Systém se hroutí, prosím o radu

Zpráva

notasss · #1 Příspěvek od **notasss** » 15 pro 2010 12:59

Po zapnutí PC (winXP) na mě vyskočila hláška "Aktuální nastavení zabezpečení zakazuje spouštět objekty activeX na této stránce", a to jsem ještě ani nezapnul prohlížeč. Stránky se mi načítají 1 kb/sec, stahování jede normálně 25 mega. Když spustim KMplayer, ať chci přehrát jakýkoli videosoubor, otevře se mi v něm 3 roky stará empetrojka. A aby toho nebylo málo, avira mi hlásí nějaký malware, který nezná ani google. Tuší někdo, co se mohlo stát a jak se to dá spravit?

Jo, a zapnul jsem virtul PC, a tam to všechno funguje bez problému.

#2 Příspěvek od **motji** » 15 pro 2010 14:10

Hezké odpoledne

Co Vám antivir hlásí?
Zkuste nabootovat do nouzového režimu a vložit log ze Rsitu, viz můj podpis.

notasss · #3 Příspěvek od **notasss** » 15 pro 2010 14:54

Logfile of random's system information tool 1.08 (written by random/random)
Run by Fl at 2010-12-15 13:48:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 615 MB (3%) free of 20 GB
Total RAM: 1022 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:12, on 15-XII-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\gwdrive32.exe
C:\WINDOWS\svchost.exe
C:\DOCUME~1\Fl\LOCALS~1\Temp\3897.exe
C:\Program Files\Exstora\Exstora.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\DOCUME~1\Fl\LOCALS~1\Temp\msdrv32a.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Glary Utilities\regdefrag.exe
C:\Program Files\wincmd2\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Fl\LOCALS~1\Temp\msdrv32a.exe
c:\Downloads\dotnetfx35.exe
C:\Downloads\RSIT.exe
e:\373ac37d80ca3333c5f1fc5c85491a05\wcu\dotNetFramework\dotNetFx35setup.exe
C:\Program Files\trend micro\Fl.exe
e:\8a7495612618e9d396a11a\setup.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\msiexec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\gwdrive32.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [svchost245843] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Advanced HTTPL Enable] C:\DOCUME~1\Fl\LOCALS~1\Temp\3897.exe
O4 - HKLM\..\Run: [KAutoUP.exe] C:\Program Files\kdisk.co.kr\kdisk(normal)\KAutoUP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atdhe.net
O15 - Trusted Zone: *.atdhe.net
O15 - Trusted Zone: www.gamedesire.com
O15 - Trusted Zone: http://www.gamedesire.com
O15 - Trusted Zone: *.kb.cz
O15 - Trusted Zone: http://www.mifa.cz
O15 - Trusted Zone: *.mojebanka.cz
O15 - Trusted Zone: http://www.upc.cz
O15 - Trusted Zone: http://www.upcmoviequiz.com
O20 - AppInit_DLLs:
O20 - Winlogon Notify: csbdll - csbdll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetAccelerator_Service (NetAccelerator) - ebase - C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Fl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\Game_Booster_Startup.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\NoTrax Updates.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-11-30 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2004-09-04 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"SmartGuardian"=C:\Program Files\ITE\Smart Guardian\ITESmart.exe [2003-09-30 180224]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Microsoft Driver Setup"=C:\WINDOWS\gwdrive32.exe [2010-12-15 61440]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-04 2219184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"svchost245843"=C:\WINDOWS\svchost.exe [2010-12-15 64512]
"Advanced HTTPL Enable"=C:\DOCUME~1\Fl\LOCALS~1\Temp\3897.exe [2010-12-15 57344]
"KAutoUP.exe"=C:\Program Files\kdisk.co.kr\kdisk(normal)\KAutoUP.exe [2010-10-21 1009688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe [2004-04-17 196608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-09-26 328056]
"RegistryBooster"=C:\Program Files\Uniblue\RegistryBooster\launcher.exe delay 20000 []
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2010-12-15 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

