nodqq

Zpráva

subfocus · #1 Příspěvek od **subfocus** » 14 zář 2010 07:01

Dobry den, nasiel som si v services dve nezname veci jedna sa vola nodqq a druha apiqq hned som zacal googlit podla vsetkeho je to nejaky tip trojanu ale v tomto sa ja nevyznam a preto ziadam vas skusenejsich o pomoc!

Spravil som log z hijacktisu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:27, on 14. 9. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69FFC3E-24DF-4AB6-9D48-2E4EA1CCB8A2}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4065 bytes

#2 Příspěvek od **cernohous13** » 14 zář 2010 07:17

Zdravím,

ty máš poskytovatele připojení na Ukrajině?

Dej log RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

subfocus · #3 Příspěvek od **subfocus** » 14 zář 2010 07:33

cernohous13 píše:Zdravím,

ty máš poskytovatele připojení na Ukrajině?

Dej log RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=82743

Moje pripojenie je DSL od T-comu

___________________________________________________________________________________________
Logfile of random's system information tool 1.08 (written by random/random)
Run by fero at 2010-09-14 08:31:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (82%) free of 239 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:04, on 14. 9. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\fero\Desktop\RSIT.exe
C:\Program Files\trend micro\fero.exe

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69FFC3E-24DF-4AB6-9D48-2E4EA1CCB8A2}: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4266 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\api32]
C:\DOCUME~1\fero\LOCALS~1\Temp\apiqq.exe [2010-09-13 160768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-08-12 5829584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\gimli1991\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\gimli1991\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-14 08:31:58 ----D---- C:\rsit
2010-09-14 08:14:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-14 08:05:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-14 08:05:49 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-09-14 08:04:59 ----HDC---- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-14 08:04:34 ----D---- C:\Program Files\Lavasoft
2010-09-14 08:04:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-09-14 07:57:14 ----D---- C:\Program Files\Trend Micro
2010-09-13 19:51:56 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-13 19:51:14 ----D---- C:\Documents and Settings\fero\Application Data\Avira
2010-09-13 19:47:58 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-09-13 19:47:57 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-09-13 19:47:57 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-09-13 19:47:57 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-09-13 19:47:57 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-09-13 19:47:56 ----D---- C:\Program Files\Avira
2010-09-13 19:47:56 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-09-08 19:00:29 ----D---- C:\Documents and Settings\fero\Application Data\BSplayer Pro
2010-09-08 19:00:28 ----D---- C:\Program Files\Webteh
2010-09-05 20:32:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-09-05 19:41:28 ----D---- C:\Documents and Settings\fero\Application Data\Opera
2010-09-05 19:41:19 ----D---- C:\Program Files\Opera
2010-09-04 12:45:32 ----D---- C:\Documents and Settings\fero\Application Data\DivX
2010-09-04 12:44:10 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-09-01 15:45:57 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-01 15:42:18 ----D---- C:\Program Files\DivX
2010-09-01 15:40:41 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-09-01 10:55:44 ----D---- C:\Program Files\Steam
2010-09-01 10:45:16 ----D---- C:\WINDOWS\system32\appmgmt
2010-08-27 22:12:03 ----D---- C:\totalcmd
2010-08-27 22:12:03 ----D---- C:\Documents and Settings\fero\Application Data\GHISLER
2010-08-27 22:12:03 ----A---- C:\WINDOWS\UC.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\RAR.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\PKZIP.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\LHA.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\ARJ.PIF
2010-08-25 15:24:53 ----D---- C:\Program Files\InstallShield Installation Information
2010-08-25 15:24:45 ----A---- C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2010-08-25 15:24:23 ----D---- C:\Program Files\Common Files\InstallShield
2010-08-21 11:34:16 ----D---- C:\Program Files\uTorrent
2010-08-21 11:33:59 ----D---- C:\Documents and Settings\fero\Application Data\uTorrent
2010-08-20 16:06:11 ----D---- C:\WINDOWS\Minidump
2010-08-19 09:32:50 ----D---- C:\Documents and Settings\fero\Application Data\skypePM
2010-08-19 09:32:25 ----D---- C:\Documents and Settings\fero\Application Data\Skype
2010-08-19 09:30:55 ----D---- C:\Program Files\Common Files\Skype
2010-08-19 09:30:54 ----RD---- C:\Program Files\Skype
2010-08-19 09:30:30 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-08-17 22:36:41 ----D---- C:\veci
2010-08-17 22:30:53 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-17 18:04:52 ----A---- C:\WINDOWS\system32\drivers\el90xnd5.sys
2010-08-17 15:45:01 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2010-08-17 15:44:57 ----D---- C:\WINDOWS\system32\Lang
2010-08-17 13:36:41 ----D---- C:\WINDOWS\pss
2010-08-16 15:26:58 ----N---- C:\WINDOWS\system32\drivers\imagesrv.sys
2010-08-16 15:26:58 ----N---- C:\WINDOWS\system32\drivers\imagedrv.sys
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-08-16 15:26:43 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-08-16 15:26:42 ----D---- C:\Program Files\Common Files\Ahead
2010-08-16 15:26:42 ----D---- C:\Program Files\Ahead
2010-08-16 15:26:42 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-08-16 14:57:35 ----D---- C:\Documents and Settings\fero\Application Data\Media Player Classic
2010-08-16 14:57:16 ----A---- C:\WINDOWS\system32\unrar.dll
2010-08-16 14:57:16 ----A---- C:\WINDOWS\avisplitter.ini
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-08-16 14:57:13 ----D---- C:\Program Files\K-Lite Codec Pack
2010-08-16 14:47:26 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-08-15 16:50:45 ----A---- C:\WINDOWS\system32\WMErrSKY.dll
2010-08-15 16:50:44 ----D---- C:\WINDOWS\system32\1051

