VIRY.CZ

tady je log z nouz.režimu

ComboFix 10-04-21.01 - Gregr Radim 24.04.2010 15:34:33.9.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1763 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gregr Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gregr Radim\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-23 17:40 . 2010-04-23 17:41 -------- d-----w- C:\rsit
2010-04-11 09:30 . 2010-04-11 09:33 -------- d-----w- c:\program files\Verdict Free
2010-04-09 11:41 . 2010-04-23 14:56 4309 ----a-w- c:\windows\SysCare.dat
2010-04-09 11:41 . 2010-04-09 11:41 10240 ----a-w- c:\windows\system32\drivers\FldSafe.sys
2010-04-09 11:41 . 2010-04-09 11:41 -------- d-----w- c:\program files\FolderDefence
2010-04-06 21:17 . 2010-04-23 14:53 -------- d-----w- c:\documents and settings\Gregr Radim\soukromé
2010-04-06 21:06 . 2010-04-06 21:06 -------- d-----w- c:\program files\Nitin Softwares
2010-04-02 09:31 . 2010-04-02 09:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-30 05:17 . 2010-03-30 05:17 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 19:53 . 2009-03-20 13:26 -------- d-----w- c:\program files\Call of Duty
2010-04-22 12:01 . 2009-10-21 13:24 -------- d-----w- c:\program files\World of Warcraft
2010-04-22 11:56 . 2009-03-22 16:36 -------- d-----w- c:\program files\!!!! (Lukee) - Warcraft III
2010-04-21 19:04 . 2009-02-08 22:07 -------- d-----w- c:\program files\CCleaner
2010-04-17 17:45 . 2009-11-19 16:22 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 17:45 . 2009-11-19 16:21 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-15 07:12 . 2008-06-10 16:21 -------- d-----w- c:\program files\Google
2010-04-09 11:02 . 2008-07-31 07:51 -------- d-----w- c:\program files\Common Files\Java
2010-04-09 11:01 . 2008-07-31 07:54 -------- d-----w- c:\program files\Java
2010-03-31 19:18 . 2001-10-25 14:00 79242 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 19:18 . 2001-10-25 14:00 432278 ----a-w- c:\windows\system32\perfh005.dat
2010-03-25 14:32 . 2008-05-31 19:52 -------- d-----w- c:\program files\Ricochet Infinity
2010-03-22 17:34 . 2010-03-22 17:45 975512 ----a-w- c:\documents and settings\World of Warcraft\Repair.exe
2010-03-22 17:34 . 2010-03-22 17:45 4895616 ----a-w- c:\documents and settings\World of Warcraft\Launcher.exe
2010-03-22 17:34 . 2010-03-22 17:45 3031048 ----a-w- c:\documents and settings\World of Warcraft\Blizzard Updater.exe
2010-03-22 15:06 . 2010-03-22 17:46 345240 ----a-w- c:\documents and settings\World of Warcraft\WowError.exe
2010-03-22 15:06 . 2010-03-22 17:46 7359640 ----a-w- c:\documents and settings\World of Warcraft\Wow.exe
2010-03-22 15:06 . 2010-03-22 17:45 467600 ----a-w- c:\documents and settings\World of Warcraft\Battle.net.dll
2010-03-22 15:05 . 2010-03-22 17:45 626688 ----a-w- c:\documents and settings\World of Warcraft\msvcr80.dll
2010-03-22 13:49 . 2010-03-22 17:46 5101376 ----a-w- c:\documents and settings\World of Warcraft\WoW-3.3.0.10958-to-3.3.0.11159-enUS-patch.exe
2010-03-22 06:01 . 2010-03-22 17:46 167050587 ----a-w- c:\documents and settings\World of Warcraft\WoW-3.3.0.11159-to-3.3.2.11403-enUS-patch.exe
2010-03-14 18:25 . 2010-03-22 17:45 46852 ----a-w- c:\documents and settings\World of Warcraft\Scan.dll
2010-03-09 11:11 . 2002-09-20 18:04 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2008-12-19 09:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 16:36 . 2008-06-01 09:54 -------- d-----w- c:\program files\JetAudio
2010-02-26 05:43 . 2002-09-20 18:05 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-05-31 01:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 15:26 . 2008-06-07 07:42 -------- d-----w- c:\program files\ChickenVillage
2010-02-24 13:11 . 2002-08-29 01:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2002-09-20 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2002-09-20 17:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-24 21:51 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2002-09-20 18:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-08-29 01:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-23 1011712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-12 16384512]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-24 1443072]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gregr Radim\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\!!!! (Lukee) - Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\Need for speed underground 2 crack.exe"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\THQ\\Titan Quest\\Titan Quest.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
S0 bvV67;bvV67;c:\windows\system32\Drivers\bvV67.sys --> c:\windows\system32\Drivers\bvV67.sys [?]
S0 crH33;crH33;c:\windows\system32\Drivers\crH33.sys --> c:\windows\system32\Drivers\crH33.sys [?]
S0 jtJ77;jtJ77;c:\windows\system32\Drivers\jtJ77.sys --> c:\windows\system32\Drivers\jtJ77.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.4.2010 11:31 691696]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
S1 FldSafe;FldSafe;c:\windows\system32\drivers\FldSafe.sys [9.4.2010 13:41 10240]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/05 21:10];c:\program files\CyberLink\PowerDVD9\000.fcl [7.5.2009 21:05 87536]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
S2 gupdate1c9aafbfa65ab50;Google Update Service (gupdate1c9aafbfa65ab50);c:\program files\Google\Update\GoogleUpdate.exe [22.3.2009 16:39 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.3.2009 19:58 222456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2008-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:39]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Gregr Radim\Data aplikací\Mozilla\Firefox\Profiles\3csqj9yn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1647877149-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1647877149-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:fc,cc,99,76,59,1d,22,09,2f,c6,8a,d1,12,f6,3f,be,2e,76,f7,97,3e,
86,f7,db,39,d8,c4,98,95,a4,3b,c5,94,35,60,15,be,9f,59,1e,52,9a,95,d8,d2,82,\
"rkeysecu"=hex:76,06,5a,07,f3,86,3b,7c,88,27,74,c1,30,0d,67,3b