C:\Documents and Settings\Fl\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll]
C:\WINDOWS\system32\csbdll.dll [2010-12-15 68608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe"="C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe:*:Enabled:KdiskDown.exe"
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe"="C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe:*:Enabled:NetAccelerator.exe"
"C:\DOCUME~1\Fl\LOCALS~1\Temp\5826269.exe"="C:\DOCUME~1\Fl\LOCALS~1\Temp\5826269.exe:*:C:\WINDOWS\gwdrive32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-15 13:48:37 ----D---- C:\Program Files\trend micro
2010-12-15 13:48:28 ----D---- C:\rsit
2010-12-15 13:38:20 ----A---- C:\WINDOWS\system32\csbdll.dll
2010-12-15 13:30:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-12-15 12:15:32 ----RSH---- C:\WINDOWS\svchost.exe
2010-12-15 12:03:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-12-15 12:00:53 ----D---- C:\Program Files\QIP
2010-12-15 09:29:52 ----D---- C:\Documents and Settings\Fl\Data aplikací\IObit
2010-12-15 09:25:34 ----D---- C:\Program Files\ESET
2010-12-15 09:25:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-12-15 09:19:43 ----D---- C:\Program Files\AutocompletePro
2010-12-15 09:19:30 ----D---- C:\Program Files\FLVTube Player
2010-12-15 09:11:19 ----D---- C:\Program Files\CCleaner
2010-12-15 09:05:27 ----D---- C:\Program Files\VS Revo Group
2010-12-15 09:00:07 ----RSH---- C:\WINDOWS\gwdrive32.exe
2010-12-15 08:25:29 ----D---- C:\WINDOWS\Speeditup Free
2010-12-15 08:00:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-15 08:00:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-15 08:00:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-15 07:58:57 ----D---- C:\avrescue
2010-12-15 07:36:48 ----A---- C:\WINDOWS\system32\drivers\bxuipgp.sys
2010-12-15 07:33:58 ----A---- C:\WINDOWS\Jjehia.exe
2010-12-15 07:33:40 ----D---- C:\Documents and Settings\Fl\Data aplikací\updates
2010-12-15 05:40:08 ----RSH---- C:\Documents and Settings\Fl\Data aplikací\ohydy.exe
2010-12-15 04:30:08 ----D---- C:\Documents and Settings\Fl\Data aplikací\Systweak
2010-12-15 04:28:03 ----D---- C:\Program Files\Advanced System Optimizer 3
2010-12-15 04:07:05 ----SHD---- C:\Config.Msi
2010-12-15 03:14:54 ----D---- C:\Program Files\NetScream
2010-12-15 03:13:36 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-12-13 21:49:08 ----A---- C:\3 bugy.txt
2010-12-13 15:27:32 ----D---- C:\Program Files\ToniArts
2010-12-10 12:24:30 ----A---- C:\pokerstarsbug1.txt
2010-12-08 10:34:47 ----D---- C:\Program Files\QIP Infium
2010-12-07 08:41:28 ----A---- C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat
2010-12-04 22:54:08 ----D---- C:\Program Files\kdisk.co.kr
2010-12-04 09:53:33 ----A---- C:\doknaly chat.txt
2010-12-02 08:01:44 ----D---- C:\Documents and Settings\Fl\Data aplikací\Desktop Sidebar
2010-12-02 07:58:02 ----D---- C:\Program Files\Desktop Sidebar
2010-11-30 00:12:13 ----A---- C:\obchodak.txt
2010-11-29 03:07:43 ----D---- C:\Program Files\Microsoft Virtual PC
2010-11-29 02:58:35 ----A---- C:\hodnotit.txt
2010-11-21 22:49:12 ----A---- C:\WINDOWS\VHK.bat
2010-11-16 09:09:30 ----D---- C:\Documents and Settings\Fl\Data aplikací\Apple Computer
2010-11-16 09:03:44 ----D---- C:\Program Files\QuickTime
2010-11-16 09:02:41 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 09:02:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple

======List of files/folders modified in the last 1 months======

2010-12-15 13:49:11 ----D---- C:\WINDOWS\Temp
2010-12-15 13:48:37 ----RD---- C:\Program Files
2010-12-15 13:46:37 ----D---- C:\Downloads
2010-12-15 13:43:23 ----D---- C:\Documents and Settings\Fl\Data aplikací\uTorrent
2010-12-15 13:43:17 ----A---- C:\WINDOWS\wincmd.ini
2010-12-15 13:39:52 ----D---- C:\Documents and Settings\Fl\Data aplikací\Uniblue
2010-12-15 13:39:43 ----SD---- C:\WINDOWS\Tasks
2010-12-15 13:38:20 ----D---- C:\WINDOWS\system32
2010-12-15 13:36:16 ----D---- C:\WINDOWS
2010-12-15 13:34:45 ----HD---- C:\WINDOWS\inf
2010-12-15 13:34:45 ----D---- C:\WINDOWS\system32\drivers
2010-12-15 13:33:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-15 12:15:41 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-12-15 12:13:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\comodo
2010-12-15 10:46:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-15 10:45:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-12-15 10:42:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-15 10:42:13 ----D---- C:\Program Files\Windows Media Player
2010-12-15 10:42:13 ----D---- C:\Program Files\The KMPlayer
2010-12-15 10:42:13 ----D---- C:\Program Files\PokerStars
2010-12-15 10:42:13 ----D---- C:\Program Files\NewLive All Media To Mp3 Converter
2010-12-15 10:42:13 ----D---- C:\Program Files\Lark Anti-Spyware
2010-12-15 10:42:13 ----D---- C:\Program Files\jv16 PowerTools 2010
2010-12-15 10:42:13 ----D---- C:\Program Files\DivX
2010-12-15 10:42:13 ----D---- C:\Program Files\COMODO
2010-12-15 10:42:13 ----D---- C:\Program Files\Adobe
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\RapidSolution
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-15 10:36:06 ----SHD---- C:\WINDOWS\Installer
2010-12-15 09:37:16 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-12-15 09:28:44 ----D---- C:\WINDOWS\WinSxS
2010-12-15 09:28:08 ----D---- C:\Program Files\Common Files
2010-12-15 09:17:19 ----D---- C:\Documents and Settings\Fl\Data aplikací\Winamp
2010-12-15 09:17:18 ----D---- C:\Documents and Settings\Fl\Data aplikací\Media Player Classic
2010-12-15 09:15:42 ----D---- C:\WINDOWS\Debug
2010-12-15 09:00:18 ----SHD---- C:\RECYCLER
2010-12-15 09:00:09 ----D---- C:\WINDOWS\Prefetch
2010-12-15 08:57:53 ----D---- C:\WINDOWS\mui
2010-12-15 07:38:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-15 07:01:51 ----RSD---- C:\WINDOWS\assembly
2010-12-15 07:01:34 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-15 07:01:34 ----D---- C:\WINDOWS\system32\mui
2010-12-15 06:59:16 ----D---- C:\Program Files\Winamp Detect
2010-12-15 06:58:00 ----D---- C:\Program Files\Common Files\Adobe
2010-12-15 06:52:23 ----D---- C:\Program Files\Mozilla Firefox
2010-12-15 06:23:12 ----A---- C:\botok.txt
2010-12-15 03:44:22 ----D---- C:\Documents and Settings
2010-12-15 03:37:02 ----D---- C:\Program Files\DVDVIDEOSOFT
2010-12-13 15:35:44 ----D---- C:\WINDOWS\system32\config
2010-12-13 15:03:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-07 10:18:57 ----SHD---- C:\WINDOWS\CSC
2010-12-07 09:58:24 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-07 08:53:29 ----D---- C:\WINDOWS\Registration
2010-12-06 03:10:44 ----A---- C:\jak zastavim statisktiky.txt
2010-12-04 21:58:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-30 04:31:08 ----SHD---- C:\System Volume Information
2010-11-29 17:53:31 ----D---- C:\ Video3
2010-11-29 03:06:11 ----D---- C:\Program Files\SpeedFan
2010-11-16 20:00:11 ----D---- C:\Program Files\FreeRapid-0.83u1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Firewall Pro Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2009-03-31 80400]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-02-14 639224]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2010-09-22 39424]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-03-31 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-03-31 24336]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 iteio;iteio; \??\C:\WINDOWS\system32\drivers\iteio.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S2 SCRCAMHRDRV;ScreenCamera HR; C:\WINDOWS\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S3 ADASPROT;SYSTWEAKASO; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys []
S3 ag2mlkxh;ag2mlkxh; C:\WINDOWS\system32\drivers\ag2mlkxh.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpnmouse;cpnmouse; C:\WINDOWS\system32\DRIVERS\cpnmouse.sys [2003-11-28 5162]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-09-22 54784]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wip0202;Wippien Network Adapter; C:\WINDOWS\system32\DRIVERS\wip0202.sys [2007-06-27 23904]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-03-31 700152]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-03 153376]
R2 NetAccelerator;NetAccelerator_Service; C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe [2010-10-21 147968]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-04 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []

-----------------EOF-----------------

#4 Příspěvek od **motji** » 15 pro 2010 15:09

Co Vám to hlásí za ten vir?
Ale máte to pěkně zapráskané

Kdyby byl nějaký problém, hned napište.

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

-

Ted nerestartujte počítač!

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na beruška.com

notasss · #5 Příspěvek od **notasss** » 15 pro 2010 15:11

Pomozte mi nekdo, furt mi tu skačou vokynka, asi viry, ja tomu nerozumim ..nejdřiv chyba "V APLIKACI YSAVRIHR:EXE DOSLO K PROBLEMU a je treba ji zavrit" (ma to logo windows media playeru...pak mi avira hlasi malware "iztbjhowu.htm"...hned na to mi vyskoci dalsi avg scan na soubory qhlkrzhf.htm a yrfmkcdg.exe ...nejdou smazat a i když je smažu při přištim spušteni tam naskočej znovu, ted mi to hlasi dalsi CB521.tmb. Jde s tim něco udělat? mám dva antiviry, firewall a zda se to neučinné.

#6 Příspěvek od **motji** » 15 pro 2010 15:22

Už jsem Vám psala výš. Nabootujte do nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti), odinstalujte AVG a spusttře Rkill a následně combofix.

Když tak napište.

notasss · #7 Příspěvek od **notasss** » 15 pro 2010 16:03

Tak mám hotovo. A ačkoli vůbec netuším, co se to na mém počítači dělo, mám z toho dobrý pocit, protože vše probíhalo podle návodu

Zde je výpis z logu a v napětí očekávám další instrukce.