======List of files/folders modified in the last 1 months======

2010-09-14 08:32:04 ----D---- C:\WINDOWS\Prefetch
2010-09-14 08:31:43 ----SHD---- C:\System Volume Information
2010-09-14 08:31:19 ----D---- C:\WINDOWS\Registration
2010-09-14 08:30:38 ----SD---- C:\WINDOWS\Tasks
2010-09-14 08:29:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-14 08:29:34 ----D---- C:\WINDOWS\Temp
2010-09-14 08:29:26 ----D---- C:\WINDOWS
2010-09-14 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-14 08:07:18 ----D---- C:\WINDOWS\system32
2010-09-14 08:05:51 ----HD---- C:\WINDOWS\inf
2010-09-14 08:05:51 ----D---- C:\WINDOWS\system32\drivers
2010-09-14 08:04:59 ----SHD---- C:\WINDOWS\Installer
2010-09-14 08:04:34 ----RD---- C:\Program Files
2010-09-14 08:04:30 ----D---- C:\WINDOWS\WinSxS
2010-09-14 07:57:14 ----SD---- C:\Documents and Settings\fero\Application Data\Microsoft
2010-09-13 19:51:56 ----D---- C:\WINDOWS\repair
2010-09-13 19:47:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-13 19:34:24 ----SH---- C:\boot.ini
2010-09-13 19:34:24 ----A---- C:\WINDOWS\win.ini
2010-09-13 19:34:24 ----A---- C:\WINDOWS\system.ini
2010-09-05 20:32:25 ----D---- C:\Program Files\Google
2010-09-01 15:45:57 ----D---- C:\Program Files\Common Files
2010-09-01 11:06:09 ----D---- C:\Program Files\World of Warcraft
2010-08-24 13:35:33 ----D---- C:\Documents and Settings\fero\Application Data\Ventrilo
2010-08-23 15:20:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-15 16:53:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-15 16:52:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-15 16:52:16 ----D---- C:\WINDOWS\mui
2010-08-15 16:51:52 ----D---- C:\WINDOWS\system32\wbem
2010-08-15 16:50:52 ----D---- C:\WINDOWS\pchealth
2010-08-15 16:50:52 ----D---- C:\WINDOWS\Help
2010-08-15 16:50:45 ----D---- C:\Program Files\Windows Media Player
2010-08-15 16:50:36 ----D---- C:\WINDOWS\system32\oobe
2010-08-15 16:50:35 ----RD---- C:\WINDOWS\Web
2010-08-15 16:50:35 ----D---- C:\Program Files\Common Files\System
2010-08-15 16:50:33 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-15 16:50:33 ----D---- C:\WINDOWS\AppPatch
2010-08-15 16:50:33 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xnd5.sys [2001-08-17 153631]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
S3 RTL8023xp;Tenda TEL9901G Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74240]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2010-09-14 08:32:05

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
K-Lite Codec Pack 6.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Opera 10.62-->MsiExec.exe /X{18E65799-76BD-46EF-9E53-972FE5A40736}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VentriloMIX-->C:\Program Files\VentriloMIX\Uninstal.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ZERO
Event Code: 36
Message: Služba casu nebola schopná zosynchronizovat systémový cas
pocas 49152 sekúnd, pretože žiadny poskytovatel casu nebol schopný
poskytnút použitelnú casovú známku. Systémové hodiny sú nesynchrónne.

Record Number: 113
Source Name: W32Time
Time Written: 20100814171908.000000-420
Event Type: warning
User:

Computer Name: ZERO
Event Code: 4226
Message: Protokol TCP/IP dosiahol bezpecnostný limit stanovený pre pocet pokusov o pripojenie TCP.

Record Number: 112
Source Name: Tcpip
Time Written: 20100814162326.000000-420
Event Type: warning
User:

Computer Name: ZERO
Event Code: 4226
Message: Protokol TCP/IP dosiahol bezpecnostný limit stanovený pre pocet pokusov o pripojenie TCP.

