.000000+120
Event Type: Informace
User:

Computer Name: PC
Event Code: 1001
Message: Kontrola systému souboru na H:
Systém souboru je typu NTFS.
Jmenovka svazku je Hry a programy.

Nektery z disku vyzaduje kontrolu konzistence. Kontrolu
disku muzete stornovat, durazne vsak doporucujeme
kontrolu provést.
Systém nyní zkontroluje disk.
Atribut typu 0x80 s príznakem instance 0x0 v souboru 0xce0
vyhradil délku 0x25b000 místo 0x25a000.
Poskozená polozka seznamu atributu
s kódem typu 128 ze souboru 3296 byla odstranena.
Nelze najít atribut s príznakem instance 0x0 a segmentovym
odkazem 0x2000000013d0e. Ocekávany typ atributu je 0x80.
Odstranování poskozeného záznamu atributu (128, "")
ze segmentu 81166 záznamu souboru.
Nelze najít atribut s príznakem instance 0x0 a segmentovym
odkazem 0x3000000025ae4. Ocekávany typ atributu je 0x80.
Odstranování poskozeného záznamu atributu (128, "")
ze segmentu 154340 záznamu souboru.
Systém odstranuje mensí nekonzistence nalezené na disku.
Systém maze 36 nepouzitych polozek indexu $SII souboru 0x9.
Systém maze 36 nepouzitych polozek indexu $SDH souboru 0x9.
Systém maze 36 nepouzitych popisovacu zabezpecení.
Vkládá se datovy atribut do souboru 3296.
Program CHKDSK nalezl volné místo oznacené jako pridelené v
bitové mape tabulky MFT.
Program CHKDSK nalezl volné místo oznacené jako pridelené v bitové mape svazku.
Systém Windows opravil systém souboru.

286961030 kB místa na disku celkem.
253629456 kB v 150409 souborech uzivatele.
57876 kB v 5733 rejstrících.
0 kB v chybnych sektorech.
255246 kB pouzívá systém.
65536 kB zabírá soubor s protokolem.
33018452 kB na disku je volnych.

4096 bajtu v kazdé alokacní jednotce
71740257 alokacních jednotek na disku celkem.
8254613 volnych alokacních jednotek

Vnitrní informace:
10 c1 02 00 f9 61 02 00 21 2a 04 00 00 00 00 00 begin_of_the_skype_highlighting 04 00 00 00 00 00 end_of_the_skype_highlighting .....a..!*......
b6 01 00 00 00 00 00 00 45 00 00 00 00 00 00 00 ........E.......
2a fc a8 03 00 00 00 00 50 6d ce 64 00 00 00 00 *.......Pm.d....
a6 24 91 03 00 00 00 00 00 00 00 00 00 00 00 00 .$..............
00 00 00 00 00 00 00 00 20 9c 2f 73 00 00 00 00 ........ ./s....
99 9e 36 00 00 00 00 00 20 38 08 00 89 4b 02 00 ..6..... 8...K..
00 00 00 00 00 40 50 78 3c 00 00 00 65 16 00 00 .....@Px<...e...

Record Number: 1
Source Name: Winlogon
Time Written: 20100521202322.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;G:\Program Files\PC Connectivity Solution;H:\Program Files\QT Lite\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 Příspěvek od **Caroprd111** » 05 zář 2010 20:05

Vložte mi sem log G:\ComboFix.txt

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

Alfajk · #5 Příspěvek od **Alfajk** » 05 zář 2010 20:11

sam jsem CF nepouzil,to je z minulyho leceni...