ComboFix 10-12-14.07 - Fl 5-XII-2010 15:38:46.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.561 [GMT 1:00]
Spuštěný z: c:\documents and settings\Fl\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.txt
C:\test.txt
C:\Thumbs.db
c:\windows\ST6UNST.000
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-15 do 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 14:42 . 2010-12-15 14:42 310784 ----a-w- c:\windows\system32\_sshnas21.dll_.vir
2010-12-15 14:38 . 2010-12-15 14:38 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\ESET
2010-12-15 13:44 . 2010-12-15 13:44 -------- d-----w- C:\VritualRoot
2010-12-15 13:43 . 2010-12-15 14:50 331616 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-12-15 13:32 . 2010-12-15 13:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2010-12-15 13:13 . 2010-12-15 13:13 223232 ----a-w- c:\windows\Jjehib.exe
2010-12-15 13:13 . 2010-12-15 13:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2010-12-15 13:06 . 2010-12-15 13:06 -------- d-----w- c:\windows\system32\cs-CZ
2010-12-15 13:01 . 2010-12-15 13:02 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.1
2010-12-15 12:48 . 2010-12-15 12:49 -------- d-----w- c:\program files\trend micro
2010-12-15 12:48 . 2010-12-15 12:49 -------- d-----w- C:\rsit
2010-12-15 12:30 . 2010-12-15 12:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-12-15 11:00 . 2010-12-15 11:25 -------- d-----w- c:\program files\QIP
2010-12-15 08:29 . 2010-12-15 08:29 -------- d-----w- c:\documents and settings\Fl\Data aplikací\IObit
2010-12-15 08:25 . 2010-12-15 08:25 -------- d-----w- c:\program files\ESET
2010-12-15 08:25 . 2010-12-15 08:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2010-12-15 08:19 . 2010-12-15 08:19 -------- d-----w- c:\program files\AutocompletePro
2010-12-15 08:19 . 2010-12-15 08:19 -------- d-----w- c:\program files\FLVTube Player
2010-12-15 08:11 . 2010-12-15 08:11 -------- d-----w- c:\program files\CCleaner
2010-12-15 08:05 . 2010-12-15 08:05 -------- d-----w- c:\program files\VS Revo Group
2010-12-15 07:28 . 2010-12-15 07:28 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\JockerSoft
2010-12-15 07:25 . 2010-12-15 07:25 -------- d-----w- c:\windows\Speeditup Free
2010-12-15 07:00 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 07:00 . 2010-12-15 07:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 07:00 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 06:58 . 2010-12-15 06:58 -------- d-----w- C:\avrescue
2010-12-15 06:37 . 2010-12-15 06:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Mozilla
2010-12-15 06:36 . 2010-12-15 14:55 760320 ----a-w- c:\windows\system32\drivers\bxuipgp.sys
2010-12-15 06:33 . 2010-12-15 06:33 376832 ----a-w- c:\windows\Jjehia.exe
2010-12-15 06:33 . 2010-12-15 07:06 -------- d-----w- c:\documents and settings\Fl\Data aplikací\updates
2010-12-15 04:40 . 2010-12-15 04:39 90112 --sh--r- c:\documents and settings\Fl\Data aplikací\ohydy.exe
2010-12-15 03:30 . 2010-12-15 04:27 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Systweak
2010-12-15 03:28 . 2010-12-15 06:33 -------- d-----w- c:\program files\Advanced System Optimizer 3
2010-12-15 02:14 . 2010-12-15 06:00 -------- d-----w- c:\program files\NetScream
2010-12-15 02:13 . 2010-12-15 02:13 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-13 14:27 . 2010-12-13 14:27 -------- d-----w- c:\program files\ToniArts
2010-12-13 14:25 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-12-13 14:25 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-12-13 14:25 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-12-13 14:25 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-12-13 14:25 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-12-13 14:25 . 2010-12-13 14:25 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-12-13 14:25 . 2010-12-13 14:25 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-12-08 09:34 . 2010-12-15 09:42 -------- d-----w- c:\program files\QIP Infium
2010-12-07 07:41 . 2010-12-07 07:41 174 ----a-w- c:\documents and settings\Fl\Data aplikací\jkgbkhjkv.bat
2010-12-04 21:54 . 2010-12-04 21:54 -------- d-----w- c:\program files\kdisk.co.kr
2010-12-02 07:01 . 2010-12-02 07:02 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Desktop Sidebar
2010-12-02 06:58 . 2010-12-02 06:58 -------- d-----w- c:\program files\Desktop Sidebar
2010-11-29 02:07 . 2010-11-29 02:07 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-11-21 21:49 . 2010-12-15 00:59 356 ----a-w- c:\windows\VHK.bat
2010-11-18 09:09 . 2010-11-18 09:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2010-11-16 08:09 . 2010-11-16 08:09 -------- d-----w- c:\documents and settings\Fl\Data aplikací\Apple Computer
2010-11-16 08:03 . 2010-11-22 17:31 -------- d-----w- c:\program files\QuickTime
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\program files\Common Files\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2010-11-16 08:02 . 2010-11-16 08:02 -------- d-----w- c:\documents and settings\Fl\Local Settings\Data aplikací\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-15 06:22 . 2010-11-04 17:33 165232 ---ha-w- c:\documents and settings\Fl\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2010-10-08 20:42 . 2010-10-08 20:42 102400 ----a-r- c:\documents and settings\Fl\Data aplikací\Microsoft\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
2010-09-22 08:51 . 2010-09-22 08:51 122880 ----a-w- c:\windows\system32\NVCOSMB.DLL
2010-09-22 08:51 . 2007-02-14 15:27 453152 ----a-w- c:\windows\system32\nvusmb.exe
2010-09-22 08:51 . 2006-04-14 19:09 54784 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2010-09-22 08:51 . 2006-04-14 19:07 200704 ----a-w- c:\windows\system32\fdco1ins.dll
2010-09-22 08:51 . 2006-04-14 19:07 200704 ----a-w- c:\windows\system32\fdco1.dll
2010-09-22 08:51 . 2010-09-22 08:51 282624 ----a-w- c:\windows\system32\yk51x86.dll
2010-09-22 08:51 . 2007-02-14 15:34 39424 ----a-w- c:\windows\system32\drivers\amdk8.sys
2010-07-03 10:16 . 2010-09-09 15:29 375296 ----a-w- c:\program files\checkDisk.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"SmartGuardian"="c:\program files\ITE\Smart Guardian\ITESmart.exe" [2003-09-30 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2004-04-17 196608]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Fl\Nabˇdka Start\Programy\Po spuçtŘnˇ\AutorunsDisabled
Winamp.lnk - c:\program files\Winamp\winamp.exe [2010-6-28 1592672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\kdisk.co.kr\\KDisk(fast2)\\KdiskDown.exe"=
"c:\\Program Files\\kdisk.co.kr\\KDisk(fast2)\\NetAccelerator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-II-2007 16:56 639224]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [09-IV-2010 01:25 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [09-IV-2010 01:25 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [09-IV-2010 01:25 25240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29-VII-2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03-VIII-2010 12:28 95896]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23-IV-2007 12:03 82200]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19-II-2010 17:00 148744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-III-2010 12:16 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [04-XI-2010 17:15 810144]
R2 NetAccelerator;NetAccelerator_Service;c:\program files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe [21-X-2010 09:36 147968]
R3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [14-II-2007 16:44 3680]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [07-XI-2010 03:59 234800]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18-VII-2010 00:11 135336]
S3 cpnmouse;cpnmouse;c:\windows\system32\drivers\cpnmouse.sys [23-III-2009 19:13 5162]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21-VI-2007 16:21 30720]
S3 wip0202;Wippien Network Adapter;c:\windows\system32\drivers\wip0202.sys [13-XII-2009 05:23 23904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-III-2010 12:16 753504]
S4 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - bxuipgp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-15 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-12-14 14:24]