Record Number: 105
Source Name: Tcpip
Time Written: 20100814152844.000000-420
Event Type: warning
User:

Computer Name: ZERO
Event Code: 4226
Message: Protokol TCP/IP dosiahol bezpecnostný limit stanovený pre pocet pokusov o pripojenie TCP.

Record Number: 66
Source Name: Tcpip
Time Written: 20100814034214.000000-420
Event Type: warning
User:

Computer Name: ZERO
Event Code: 7
Message: Zariadenie \Device\CdRom0 má chybný blok.

Record Number: 27
Source Name: Cdrom
Time Written: 20100814132338.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: ZERO
Event Code: 5603
Message: Poskytovatel Rsop Planning Mode Provider bol zaregistrovaný v priestore názvov root\RSOP služby WMI, neurcil však vlastnost HostingModel. Tento poskytovatel sa spustí pomocou konta LocalSystem. Toto konto je privilegované a poskytovatel môže zaprícinit narušenie zabezpecenia, ak správne nezosobní požiadavky používatelov. Uistite, že správanie poskytovatela bolo z hladiska zabezpecenia skontrolované a aktualizujte vlastnost HostingModel registrácie poskytovatela na konto s najnižšími možnými oprávneniami, ktoré negatívne neovplyvnia požadovanú funkcnost.

Record Number: 15
Source Name: WinMgmt
Time Written: 20100814131517.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ZERO
Event Code: 5603
Message: Poskytovatel Rsop Planning Mode Provider bol zaregistrovaný v priestore názvov root\RSOP služby WMI, neurcil však vlastnost HostingModel. Tento poskytovatel sa spustí pomocou konta LocalSystem. Toto konto je privilegované a poskytovatel môže zaprícinit narušenie zabezpecenia, ak správne nezosobní požiadavky používatelov. Uistite, že správanie poskytovatela bolo z hladiska zabezpecenia skontrolované a aktualizujte vlastnost HostingModel registrácie poskytovatela na konto s najnižšími možnými oprávneniami, ktoré negatívne neovplyvnia požadovanú funkcnost.

Record Number: 14
Source Name: WinMgmt
Time Written: 20100814131516.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ZERO
Event Code: 63
Message: Poskytovatel CmdTriggerConsumer bol zaregistrovaný v priestore názvov Root\cimv2 služby WMI na použitie konta LocalSystem. Toto konto je privilegované a poskytovatel môže nesprávnym zosobnením požiadaviek používatelov spôsobit porušenie zabezpecenia.

Record Number: 13
Source Name: WinMgmt
Time Written: 20100814131516.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ZERO
Event Code: 63
Message: Poskytovatel CmdTriggerConsumer bol zaregistrovaný v priestore názvov Root\cimv2 služby WMI na použitie konta LocalSystem. Toto konto je privilegované a poskytovatel môže nesprávnym zosobnením požiadaviek používatelov spôsobit porušenie zabezpecenia.

Record Number: 12
Source Name: WinMgmt
Time Written: 20100814131516.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ZERO
Event Code: 63
Message: Poskytovatel HiPerfCooker_v1 bol zaregistrovaný v priestore názvov Root\WMI služby WMI na použitie konta LocalSystem. Toto konto je privilegované a poskytovatel môže nesprávnym zosobnením požiadaviek používatelov spôsobit porušenie zabezpecenia.

Record Number: 11
Source Name: WinMgmt
Time Written: 20100814131514.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 Příspěvek od **cernohous13** » 14 zář 2010 11:10

Stáhni OTM z odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe nebo
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“
Do své odpovědi vlož obsah zeleného okna
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

OTMscript

Kód: Vybrat vše

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D69FFC3E-24DF-4AB6-9D48-2E4EA1CCB8A2}]
"nameserver"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"nameserver"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\api32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32]

:Files
C:\Documents and Settings\fero\Local Settings\Temp\apiqq.exe

Možná budeš muset znovu nastavit parametry připojení podle svého poskytovatele

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole zkopíruj:

C:\WINDOWS\system32\drivers\ssmdrv.sys

"Odeslat soubor" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/39
Do fóra zkopíruj výsledný log. nebo link na stránku.

totéž se souborem:
C:\WINDOWS\system32\drivers\avipbb.sys

Měly by patřit Aviře, ale už byly někde i infikovány

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Skener" > Provést rychlý sken > Skenovat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

subfocus · #5 Příspěvek od **subfocus** » 14 zář 2010 17:24

Takze dakujem za pomoc

Log z OTM po dokonceni nechcelo po mne restart dal som rucny.

Kód: Vybrat vše

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D69FFC3E-24DF-4AB6-9D48-2E4EA1CCB8A2}\\"nameserver"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\"nameserver"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\api32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\fero\Local Settings\Temp\apiqq.exe moved successfully.
 