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop BMW M3 Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"

[HKEY_LOCAL_MACHINE\software\N*e*e*d* *F*o*r* *S*p*e*e*d* *W*o*r*l*d* *S*i*t*e*"!\NFS Most Wanted Cop Edonis Mod]
"Install Dir"="c:\\PROGRA~1\\EAGAME~1\\NEEDFO~2"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(292)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2010-04-24 15:45:58
ComboFix-quarantined-files.txt 2010-04-24 13:45
ComboFix2.txt 2010-04-24 09:36
ComboFix3.txt 2010-04-24 06:13
ComboFix4.txt 2010-04-23 20:02
ComboFix5.txt 2010-04-24 13:22

Před spuštěním: Volných bajtů: 88 227 459 072
Po spuštění: Volných bajtů: 88 194 457 600

- - End Of File - - FDDF37C6E56DE079ECD20AF4CAB0D749

Drží tam jako přišité. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 tímto skriptem:

Files to delete:
c:\windows\system32\Drivers\bvV67.sys
c:\windows\system32\Drivers\crH33.sys
c:\windows\system32\Drivers\jtJ77.sys

Drivers to delete:
bvV67
crH33
jtJ77

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\Drivers\bvV67.sys" not found!
Deletion of file "c:\windows\system32\Drivers\bvV67.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\Drivers\crH33.sys" not found!
Deletion of file "c:\windows\system32\Drivers\crH33.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\Drivers\jtJ77.sys" not found!
Deletion of file "c:\windows\system32\Drivers\jtJ77.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "bvV67" deleted successfully.
Driver "crH33" deleted successfully.
Driver "jtJ77" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Podle Avengeru existovaly pouze drivery (byly smazány), soubory nikoli. Nastala nějaká změna?

zatím je vše ok.uvidím jestli se bude něco dít.každopádně moc děkuji.

Rádo se stalo!