2010-12-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-04 08:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Subscribe in Desktop Sidebar - c:\program files\Desktop Sidebar\sbhelp.dll/menuhandler.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: atdhe.net
Trusted Zone: atdhe.net\www
Trusted Zone: gamedesire.com\www
Trusted Zone: kb.cz
Trusted Zone: mifa.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: upc.cz\www
Trusted Zone: upcmoviequiz.com\www
FF - ProfilePath - c:\documents and settings\Fl\Data aplikací\Mozilla\Firefox\Profiles\i56aks7s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.ftp - 155.246.12.163
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 155.246.12.163
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 129.82.12.188
FF - prefs.js: network.proxy.http_port - 3124
FF - prefs.js: network.proxy.socks - 155.246.12.163
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 155.246.12.163
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Auto Copy: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} - %profile%\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: ToolbarButtons: {03B08592-E5B4-45ff-A0BE-C1D975458688} - %profile%\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-svchost245843 - c:\windows\svchost.exe
HKLM-Run-KAutoUP.exe - c:\program files\kdisk.co.kr\kdisk(normal)\KAutoUP.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-IMTranslator - c:\progra~1\Smart Link\IMTrans\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 15:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bxuipgp]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078F597A455045"
"lr"="078F517F445142"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSCS.DLL
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\program files\Exstora\Exstora.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\wincmd2\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-15 16:00:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-15 15:00

Před spuštěním: 533 966 848
Po spuštění: 885 497 856

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FD35BB50F92CED5008EA021905EFAE31

#8 Příspěvek od **motji** » 15 pro 2010 16:19

Hotovo nemáme, Vy tam máte havěti tak na 3 počítače

. Kdepak jste k tomu přišel?
Já Vás poprosím o nový log ze Rsitu, v logu combofixu nevidím havět co byla ve Rsitu, a pak mi ještě otestujte pár souborů, ať vím, co tam máte za potvoru

. A pak to všechno pobijeme

Dejte soubor otestovat na http://www.virustotal.com

c:\program files\kdisk.co.kr
c:\windows\system32\drivers\bxuipgp.sys
c:\windows\Jjehia.exe

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Tento bat soubor znáte? Pokud ne, klikněte na něj pravým myšítkem - otevřít v notepadu a vložte zde obsah notepadu
c:\documents and settings\Fl\Data aplikací\jkgbkhjkv.bat

notasss · #9 Příspěvek od **notasss** » 15 pro 2010 16:35

To by mě také zajímalo, kde jsem k tomu přišel. Už několik let chodím na ty samé stránky, ale poslední dobou se mi windowsy zdály stále pomalejší, tak jsem si stáhnul několik programů na čištění, jako advenced systemcare ccleaner a pár dalších, projel jsem pc, ale nijak zvlášť to nepomohlo, tak jsem ještě zkusil jeden návod z internetu na zrychlení pripojení:

viz. zde:
1. Zvolte Start > Spustit… zadejte gpedit.msc a potvrďte Enter
2. Vyberte záložku správy tohoto počítače
3. Pokračujte na pokročilé rozhraní pro administrátory a pak na síťová připojení
4. Zde vyberte QoS Packet Scheduler
5. Dále pokračujte pravým klikem – z kontextového menu pak vyberte položku rezervovaného limitu
6. Zaškrtněte povolení této položky a pak limit změňte na 0.
7. Zavřete gpedit.msc, restartujte počítač a změny by měly již být zřetelné.

to bylo včera. Dnes ráno jsem pak zapnul počítač a už to jelo...