OTM by OldTimer - Version 3.1.16.0 log created on 09142010_180557

Odkas ku C:\WINDOWS\system32\drivers\ssmdrv.sys

Kód: Vybrat vše

http://www.virustotal.com/file-scan/report.html?id=224cfed921ea230ff8025d259e34968fd2c0fd34bb3a918fb4b9b8ba42bea5d3-1284481315

C:\WINDOWS\system32\drivers\avipbb.sys

Kód: Vybrat vše

http://www.virustotal.com/file-scan/report.html?id=44a4c22027634a87adcbb1a4a1c104b4246ac296b054942ec604740cb3fb8a66-1284481414

Program MBAM mi nejde otvorit nechapem preco

#6 Příspěvek od **cernohous13** » 14 zář 2010 18:27

Stáhni ComboFix zde: http://www.bleepingcomputer.com/downloa ... s/combofix
Ulož ho přejmenovaný jako "zmije.com" na plochu

návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix

pokud by nešel podle návodu, tak restart no nouzového režimu s prací v síti (F8) - spustit - log sem zkopíruj

subfocus · #7 Příspěvek od **subfocus** » 14 zář 2010 19:19

Kód: Vybrat vše

ComboFix 10-09-14.01 - fero . 09. 2010  20:15:11.1.1 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.803 [GMT -7:00]
Running from: c:\documents and settings\fero\Desktop\zmije.com.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected 
Restored copy from - Kitty had a snack :p 
.
(((((((((((((((((((((((((   Files Created from 2010-08-15 to 2010-09-15  )))))))))))))))))))))))))))))))
.