ComboFix 10-08-07.02 - Admin 08.08.2010 18:58:46.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.707 [GMT 2:00]
Spuštěný z: g:\documents and settings\Admin\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\windows\system32\muzapp.exe
H:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-03 19:04 . 2009-09-19 05:30 100224 ----a-w- g:\windows\system32\drivers\ss_bserd.sys
2010-08-03 19:04 . 2009-09-19 05:30 14848 ----a-w- g:\windows\system32\drivers\ss_bmdfl.sys
2010-08-03 19:04 . 2009-09-19 05:30 12416 ----a-w- g:\windows\system32\drivers\ss_bcmnt.sys
2010-08-03 19:04 . 2009-09-19 05:30 12416 ----a-w- g:\windows\system32\drivers\ss_bcm.sys
2010-08-03 19:04 . 2009-09-19 05:30 123648 ----a-w- g:\windows\system32\drivers\ss_bmdm.sys
2010-08-03 19:04 . 2009-09-19 05:30 98432 ----a-w- g:\windows\system32\drivers\ss_bbus.sys
2010-08-03 19:04 . 2009-09-19 05:30 12288 ----a-w- g:\windows\system32\drivers\ss_bwhnt.sys
2010-08-03 19:04 . 2009-09-19 05:30 12288 ----a-w- g:\windows\system32\drivers\ss_bwh.sys
2010-08-03 19:04 . 2010-08-03 19:04 -------- d-----w- g:\program files\SAMSUNG
2010-08-03 19:03 . 2008-08-26 07:26 18816 ----a-w- g:\windows\system32\drivers\pccsmcfd.sys
2010-08-03 19:03 . 2009-12-22 02:31 36640 ----a-w- g:\windows\system32\FsUsbExDisk.Sys
2010-08-03 19:03 . 2009-12-22 02:31 217088 ----a-w- g:\windows\system32\FsUsbExService.Exe
2010-08-03 19:03 . 2009-11-03 06:32 110592 ----a-w- g:\windows\system32\FsUsbExDevice.Dll
2010-08-03 19:00 . 2010-08-03 19:03 -------- d-----w- g:\program files\PC Connectivity Solution
2010-08-03 18:57 . 2010-08-03 18:57 -------- d-----w- g:\program files\MarkAny
2010-08-03 18:55 . 2010-08-03 19:36 -------- d-----w- g:\windows\system32\drivers\umdf
2010-08-03 18:51 . 2010-08-03 18:57 -------- d-----w- g:\program files\Common Files\Samsung
2010-07-29 23:27 . 2010-03-15 09:31 165376 ----a-w- g:\windows\system32\unrar.dll
2010-07-29 23:27 . 2004-01-25 16:18 217088 ----a-w- g:\windows\system32\yv12vfw.dll
2010-07-29 23:27 . 2010-06-08 16:10 790528 ----a-w- g:\windows\system32\xvidcore.dll
2010-07-29 23:27 . 2010-06-08 16:10 134144 ----a-w- g:\windows\system32\xvidvfw.dll
2010-07-29 23:27 . 2010-03-10 19:29 94208 ----a-w- g:\windows\system32\dpl100.dll
2010-07-29 23:27 . 2010-02-19 19:27 720384 ----a-w- g:\windows\system32\divx.dll
2010-07-29 23:27 . 2010-07-14 08:00 108032 ----a-w- g:\windows\system32\ff_vfw.dll
2010-07-29 23:27 . 2010-07-29 23:27 -------- d-----w- g:\program files\K-Lite Codec Pack
2010-07-29 07:30 . 2010-07-29 09:17 65536 ----a-w- g:\windows\IFinst27.exe
2010-07-26 11:45 . 2010-07-26 11:45 -------- d-----w- g:\program files\ReflexiveArcade
2010-07-21 07:39 . 2010-07-21 07:39 -------- d-----w- g:\program files\Common Files\Adobe AIR
2010-07-21 07:04 . 2010-07-21 10:59 -------- d-----w- g:\windows\Downloaded Installations
2010-07-17 10:11 . 2010-07-17 10:11 -------- d-----w- g:\program files\MSBuild
2010-07-17 10:09 . 2010-07-17 10:09 -------- d-----w- g:\windows\system32\XPSViewer
2010-07-17 10:08 . 2010-07-17 10:08 -------- d-----w- g:\program files\Reference Assemblies
2010-07-14 05:27 . 2010-07-14 05:27 -------- d-----w- g:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 11:21 . 2009-08-26 17:11 -------- d--h--w- g:\program files\InstallShield Installation Information
2010-08-03 19:03 . 2009-11-04 16:28 -------- d-----w- g:\program files\DIFX
2010-07-17 10:11 . 2001-10-25 14:00 78052 ----a-w- g:\windows\system32\perfc005.dat
2010-07-17 10:11 . 2001-10-25 14:00 429024 ----a-w- g:\windows\system32\perfh005.dat
2010-05-24 15:40 . 2009-12-19 20:21 107888 ----a-w- g:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="h:\program files\Samsung\Kies\" [X]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Steam"="h:\program files\steam\steam.exe" [2010-05-07 1238352]
"Infium"="h:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"nod32kui"="g:\program files\Eset\nod32kui.exe" [2009-08-26 949376]
"PWRISOVM.EXE"="h:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

g:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - g:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"LightScribeService"=2 (0x2)
"gupdate"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"h:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"h:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"h:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"g:\\WINDOWS\\system32\\PnkBstrA.exe"=
"g:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\XBlades\\xblades.exe"=
"h:\\Program Files\\XBlades\\launcher.exe"=
"h:\\Program Files\\capcom\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"h:\\Program Files\\capcom\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"h:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"h:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"h:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"h:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"h:\\Program Files\\capcom\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando\\Bionic Commando\\bionic_commando.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando\\Bionic Commando\\Support\\CAP1-0101.exe"=
"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iteraid;ITERAID_Service_Install;g:\windows\system32\drivers\iteraid.sys [26.8.2009 19:12 25067]
R1 SbFw;SbFw;g:\windows\system32\drivers\SbFw.sys [26.8.2009 21:14 270888]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;g:\windows\system32\drivers\ipfnd51.sys [26.8.2009 18:57 26752]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;g:\windows\system32\drivers\SbFwIm.sys [26.8.2009 21:14 65576]
S1 nod32drv;nod32drv;g:\windows\system32\drivers\nod32drv.sys [26.8.2009 20:01 15424]
S1 sbhips;Sunbelt HIPS Driver;g:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 dgdersvc;Device Error Recovery Service;g:\windows\system32\dgdersvc.exe [22.12.2009 4:31 95568]
S2 FsUsbExService;FsUsbExService;g:\windows\system32\FsUsbExService.Exe [3.8.2010 21:03 217088]
S2 SbPF.Launcher;SbPF.Launcher;h:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;h:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;h:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [20.11.2009 15:17 25832]
S3 dgderdrv;dgderdrv;g:\windows\system32\drivers\dgderdrv.sys [22.12.2009 4:31 18136]
S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [3.8.2010 21:03 36640]
S3 npkycryp;npkycryp;\??\d:\hry\RO\npkycryp.sys --> d:\hry\RO\npkycryp.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);g:\windows\system32\drivers\ss_bbus.sys [3.8.2010 21:04 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);g:\windows\system32\drivers\ss_bmdfl.sys [3.8.2010 21:04 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;g:\windows\system32\drivers\ss_bmdm.sys [3.8.2010 21:04 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;g:\windows\system32\drivers\ss_bserd.sys [3.8.2010 21:04 100224]
S3 zlportio;zlportio;\??\h:\program files\Karaoke Deluxe\zlportio.sys --> h:\program files\Karaoke Deluxe\zlportio.sys [?]
S4 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [15.1.2010 13:10 135664]
S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [26.8.2009 21:01 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-06 g:\windows\Tasks\1-Click Maintenance.job
- h:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-07-12 g:\windows\Tasks\Úklid 1 kliknutím.job
- h:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
LSP: g:\windows\system32\imon.dll
FF - ProfilePath - g:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\w3o702fj.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: h:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: g:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: h:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: h:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: h:\program files\Java\jre6\bin\new_plugin\npjp2.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ActiveSetup-{40U168R6-PDFN-12UO-136H-8QF5832V74HK} - g:\windows\system32\install\svchost.exe
AddRemove-01_Simmental - g:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - g:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - g:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - g:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - g:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - g:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - g:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - g:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - g:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - g:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - g:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - g:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - g:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - g:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - g:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - g:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - g:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 19:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,1f,c4,65,f4,9f,1e,0a,77,8f,e5,5b,ef,8c,59,61,cc,b2,b2,18,4e,0d,87,
68,e2,ee,53,96,3c,c2,d0,c1,9b,d1,8c,f9,51,68,d3,49,2c,a3,03,63,ae,3f,83,2d,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd

[HKEY_USERS\S-1-5-21-1004336348-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,a3,d1,e9,43,49,bd,bb,1e,6c,8c,1f,35,2c,c2,25,49,6e,e7,dd,12,
9e,34,7b,55,ab,56,f2,ab,c0,93,fa,5b,34,d7,75,f7,2a,ca,db,80,69,7d,94,af,b6,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-08 19:05:54
ComboFix-quarantined-files.txt 2010-08-08 17:05

Před spuštěním: 9 948 356 608
Po spuštění: 9 951 723 520

- - End Of File - - B0A9515CCA1CF6530D61F9EC4AD38DC4

#6 Příspěvek od **Caroprd111** » 05 zář 2010 20:15

Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:commands
[EmptyTemp]
[ClearAllRestorePoints]

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Java developer Script Browse"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

:Files
G:\WINDOWS\jusched.exe

Alfajk · #7 Příspěvek od **Alfajk** » 05 zář 2010 20:28

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 37395001 bytes
->Temporary Internet Files folder emptied: 383260084 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97150193 bytes
->Flash cache emptied: 78613 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2626584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106496 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 61368804 bytes

Total Files Cleaned = 555,00 mb

Restore points cleared and new OTM Restore Point set!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Java developer Script Browse deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
========== FILES ==========
File/Folder G:\WINDOWS\jusched.exe not found.

OTM by OldTimer - Version 3.1.15.0 log created on 09052010_212129

Files moved on Reboot...

Registry entries deleted on Reboot...

#8 Příspěvek od **Caroprd111** » 05 zář 2010 20:52

Jak se chová PC

Alfajk · #9 Příspěvek od **Alfajk** » 05 zář 2010 20:54

homepage je zatim seznam.cz ,nod nic nehlasi,jinak ani predtim zadnej problem s pc nebyl(zadnej viditelnej),jen se to projevilo tou zmenou a nodem, diky

#10 Příspěvek od **Caroprd111** » 05 zář 2010 21:04

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Dejte nový log z RSIT.

Alfajk · #11 Příspěvek od **Alfajk** » 06 zář 2010 13:45

napsalo to,ze combofix nenalezen,ale to asi nevadi...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2010-09-06 14:42:31
Systém Microsoft Windows XP Professional Service Pack 2
System drive G: has 7 GB (29%) free of 25 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:42:38, on 6.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Eset\nod32kui.exe
H:\Program Files\PowerISO\PWRISOVM.EXE
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Skype\Phone\Skype.exe
H:\program files\steam\steam.exe
H:\Program Files\QIP Infium\infium.exe
H:\Program Files\Samsung\Kies\KiesTrayAgent.exe
G:\WINDOWS\system32\dgdersvc.exe
G:\WINDOWS\system32\FsUsbExService.Exe
G:\Program Files\Eset\nod32krn.exe
G:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\system32\wbem\wmiapsrv.exe
G:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
G:\Documents and Settings\Admin\Plocha\RSIT.exe
G:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "h:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "H:\Program Files\QIP Infium\infium.exe" /autorun /autorun /autorun /autorun /autorun
O4 - HKCU\..\Run: [KiesTrayAgent] H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "G:\DOCUME~1\Admin\LOCALS~1\Temp\E_S1190.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - G:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - G:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - G:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - H:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6705 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\1-Click Maintenance.job
G:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=G:\WINDOWS\RTHDCPL.EXE [2005-05-04 14396416]
"nod32kui"=G:\Program Files\Eset\nod32kui.exe [2009-08-26 949376]
"PWRISOVM.EXE"=H:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"Adobe ARM"=G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"NvCplDaemon"=G:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=G:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"KernelFaultCheck"=G:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=G:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DAEMON Tools Lite"=G:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"Steam"=h:\program files\steam\steam.exe [2010-08-24 1242448]
"Infium"=H:\Program Files\QIP Infium\infium.exe [2009-03-25 5245440]
"KiesTrayAgent"=H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600]
"EPSON SX110 Series"=G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3
"LightScribeService"=2
"gupdate"=2
"NMIndexingService"=3

G:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"RestrictRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"G:\WINDOWS\system32\PnkBstrA.exe"="G:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"G:\WINDOWS\system32\PnkBstrB.exe"="G:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\XBlades\xblades.exe"="H:\Program Files\XBlades\xblades.exe:*:Enabled:xblades.exe"
"H:\Program Files\XBlades\launcher.exe"="H:\Program Files\XBlades\launcher.exe:*:Enabled:launcher.exe"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
"H:\Program Files\Dragon Age\DAOriginsLauncher.exe"="H:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:${SafeProductName} ${FirewallName_Launcher}"
"H:\Program Files\Dragon Age\bin_ship\daorigins.exe"="H:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:${SafeProductName} ${FirewallName_Game}"
"H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:${SafeProductName} ${FirewallName_Updater}"
"H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe"="H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe:*:Enabled:Bionic Commando"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe:*:Enabled:Bionic Commando"
"G:\Program Files\Skype\Plugin Manager\skypePM.exe"="G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"G:\WINDOWS\system32\muzapp.exe"="G:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"G:\Documents and Settings\Admin\Plocha\PIC675799074533-JPG-www.facebook.com.exe"="G:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse"
"H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"G:\Program Files\Skype\Phone\Skype.exe"="G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-06 14:42:32 ----D---- G:\Program Files\trend micro
2010-09-06 14:42:31 ----D---- G:\rsit
2010-08-15 08:34:24 ----D---- G:\Program Files\Common Files\INCA Shared
2010-08-12 08:14:07 ----D---- G:\Documents and Settings\Admin\Data aplikací\OGREALMS
2010-08-11 02:29:05 ----D---- G:\Temp
2010-08-11 02:26:42 ----D---- G:\Program Files\AviSynth 2.5
2010-08-09 16:48:28 ----D---- G:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2010-08-09 16:48:16 ----A---- G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-09 16:48:15 ----D---- G:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-09 16:48:15 ----A---- G:\WINDOWS\system32\drivers\mbam.sys
2010-08-08 19:54:18 ----SHD---- G:\RECYCLER
2010-08-08 19:05:57 ----D---- G:\WINDOWS\temp
2010-08-08 18:56:57 ----D---- G:\WINDOWS\CSC
2010-08-08 13:35:21 ----D---- G:\Documents and Settings\Admin\Data aplikací\SPORE