RSIT mi píše chybu http://sklad.obrazku.cz/obr573528_Scree ... 516.34.jpg .
Zbytek informací dodám, až to pochopím, chvilku ztrpení.

notasss · #10 Příspěvek od **notasss** » 15 pro 2010 16:38

Obsah BAT souboru zde >>

:dsfgdfh
del "C:\Downloads\AntiSpyWareSetup.exe"
if exist "C:\Downloads\AntiSpyWareSetup.exe" goto dsfgdfh
del "C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat"

#11 Příspěvek od **motji** » 15 pro 2010 16:39

kromě HJT jinak vše funguje?
Počkám na ty soubory, když tak se ptejte. Máte tam ještě rootkita a pár dalších zvířátek

notasss · #12 Příspěvek od **notasss** » 15 pro 2010 16:47

Pokud jde o ty 3 soubory.

c:\program files\kdisk.co.kr je složka > nelze otestovat

c:\windows\system32\drivers\bxuipgp.sys otestovat šel, ale nic se nestalo, nic mi to neukázalo

c:\windows\Jjehia.exe výpis níže

Jjehia.exe
Submission date:
2010-12-15 15:40:45 (UTC)
Current status:
queued (#3) queued (#3) analysing finished
Result:
6/ 43 (14.0%)

AhnLab-V3 2010.12.15.02 2010.12.15 Trojan/Win32.FakeAV
AntiVir 7.11.0.42 2010.12.15 -
Antiy-AVL 2.0.3.7 2010.12.15 -
Avast 4.8.1351.0 2010.12.15 -
Avast5 5.0.677.0 2010.12.15 -
AVG 9.0.0.851 2010.12.15 -
BitDefender 7.2 2010.12.15 -
CAT-QuickHeal 11.00 2010.12.15 -
ClamAV 0.96.4.0 2010.12.15 -
Command 5.2.11.5 2010.12.15 -
Comodo 7072 2010.12.15 -
DrWeb 5.0.2.03300 2010.12.15 -
Emsisoft 5.1.0.1 2010.12.15 -
eSafe 7.0.17.0 2010.12.15 -
eTrust-Vet 36.1.8042 2010.12.15 -
F-Prot 4.6.2.117 2010.12.14 -
F-Secure 9.0.16160.0 2010.12.15 -
Fortinet 4.2.254.0 2010.12.15 -
GData 21 2010.12.15 -
Ikarus T3.1.1.90.0 2010.12.15 -
Jiangmin 13.0.900 2010.12.15 -
K7AntiVirus 9.73.3258 2010.12.15 -
Kaspersky 7.0.0.125 2010.12.15 -
McAfee 5.400.0.1158 2010.12.15 -
McAfee-GW-Edition 2010.1C 2010.12.15 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.6402 2010.12.15 TrojanDownloader:Win32/Renos.NX
NOD32 5705 2010.12.15 a variant of Win32/Kryptik.IXG
Norman 6.06.12 2010.12.15 -
nProtect 2010-12-15.02 2010.12.15 -
Panda 10.0.2.7 2010.12.15 -
PCTools 7.0.3.5 2010.12.15 -
Prevx 3.0 2010.12.15 -
Rising 22.78.01.04 2010.12.15 -
Sophos 4.60.0 2010.12.15 -
SUPERAntiSpyware 4.40.0.1006 2010.12.15 Trojan.Agent/Gen-Exploit
Symantec 20101.3.0.103 2010.12.15 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.15 -
VBA32 3.12.14.2 2010.12.14 -
VIPRE 7662 2010.12.15 Trojan.Win32.Generic.pak!cobra
ViRobot 2010.12.15.4202 2010.12.15 -
VirusBuster 13.6.95.0 2010.12.15 -

#13 Příspěvek od **motji** » 15 pro 2010 16:51

A tuto složku znáte?
c:\program files\kdisk.co.kr
Ještě počkám co ten bat soubor a jdeme vraždit

notasss · #14 Příspěvek od **notasss** » 15 pro 2010 16:55

tak ten log se mi nakonec podařilo i otevřít (a bat soubor už sem poslal výše (kdisk.co.kr neznám, mohla by to být sice nějaká část přehrávač kmplayeru, ale vůbec si tím nejsem jistý, ještě se po tom podívám)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Fl at 2010-12-15 16:30:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 866 MB (4%) free of 20 GB
Total RAM: 1022 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:38, on 15-XII-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Exstora\Exstora.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Downloads\RSIT.exe
C:\Program Files\trend micro\Fl.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atdhe.net
O15 - Trusted Zone: *.atdhe.net
O15 - Trusted Zone: http://www.gamedesire.com
O15 - Trusted Zone: http://www.gamedesire.com
O15 - Trusted Zone: *.kb.cz
O15 - Trusted Zone: http://www.mifa.cz
O15 - Trusted Zone: *.mojebanka.cz
O15 - Trusted Zone: http://www.upc.cz
O15 - Trusted Zone: http://www.upcmoviequiz.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetAccelerator_Service (NetAccelerator) - ebase - C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Fl/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7944 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-11-30 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2004-09-04 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-12-15 1331392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"SmartGuardian"=C:\Program Files\ITE\Smart Guardian\ITESmart.exe [2003-09-30 180224]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-04 2219184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe [2004-04-17 196608]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-04-09 2029456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-09-26 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