2010-09-15 01:15 . 2010-09-15 01:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-15 01:05 . 2010-09-15 01:05	--------	d-----w-	C:\_OTM
2010-09-15 00:23 . 2008-04-14 07:09	5504	----a-w-	c:\windows\system32\drivers\MSTEE.sys
2010-09-15 00:23 . 2008-04-14 07:16	10880	----a-w-	c:\windows\system32\drivers\NdisIP.sys
2010-09-15 00:23 . 2008-04-14 07:16	15232	----a-w-	c:\windows\system32\drivers\StreamIP.sys
2010-09-15 00:23 . 2008-04-14 07:16	11136	----a-w-	c:\windows\system32\drivers\SLIP.sys
2010-09-15 00:23 . 2008-04-14 07:16	19200	----a-w-	c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-15 00:22 . 2008-04-14 07:16	85248	----a-w-	c:\windows\system32\drivers\NABTSFEC.sys
2010-09-15 00:22 . 2008-04-14 07:16	17024	----a-w-	c:\windows\system32\drivers\CCDECODE.sys
2010-09-15 00:22 . 2008-04-14 12:42	53760	----a-w-	c:\windows\system32\vfwwdm32.dll
2010-09-15 00:18 . 2007-02-10 22:40	20480	----a-w-	c:\windows\FixCamera.exe
2010-09-15 00:18 . 2006-07-03 17:31	94208	----a-w-	c:\windows\amcap.exe
2010-09-15 00:18 . 2006-10-10 21:11	827392	----a-w-	c:\windows\vsnp325.exe
2010-09-15 00:18 . 2006-10-10 22:49	270336	----a-w-	c:\windows\tsnp325.exe
2010-09-15 00:18 . 2007-01-27 16:56	10242176	----a-w-	c:\windows\system32\drivers\snp325.sys
2010-09-15 00:18 . 2010-09-15 00:18	--------	d-----w-	c:\program files\Common Files\snp325
2010-09-15 00:18 . 2006-08-28 18:53	57344	----a-w-	c:\windows\system32\vsnp325.dll
2010-09-15 00:18 . 2006-04-12 19:11	147456	----a-w-	c:\windows\system32\rsnp325.dll
2010-09-15 00:18 . 2005-11-23 20:55	53248	----a-w-	c:\windows\system32\csnp325.dll
2010-09-15 00:18 . 2010-09-15 00:18	--------	d-----w-	c:\documents and settings\fero\Application Data\InstallShield
2010-09-14 15:31 . 2010-09-14 15:32	--------	d-----w-	C:\rsit
2010-09-14 15:05 . 2010-09-14 15:35	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-14 15:04 . 2010-09-14 15:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-14 14:57 . 2010-09-14 15:32	--------	d-----w-	c:\program files\Trend Micro
2010-09-14 02:51 . 2010-09-14 02:51	--------	d-----w-	c:\windows\system32\NtmsData
2010-09-09 02:00 . 2010-09-09 02:03	--------	d-----w-	c:\documents and settings\fero\Application Data\BSplayer Pro
2010-09-09 02:00 . 2010-09-09 02:00	--------	d-----w-	c:\program files\Webteh
2010-09-06 02:41 . 2010-09-06 02:41	--------	d-----w-	c:\documents and settings\fero\Local Settings\Application Data\Opera
2010-09-06 02:41 . 2010-09-12 23:22	--------	d-----w-	c:\program files\Opera
2010-09-04 22:24 . 2010-09-04 22:24	--------	d-----w-	c:\documents and settings\fero\Local Settings\Application Data\WMTools Downloaded Files
2010-09-04 19:45 . 2010-09-04 19:45	--------	d-----w-	c:\documents and settings\fero\Application Data\DivX
2010-09-04 19:44 . 2008-04-14 07:15	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2010-09-01 22:45 . 2010-09-01 22:45	56969	----a-w-	c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-09-01 22:42 . 2010-09-01 22:46	--------	d-----w-	c:\program files\DivX
2010-09-01 22:41 . 2010-09-01 22:41	144696	----a-w-	c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-01 22:40 . 2010-09-01 22:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\DivX
2010-09-01 17:55 . 2010-09-15 02:21	--------	d-----w-	c:\program files\Steam
2010-08-28 05:12 . 2010-08-28 05:12	--------	d-----w-	c:\documents and settings\fero\Local Settings\Application Data\GHISLER
2010-08-28 05:12 . 2010-08-28 05:12	--------	d-----w-	C:\totalcmd
2010-08-28 05:12 . 2010-08-28 05:12	--------	d-----w-	c:\documents and settings\fero\Application Data\GHISLER
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\UC.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\RAR.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\PKZIP.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\PKUNZIP.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\NOCLOSE.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\LHA.PIF
2010-08-28 05:12 . 2010-07-07 14:55	545	----a-w-	c:\windows\ARJ.PIF
2010-08-28 00:25 . 2010-08-28 00:25	--------	d-----w-	c:\documents and settings\fero\Local Settings\Application Data\Ahead
2010-08-25 22:24 . 2010-09-15 00:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-25 22:24 . 2005-03-04 18:10	74240	----a-w-	c:\windows\system32\drivers\Rtlnicxp.sys
2010-08-25 22:24 . 2010-08-25 22:24	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-21 18:38 . 2010-08-21 18:38	--------	d-----w-	c:\documents and settings\fero\Local Settings\Application Data\Identities
2010-08-21 18:34 . 2010-08-21 18:34	--------	d-----w-	c:\program files\uTorrent
2010-08-21 18:33 . 2010-09-12 18:19	--------	d-----w-	c:\documents and settings\fero\Application Data\uTorrent
2010-08-19 16:32 . 2010-08-19 16:32	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-08-19 16:32 . 2010-09-15 00:20	--------	d-----w-	c:\documents and settings\fero\Application Data\skypePM
2010-08-19 16:32 . 2010-09-15 01:02	--------	d-----w-	c:\documents and settings\fero\Application Data\Skype
2010-08-19 16:30 . 2010-08-19 16:30	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-19 16:30 . 2010-08-19 16:31	--------	d-----r-	c:\program files\Skype
2010-08-19 16:30 . 2010-08-19 16:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-08-18 05:36 . 2010-08-18 05:36	--------	d-----w-	C:\veci
2010-08-18 01:04 . 2001-08-17 19:11	153631	----a-w-	c:\windows\system32\drivers\el90xnd5.sys
2010-08-17 22:45 . 2010-08-17 22:45	60416	----a-w-	c:\windows\ALCFDRTM.EXE
2010-08-17 22:44 . 2010-08-17 22:44	--------	d-----w-	c:\windows\system32\Lang
2010-08-16 22:26 . 2005-09-01 19:03	5888	------w-	c:\windows\system32\drivers\imagedrv.sys
2010-08-16 22:26 . 2005-09-01 19:03	127488	------w-	c:\windows\system32\drivers\imagesrv.sys
2010-08-16 22:26 . 2004-07-27 00:16	476320	------w-	c:\windows\system32\ImagXpr7.dll
2010-08-16 22:26 . 2004-07-27 00:16	471040	------w-	c:\windows\system32\ImagXRA7.dll
2010-08-16 22:26 . 2004-07-27 00:16	262144	------w-	c:\windows\system32\ImagXR7.dll
2010-08-16 22:26 . 2004-07-27 00:16	1568768	------w-	c:\windows\system32\ImagX7.dll
2010-08-16 22:26 . 2004-07-09 16:43	364544	------w-	c:\windows\system32\TwnLib4.dll
2010-08-16 22:26 . 2000-06-26 18:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll
2010-08-16 22:26 . 2010-08-16 22:26	--------	d-----w-	c:\program files\Ahead
2010-08-16 22:26 . 2010-08-16 22:26	--------	d-----w-	c:\program files\Common Files\Ahead
2010-08-16 22:26 . 2006-01-12 23:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe
2010-08-16 21:57 . 2010-08-16 21:57	--------	d-----w-	c:\documents and settings\fero\Application Data\Media Player Classic
2010-08-16 21:57 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-08-16 21:57 . 2010-07-14 08:00	108032	----a-w-	c:\windows\system32\ff_vfw.dll
2010-08-16 21:57 . 2010-06-08 16:10	790528	----a-w-	c:\windows\system32\xvidcore.dll
2010-08-16 21:57 . 2010-06-08 16:10	134144	----a-w-	c:\windows\system32\xvidvfw.dll
2010-08-16 21:57 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2010-08-16 21:57 . 2010-08-16 21:57	--------	d-----w-	c:\program files\K-Lite Codec Pack