======List of files/folders modified in the last 1 months======

2010-09-06 14:42:32 ----RD---- G:\Program Files
2010-09-06 14:41:17 ----D---- G:\Documents and Settings\Admin\Data aplikací\Skype
2010-09-06 14:40:53 ----D---- G:\WINDOWS\Prefetch
2010-09-06 14:40:28 ----D---- G:\WINDOWS
2010-09-06 14:40:20 ----SHD---- G:\System Volume Information
2010-09-06 14:40:20 ----D---- G:\WINDOWS\system32\Restore
2010-09-06 14:39:28 ----D---- G:\WINDOWS\system32\Lang
2010-09-06 14:37:59 ----A---- G:\WINDOWS\SchedLgU.Txt
2010-09-06 14:33:15 ----D---- G:\WINDOWS\Minidump
2010-09-06 10:18:20 ----D---- G:\Documents and Settings\Admin\Data aplikací\skypePM
2010-09-05 21:23:32 ----D---- G:\WINDOWS\system32
2010-09-05 11:00:49 ----D---- G:\WINDOWS\system32\CatRoot2
2010-09-03 18:18:30 ----D---- G:\Documents and Settings\Admin\Data aplikací\Mumble
2010-08-29 19:39:51 ----HD---- G:\Program Files\InstallShield Installation Information
2010-08-29 19:38:16 ----SHD---- G:\WINDOWS\Installer
2010-08-29 19:38:15 ----D---- G:\Config.Msi
2010-08-22 01:22:55 ----D---- G:\Program Files\Common Files\Adobe
2010-08-18 11:58:23 ----RSD---- G:\WINDOWS\Fonts
2010-08-15 09:55:27 ----D---- G:\WINDOWS\system32\drivers
2010-08-15 08:34:24 ----D---- G:\Program Files\Common Files
2010-08-14 12:59:23 ----D---- G:\Program Files\Common Files\BioWare
2010-08-11 01:55:22 ----A---- G:\WINDOWS\NeroDigital.ini
2010-08-08 19:04:19 ----A---- G:\WINDOWS\system.ini
2010-08-08 19:04:06 ----D---- G:\WINDOWS\system32\drivers\etc
2010-08-08 19:02:23 ----D---- G:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; G:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; G:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 iteraid;ITERAID_Service_Install; G:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-10-29 25067]
R0 PxHelp20;PxHelp20; G:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; G:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; G:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; G:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-26 15424]
R1 SbFw;SbFw; G:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; G:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; G:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; G:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; G:\WINDOWS\system32\drivers\amon.sys [2009-08-26 512096]
R3 BlueletAudio;Bluetooth Audio Service; G:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; G:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 dgderdrv;dgderdrv; G:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\G:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; G:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); G:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-04 2951680]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; G:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2006-03-27 26752]
R3 nv;nv; G:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 pcouffin;VSO Software pcouffin; G:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-29 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; G:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; G:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tap0901;TAP-Win32 Adapter V9; G:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-10-02 25984]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; G:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; G:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; G:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
S3 BT;Bluetooth PAN Network Adapter; G:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; G:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 hamachi;Hamachi Network Interface; G:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-26 25280]
S3 npkcrypt;npkcrypt; \??\H:\Program Files\Interlude\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\HRY\RO\npkycryp.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; G:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); G:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); G:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; G:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; G:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; G:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; G:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\H:\Program Files\Karaoke Deluxe\zlportio.sys []
S4 sptd;sptd; G:\WINDOWS\System32\Drivers\sptd.sys [2009-08-26 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 dgdersvc;Device Error Recovery Service; G:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 FsUsbExService;FsUsbExService; G:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 NOD32krn;NOD32 Kernel Service; G:\Program Files\Eset\nod32krn.exe [2009-08-26 552064]
R2 NVSvc;NVIDIA Display Driver Service; G:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; G:\WINDOWS\system32\PnkBstrA.exe [2009-10-09 66872]
R2 SbPF.Launcher;SbPF.Launcher; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UxTuneUp;TuneUp Theme Extension; G:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; G:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 SPF4;Sunbelt Personal Firewall 4; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; G:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 npggsvc;nProtect GameGuard Service; G:\WINDOWS\system32\GameMon.des [2009-10-11 3369044]
S3 OpenVPNService;OpenVPN Service; H:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-10-02 36352]
S3 ServiceLayer;ServiceLayer; G:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 gupdate;Služba Google Update (gupdate); G:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; G:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service; G:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-19 306432]

-----------------EOF-----------------

#12 Příspěvek od **Caroprd111** » 06 zář 2010 13:48

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"G:\Documents and Settings\Admin\Plocha\PIC675799074533-JPG-www.facebook.com.exe"=-

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

Jinak je log v pořádku.

Alfajk · #13 Příspěvek od **Alfajk** » 06 zář 2010 14:24

tak jsem to vlozil do registru...zajimalo by me,co je toto:
"G:\Documents and Settings\Admin\Plocha\PIC675799074533-JPG-www.facebook.com.exe"=-

a jak se to tam dostalo? ja facebook nemam,jen bratr ho obcas pouziva,navic bych nikdy nestahnul zadnej bordel "facebook.exe" a podle toho PIC-JPG to melo bejt asi nejakej radoby obrazek

a ten radek o firewallu je co? pouzivam kerio a zadna "zadost" o pripojeni nekam, uz dlouho nebyla

diky za kontrolu

#14 Příspěvek od **Caroprd111** » 06 zář 2010 14:39

G:\Documents and Settings\Admin\Plocha\PIC675799074533-JPG-www.facebook.com.exe

Tato cesta byla ve firewallu povolena a od tohoto souboru bylo PC nakaženo.

VIRY.CZ

Samovolna zmena homepage

Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage

Re: Samovolna zmena homepage