C:\Documents and Settings\Fl\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe"="C:\Program Files\kdisk.co.kr\KDisk(fast2)\KdiskDown.exe:*:Enabled:KdiskDown.exe"
"C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe"="C:\Program Files\kdisk.co.kr\KDisk(fast2)\NetAccelerator.exe:*:Enabled:NetAccelerator.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-15 16:00:39 ----A---- C:\ComboFix.txt
2010-12-15 15:42:39 ----A---- C:\WINDOWS\system32\_sshnas21.dll_.vir
2010-12-15 15:37:27 ----A---- C:\Boot.bak
2010-12-15 15:37:15 ----RASHD---- C:\cmdcons
2010-12-15 15:31:16 ----A---- C:\WINDOWS\MBR.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\zip.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\SWSC.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\SWREG.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\sed.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\PEV.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-15 15:31:15 ----A---- C:\WINDOWS\grep.exe
2010-12-15 15:30:48 ----D---- C:\WINDOWS\ERDNT
2010-12-15 15:30:39 ----D---- C:\ComboFix
2010-12-15 15:28:29 ----D---- C:\Qoobox
2010-12-15 14:44:28 ----D---- C:\VritualRoot
2010-12-15 14:32:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2010-12-15 14:13:57 ----A---- C:\WINDOWS\Jjehib.exe
2010-12-15 14:06:04 ----D---- C:\WINDOWS\system32\cs-CZ
2010-12-15 14:01:59 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.1
2010-12-15 13:51:18 ----A---- C:\chyba3log.txt
2010-12-15 13:48:37 ----D---- C:\Program Files\trend micro
2010-12-15 13:48:28 ----D---- C:\rsit
2010-12-15 13:30:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-12-15 12:03:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-12-15 12:00:53 ----D---- C:\Program Files\QIP
2010-12-15 09:29:52 ----D---- C:\Documents and Settings\Fl\Data aplikací\IObit
2010-12-15 09:25:34 ----D---- C:\Program Files\ESET
2010-12-15 09:25:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-12-15 09:19:43 ----D---- C:\Program Files\AutocompletePro
2010-12-15 09:19:30 ----D---- C:\Program Files\FLVTube Player
2010-12-15 09:11:19 ----D---- C:\Program Files\CCleaner
2010-12-15 09:05:27 ----D---- C:\Program Files\VS Revo Group
2010-12-15 08:25:29 ----D---- C:\WINDOWS\Speeditup Free
2010-12-15 08:00:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-15 08:00:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-15 08:00:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-15 07:58:57 ----D---- C:\avrescue
2010-12-15 07:36:48 ----A---- C:\WINDOWS\system32\drivers\bxuipgp.sys
2010-12-15 07:33:58 ----A---- C:\WINDOWS\Jjehia.exe
2010-12-15 07:33:40 ----D---- C:\Documents and Settings\Fl\Data aplikací\updates
2010-12-15 05:40:08 ----RSH---- C:\Documents and Settings\Fl\Data aplikací\ohydy.exe
2010-12-15 04:30:08 ----D---- C:\Documents and Settings\Fl\Data aplikací\Systweak
2010-12-15 04:28:03 ----D---- C:\Program Files\Advanced System Optimizer 3
2010-12-15 04:07:05 ----D---- C:\Config.Msi
2010-12-15 03:14:54 ----D---- C:\Program Files\NetScream
2010-12-15 03:13:36 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-12-13 21:49:08 ----A---- C:\3 bugy.txt
2010-12-13 15:27:32 ----D---- C:\Program Files\ToniArts
2010-12-10 12:24:30 ----A---- C:\pokerstarsbug1.txt
2010-12-08 10:34:47 ----D---- C:\Program Files\QIP Infium
2010-12-07 08:41:28 ----A---- C:\Documents and Settings\Fl\Data aplikací\jkgbkhjkv.bat
2010-12-04 22:54:08 ----D---- C:\Program Files\kdisk.co.kr
2010-12-04 09:53:33 ----A---- C:\doknaly chat.txt
2010-12-02 08:01:44 ----D---- C:\Documents and Settings\Fl\Data aplikací\Desktop Sidebar
2010-12-02 07:58:02 ----D---- C:\Program Files\Desktop Sidebar
2010-11-30 00:12:13 ----A---- C:\obchodak.txt
2010-11-29 03:07:43 ----D---- C:\Program Files\Microsoft Virtual PC
2010-11-29 02:58:35 ----A---- C:\hodnotit.txt
2010-11-21 22:49:12 ----A---- C:\WINDOWS\VHK.bat
2010-11-16 09:09:30 ----D---- C:\Documents and Settings\Fl\Data aplikací\Apple Computer
2010-11-16 09:03:44 ----D---- C:\Program Files\QuickTime
2010-11-16 09:02:41 ----D---- C:\Program Files\Common Files\Apple
2010-11-16 09:02:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple

======List of files/folders modified in the last 1 months======

2010-12-15 16:49:30 ----D---- C:\WINDOWS\Temp
2010-12-15 16:44:50 ----A---- C:\WINDOWS\wincmd.ini
2010-12-15 16:34:06 ----D---- C:\Downloads
2010-12-15 16:33:38 ----A---- C:\WINDOWS\ScreenHunter.INI
2010-12-15 16:14:38 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-15 16:00:47 ----D---- C:\WINDOWS\system32\drivers
2010-12-15 15:58:17 ----SD---- C:\WINDOWS\Tasks
2010-12-15 15:55:01 ----D---- C:\Documents and Settings\Fl\Data aplikací\uTorrent
2010-12-15 15:54:03 ----D---- C:\WINDOWS
2010-12-15 15:54:02 ----N---- C:\WINDOWS\system.ini
2010-12-15 15:52:44 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-15 15:52:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-15 15:50:21 ----D---- C:\WINDOWS\system32
2010-12-15 15:48:27 ----D---- C:\WINDOWS\system32\config
2010-12-15 15:43:08 ----D---- C:\WINDOWS\AppPatch
2010-12-15 15:43:00 ----D---- C:\Program Files\Common Files
2010-12-15 15:37:27 ----RASH---- C:\boot.ini
2010-12-15 15:31:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-15 14:53:13 ----SHD---- C:\WINDOWS\Installer
2010-12-15 14:46:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\comodo
2010-12-15 14:37:09 ----D---- C:\Program Files\COMODO
2010-12-15 14:34:18 ----D---- C:\Documents and Settings\Fl\Data aplikací\Comodo
2010-12-15 14:06:46 ----HD---- C:\WINDOWS\inf
2010-12-15 14:06:45 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-15 14:06:09 ----RSD---- C:\WINDOWS\assembly
2010-12-15 14:06:05 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-15 14:05:44 ----D---- C:\WINDOWS\system32\mui
2010-12-15 14:03:12 ----RSD---- C:\WINDOWS\Fonts
2010-12-15 14:01:59 ----RD---- C:\Program Files
2010-12-15 13:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-15 13:55:43 ----D---- C:\WINDOWS\WinSxS
2010-12-15 13:39:52 ----D---- C:\Documents and Settings\Fl\Data aplikací\Uniblue
2010-12-15 12:15:41 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-12-15 10:45:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-12-15 10:42:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-15 10:42:13 ----D---- C:\Program Files\Windows Media Player
2010-12-15 10:42:13 ----D---- C:\Program Files\The KMPlayer
2010-12-15 10:42:13 ----D---- C:\Program Files\PokerStars
2010-12-15 10:42:13 ----D---- C:\Program Files\NewLive All Media To Mp3 Converter
2010-12-15 10:42:13 ----D---- C:\Program Files\Lark Anti-Spyware
2010-12-15 10:42:13 ----D---- C:\Program Files\jv16 PowerTools 2010
2010-12-15 10:42:13 ----D---- C:\Program Files\DivX
2010-12-15 10:42:13 ----D---- C:\Program Files\Adobe
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\RapidSolution
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-12-15 10:42:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-12-15 09:37:16 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-12-15 09:17:19 ----D---- C:\Documents and Settings\Fl\Data aplikací\Winamp
2010-12-15 09:17:18 ----D---- C:\Documents and Settings\Fl\Data aplikací\Media Player Classic
2010-12-15 09:15:42 ----D---- C:\WINDOWS\Debug
2010-12-15 09:00:09 ----D---- C:\WINDOWS\Prefetch
2010-12-15 08:57:53 ----D---- C:\WINDOWS\mui
2010-12-15 06:59:16 ----D---- C:\Program Files\Winamp Detect
2010-12-15 06:58:00 ----D---- C:\Program Files\Common Files\Adobe
2010-12-15 06:52:23 ----D---- C:\Program Files\Mozilla Firefox
2010-12-15 06:23:12 ----A---- C:\botok.txt
2010-12-15 03:44:22 ----D---- C:\Documents and Settings
2010-12-15 03:37:02 ----D---- C:\Program Files\DVDVIDEOSOFT
2010-12-13 15:03:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-07 10:18:57 ----SHD---- C:\WINDOWS\CSC
2010-12-07 09:58:24 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-07 08:53:29 ----D---- C:\WINDOWS\Registration
2010-12-06 03:10:44 ----A---- C:\jak zastavim statisktiky.txt
2010-12-04 21:58:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-30 04:31:08 ----SHD---- C:\System Volume Information
2010-11-29 17:53:31 ----D---- C:\ Video3
2010-11-29 03:06:11 ----D---- C:\Program Files\SpeedFan
2010-11-16 20:00:11 ----D---- C:\Program Files\FreeRapid-0.83u1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-04-09 86800]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-02-14 639224]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2010-09-22 39424]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2010-04-09 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-04-09 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-04-09 25240]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 iteio;iteio; \??\C:\WINDOWS\system32\drivers\iteio.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S2 SCRCAMHRDRV;ScreenCamera HR; C:\WINDOWS\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S3 a498i7ev;a498i7ev; C:\WINDOWS\system32\drivers\a498i7ev.sys []
S3 ADASPROT;SYSTWEAKASO; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpnmouse;cpnmouse; C:\WINDOWS\system32\DRIVERS\cpnmouse.sys [2003-11-28 5162]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 mbr;mbr; \??\C:\DOCUME~1\Fl\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-09-22 54784]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wip0202;Wippien Network Adapter; C:\WINDOWS\system32\DRIVERS\wip0202.sys [2007-06-27 23904]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-04-09 1769216]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-03 153376]
R2 NetAccelerator;NetAccelerator_Service; C:\Program Files\kdisk.co.kr\kdisk(fast2)\NetAccelerator.exe [2010-10-21 147968]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-04 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []

-----------------EOF-----------------

#15 Příspěvek od **motji** » 15 pro 2010 17:01

A tohle znáte?
- C:\WINDOWS\VHK.bat

VIRY.CZ

Systém se hroutí, prosím o radu

Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu

Re: Systém se hroutí, prosím o radu