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 03:32 . 2010-08-14 10:26	--------	d-----w-	c:\program files\Google
2010-09-01 18:06 . 2010-08-14 10:40	--------	d-----w-	c:\program files\World of Warcraft
2010-08-27 03:43 . 2010-08-14 10:38	232984	----a-w-	c:\windows\system32\nvdrsdb0.bin
2010-08-27 03:43 . 2010-08-14 10:38	232984	----a-w-	c:\windows\system32\nvdrsdb1.bin
2010-08-27 03:43 . 2010-08-14 10:38	1	----a-w-	c:\windows\system32\nvdrssel.bin
2010-08-24 20:35 . 2010-08-14 20:21	--------	d-----w-	c:\documents and settings\fero\Application Data\Ventrilo
2010-08-15 23:51 . 2010-08-14 20:17	5322	----a-w-	c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-08-15 23:51 . 2010-08-14 20:17	166455	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-14 23:22 . 2010-08-14 22:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-14 21:16 . 2010-08-14 21:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard
2010-08-14 20:21 . 2010-08-14 20:21	--------	d-----w-	c:\program files\VentriloMIX
2010-08-14 20:19 . 2008-04-13 23:15	143872	----a-w-	c:\windows\system32\drivers\usbport.sys
2010-08-14 20:19 . 2010-08-14 20:19	55808	----a-w-	c:\windows\devcon.exe
2010-08-14 20:18 . 2010-08-14 20:18	--------	d-----w-	c:\program files\microsoft frontpage
2010-08-14 20:17 . 2010-08-14 20:17	8738	----a-w-	c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-08-14 20:15 . 2010-08-14 20:15	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2010-08-14 20:11 . 2010-08-14 10:40	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-08-14 19:53 . 2010-08-14 19:53	--------	d-----w-	c:\documents and settings\fero\Application Data\QIP
2010-08-14 19:52 . 2010-08-14 19:52	--------	d-----w-	c:\program files\QIP 2010
2010-08-14 10:40 . 2010-08-14 10:40	12328	----a-w-	c:\documents and settings\fero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 10:38 . 2010-08-14 10:37	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-14 10:38 . 2010-08-14 10:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-09 23:24 . 2010-07-09 23:24	81920	----a-w-	c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24	277608	----a-w-	c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24	110696	----a-w-	c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24	155752	----a-w-	c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24	145000	----a-w-	c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24	13923432	----a-w-	c:\windows\system32\nvcpl.dll
2010-07-09 22:38 . 2010-08-14 10:37	61440	----a-w-	c:\windows\system32\OpenCL.dll
2010-07-09 22:38 . 2010-08-14 10:37	13549568	----a-w-	c:\windows\system32\nvoglnt.dll
2010-07-09 22:38 . 2010-08-14 10:37	10604128	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-08-14 10:37	6343040	----a-w-	c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2010-08-14 10:37	4595712	----a-w-	c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2010-08-14 10:37	2914408	----a-w-	c:\windows\system32\nvcuvid.dll
2010-07-09 22:38 . 2010-08-14 10:37	2506344	----a-w-	c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38 . 2010-08-14 10:37	236136	----a-w-	c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2010-08-14 10:37	236136	----a-w-	c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2010-08-14 10:37	2195030	----a-w-	c:\windows\system32\nvdata.bin
2010-07-09 22:38 . 2010-08-14 10:37	1388544	----a-w-	c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2010-08-14 10:37	10260480	----a-w-	c:\windows\system32\nvcompiler.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 22:40	20480	----a-w-	c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-08-13 00:28	5829584	----a-w-	c:\program files\QIP 2010\qip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 23:12	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2006-10-10 21:11	827392	----a-w-	c:\windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20	77824	----a-r-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2006-10-10 22:49	270336	----a-w-	c:\windows\tsnp325.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\gimli1991\\counter-strike\\hl.exe"=

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [14. 9. 2010 17:18 10242176]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 20:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-09-14  20:19:03
ComboFix-quarantined-files.txt  2010-09-15 03:19

Pre-Run: 205 128 052 736 bytes free
Post-Run: 205 167 017 984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6A44681DFBF380A0B6EF37A9395E1D57

#8 Příspěvek od **cernohous13** » 15 zář 2010 07:09

prosím - logy vkládej jako prostý text (nevkládej do code) - je to nezvyk a špatně se to čte

zkusíme ještě jeden scan

stáhneš speciální verzi G-Mer
Special
- ulož na plochu a spusť -> proběhne krátký scan
(když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<)
- druhý scan nastavíš takto

>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

zkus znovu MBAM

Jsou ještě nějaké problémy?

subfocus · #9 Příspěvek od **subfocus** » 15 zář 2010 08:02

Takze program gmer po dokonceni scanu som stlacil save ulozil log ale je prazdny

Tu je log z MBAM ten uz isiel.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4618

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15. 9. 2010 9:00:58
mbam-log-2010-09-15 (09-00-58).txt

Typ skenu: Rychlý sken
Skenované objekty: 123355
Uplynulý èas: 3 minuta(y), 43 sekunda(y)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištìny)

#10 Příspěvek od **cernohous13** » 15 zář 2010 08:40

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Nakonec mi dej současný RSIT log

subfocus · #11 Příspěvek od **subfocus** » 15 zář 2010 09:04

RSIT LOG:

Logfile of random's system information tool 1.08 (written by random/random)
Run by fero at 2010-09-15 10:03:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 196 GB (82%) free of 239 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:35, on 15. 9. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\fero\Desktop\RSIT.exe
C:\Program Files\trend micro\fero.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3360 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-02-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-08-12 5829584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\WINDOWS\vsnp325.exe [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\WINDOWS\tsnp325.exe [2006-10-10 270336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\gimli1991\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\gimli1991\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-15 10:03:31 ----D---- C:\rsit
2010-09-15 10:00:30 ----D---- C:\Program Files\CCleaner
2010-09-15 08:47:02 ----SHD---- C:\RECYCLER
2010-09-15 08:42:05 ----D---- C:\Documents and Settings\fero\Application Data\Malwarebytes
2010-09-15 08:41:54 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-15 08:41:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-15 08:41:53 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-14 20:19:04 ----D---- C:\WINDOWS\temp
2010-09-14 20:11:30 ----A---- C:\Boot.bak
2010-09-14 20:11:26 ----RASHD---- C:\cmdcons
2010-09-14 20:08:41 ----D---- C:\WINDOWS\ERDNT
2010-09-14 18:15:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-14 17:23:45 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2010-09-14 17:23:38 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2010-09-14 17:23:34 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2010-09-14 17:23:14 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2010-09-14 17:23:09 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2010-09-14 17:22:56 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2010-09-14 17:22:45 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2010-09-14 17:22:15 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-09-14 17:18:52 ----A---- C:\WINDOWS\FixCamera.exe
2010-09-14 17:18:52 ----A---- C:\WINDOWS\amcap.exe
2010-09-14 17:18:49 ----A---- C:\WINDOWS\vsnp325.exe
2010-09-14 17:18:47 ----A---- C:\WINDOWS\tsnp325.exe
2010-09-14 17:18:47 ----A---- C:\WINDOWS\snp325.ini
2010-09-14 17:18:46 ----A---- C:\WINDOWS\system32\drivers\snp325.sys
2010-09-14 17:18:44 ----D---- C:\Program Files\Common Files\snp325
2010-09-14 17:18:44 ----A---- C:\WINDOWS\system32\vsnp325.dll
2010-09-14 17:18:44 ----A---- C:\WINDOWS\system32\rsnp325.dll
2010-09-14 17:18:44 ----A---- C:\WINDOWS\system32\csnp325.dll
2010-09-14 17:18:36 ----D---- C:\Documents and Settings\fero\Application Data\InstallShield
2010-09-14 08:05:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-14 08:04:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-09-14 07:57:14 ----D---- C:\Program Files\Trend Micro
2010-09-13 19:51:56 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-08 19:00:29 ----D---- C:\Documents and Settings\fero\Application Data\BSplayer Pro
2010-09-08 19:00:28 ----D---- C:\Program Files\Webteh
2010-09-05 20:32:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-09-05 19:41:28 ----D---- C:\Documents and Settings\fero\Application Data\Opera
2010-09-05 19:41:19 ----D---- C:\Program Files\Opera
2010-09-04 12:45:32 ----D---- C:\Documents and Settings\fero\Application Data\DivX
2010-09-04 12:44:10 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2010-09-01 15:45:57 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-01 15:42:18 ----D---- C:\Program Files\DivX
2010-09-01 15:40:41 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-09-01 10:55:44 ----D---- C:\Program Files\Steam
2010-09-01 10:45:16 ----D---- C:\WINDOWS\system32\appmgmt
2010-08-27 22:12:03 ----D---- C:\totalcmd
2010-08-27 22:12:03 ----D---- C:\Documents and Settings\fero\Application Data\GHISLER
2010-08-27 22:12:03 ----A---- C:\WINDOWS\UC.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\RAR.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\PKZIP.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\PKUNZIP.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\NOCLOSE.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\LHA.PIF
2010-08-27 22:12:03 ----A---- C:\WINDOWS\ARJ.PIF
2010-08-25 15:24:53 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 15:24:45 ----A---- C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2010-08-25 15:24:23 ----D---- C:\Program Files\Common Files\InstallShield
2010-08-21 11:34:16 ----D---- C:\Program Files\uTorrent
2010-08-21 11:33:59 ----D---- C:\Documents and Settings\fero\Application Data\uTorrent
2010-08-20 16:06:11 ----D---- C:\WINDOWS\Minidump
2010-08-19 09:32:50 ----D---- C:\Documents and Settings\fero\Application Data\skypePM
2010-08-19 09:32:25 ----D---- C:\Documents and Settings\fero\Application Data\Skype
2010-08-19 09:30:55 ----D---- C:\Program Files\Common Files\Skype
2010-08-19 09:30:54 ----RD---- C:\Program Files\Skype
2010-08-19 09:30:30 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-08-17 22:36:41 ----D---- C:\veci
2010-08-17 22:30:53 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-17 18:04:52 ----A---- C:\WINDOWS\system32\drivers\el90xnd5.sys
2010-08-17 15:45:01 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2010-08-17 15:44:57 ----D---- C:\WINDOWS\system32\Lang
2010-08-17 13:36:41 ----D---- C:\WINDOWS\pss
2010-08-16 15:26:58 ----N---- C:\WINDOWS\system32\drivers\imagesrv.sys
2010-08-16 15:26:58 ----N---- C:\WINDOWS\system32\drivers\imagedrv.sys
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2010-08-16 15:26:43 ----N---- C:\WINDOWS\system32\ImagX7.dll
2010-08-16 15:26:43 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-08-16 15:26:42 ----D---- C:\Program Files\Common Files\Ahead
2010-08-16 15:26:42 ----D---- C:\Program Files\Ahead
2010-08-16 15:26:42 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-08-16 14:57:35 ----D---- C:\Documents and Settings\fero\Application Data\Media Player Classic
2010-08-16 14:57:16 ----A---- C:\WINDOWS\system32\unrar.dll
2010-08-16 14:57:16 ----A---- C:\WINDOWS\avisplitter.ini
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-08-16 14:57:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-08-16 14:57:13 ----D---- C:\Program Files\K-Lite Codec Pack
2010-08-16 14:47:26 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS

======List of files/folders modified in the last 1 months======

2010-09-15 10:00:58 ----D---- C:\WINDOWS\Debug
2010-09-15 10:00:58 ----D---- C:\WINDOWS
2010-09-15 10:00:30 ----RD---- C:\Program Files
2010-09-15 09:57:48 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-15 09:55:49 ----D---- C:\WINDOWS\system32
2010-09-15 08:41:54 ----D---- C:\WINDOWS\system32\drivers
2010-09-14 20:18:42 ----SD---- C:\WINDOWS\Tasks
2010-09-14 20:18:06 ----A---- C:\WINDOWS\system.ini
2010-09-14 20:18:01 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-14 20:17:00 ----D---- C:\WINDOWS\AppPatch
2010-09-14 20:16:57 ----D---- C:\Program Files\Common Files
2010-09-14 20:15:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-14 20:11:31 ----RASH---- C:\boot.ini
2010-09-14 18:18:55 ----A---- C:\WINDOWS\win.ini
2010-09-14 18:02:33 ----D---- C:\WINDOWS\security
2010-09-14 17:19:24 ----HD---- C:\WINDOWS\inf
2010-09-14 17:19:05 ----D---- C:\WINDOWS\Prefetch
2010-09-14 17:18:47 ----D---- C:\WINDOWS\twain_32
2010-09-14 08:36:15 ----SHD---- C:\WINDOWS\Installer
2010-09-14 08:36:15 ----SD---- C:\Documents and Settings\fero\Application Data\Microsoft
2010-09-14 08:31:43 ----SHD---- C:\System Volume Information
2010-09-14 08:31:19 ----D---- C:\WINDOWS\Registration
2010-09-14 08:04:30 ----D---- C:\WINDOWS\WinSxS
2010-09-13 19:51:56 ----D---- C:\WINDOWS\repair
2010-09-13 19:47:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-05 20:32:25 ----D---- C:\Program Files\Google
2010-09-01 11:06:09 ----D---- C:\Program Files\World of Warcraft
2010-08-24 13:35:33 ----D---- C:\Documents and Settings\fero\Application Data\Ventrilo
2010-08-23 15:20:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xnd5.sys [2001-08-17 153631]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
S3 RTL8023xp;Tenda TEL9901G Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 10242176]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------

#12 Příspěvek od **cernohous13** » 15 zář 2010 09:27

Nevidím nic nebezpečného, tak snad hotovo

subfocus · #13 Příspěvek od **subfocus** » 15 zář 2010 09:31

Dakujem za pomoc a Vas cas!
Este by som sa chcel opytat na antivirus a odporucenie nejakeho.

#14 Příspěvek od **cernohous13** » 15 zář 2010 09:38

v současnosti doporučujeme free Avast5 a Aviru

víc informací zde http://www.viry.cz/forum/viewforum.php?f=29

vyber a vyzkoušej - někdy si programy nesednou a nastane konflikt, pak je potřeba vyzkoušet jiné

VIRY.CZ

nodqq

nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq

Re: nodqq