VIRY.CZ

zda se mi,ze driv bral tak 70-80MB,ted klidne i 250MB

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-08-08 01:55:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive G: has 8 GB (30%) free of 25 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:46, on 8.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Eset\nod32kui.exe
H:\Program Files\PowerISO\PWRISOVM.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\DAEMON Tools Lite\daemon.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
H:\program files\steam\steam.exe
H:\Program Files\QIP Infium\infium.exe
G:\WINDOWS\system32\dgdersvc.exe
G:\WINDOWS\system32\FsUsbExService.Exe
G:\Program Files\Eset\nod32krn.exe
G:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
G:\WINDOWS\system32\svchost.exe
H:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Program Files\Mumble\dbus-daemon.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
G:\WINDOWS\system32\taskmgr.exe
G:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PWRISOVM.EXE] H:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svchost] G:\WINDOWS\system32\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON SX110 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "G:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "h:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Infium] "H:\Program Files\QIP Infium\infium.exe" /autorun /autorun /autorun /autorun /autorun
O4 - HKCU\..\Run: [KiesTrayAgent] H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] G:\WINDOWS\system32\install\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] G:\WINDOWS\system32\install\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - G:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - G:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - H:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6527 bytes

======Scheduled tasks folder======

G:\WINDOWS\tasks\1-Click Maintenance.job
G:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - G:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=G:\WINDOWS\RTHDCPL.EXE [2005-05-04 14396416]
"nod32kui"=G:\Program Files\Eset\nod32kui.exe [2009-08-26 949376]
"PWRISOVM.EXE"=H:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"Adobe ARM"=G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"NvCplDaemon"=G:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=G:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"svchost"=G:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=G:\WINDOWS\system32\install\svchost.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=G:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Skype"=G:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DAEMON Tools Lite"=G:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"EPSON SX110 Series"=G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"Steam"=h:\program files\steam\steam.exe [2010-05-07 1238352]
"Infium"=H:\Program Files\QIP Infium\infium.exe [2009-03-25 5245440]
"KiesTrayAgent"=H:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=G:\WINDOWS\system32\install\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3
"LightScribeService"=2
"gupdate"=2
"NMIndexingService"=3

G:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Mass Effect\Binaries\MassEffect.exe"="H:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"H:\Program Files\Mass Effect\MassEffectLauncher.exe"="H:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="H:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="G:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="H:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"G:\WINDOWS\system32\PnkBstrA.exe"="G:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"G:\WINDOWS\system32\PnkBstrB.exe"="G:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\XBlades\xblades.exe"="H:\Program Files\XBlades\xblades.exe:*:Enabled:xblades.exe"
"H:\Program Files\XBlades\launcher.exe"="H:\Program Files\XBlades\launcher.exe:*:Enabled:launcher.exe"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE"="H:\Program Files\capcom\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
"H:\Program Files\Dragon Age\DAOriginsLauncher.exe"="H:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:${SafeProductName} ${FirewallName_Launcher}"
"H:\Program Files\Dragon Age\bin_ship\daorigins.exe"="H:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:${SafeProductName} ${FirewallName_Game}"
"H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="H:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:${SafeProductName} ${FirewallName_Updater}"
"H:\Program Files\Activision\Prototype\prototypef.exe"="H:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe"="H:\Program Files\capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\bionic_commando.exe:*:Enabled:Bionic Commando"
"C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe"="C:\Program Files\Capcom\Bionic Commando\Bionic Commando\Support\CAP1-0101.exe:*:Enabled:Bionic Commando"
"G:\Program Files\Skype\Plugin Manager\skypePM.exe"="G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"G:\WINDOWS\system32\muzapp.exe"="G:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="H:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"G:\Program Files\Skype\Phone\Skype.exe"="G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-03 21:04:04 ----D---- G:\Program Files\SAMSUNG
2010-08-03 21:03:15 ----A---- G:\WINDOWS\system32\FsUsbExService.Exe
2010-08-03 21:03:15 ----A---- G:\WINDOWS\system32\FsUsbExDevice.Dll
2010-08-03 21:00:50 ----D---- G:\Program Files\PC Connectivity Solution
2010-08-03 20:58:48 ----D---- G:\Documents and Settings\Admin\Data aplikací\Samsung
2010-08-03 20:57:37 ----D---- G:\Program Files\MarkAny
2010-08-03 20:57:33 ----D---- G:\Documents and Settings\All Users\Data aplikací\Samsung
2010-08-03 20:57:22 ----N---- G:\WINDOWS\system32\spmsg.dll
2010-08-03 20:57:13 ----HDC---- G:\WINDOWS\$NtUninstallWudf01000$
2010-08-03 20:56:11 ----A---- G:\WINDOWS\imsins.BAK
2010-08-03 20:55:40 ----HDC---- G:\WINDOWS\$NtUninstallWMFDist11$
2010-08-03 20:51:08 ----D---- G:\Program Files\Common Files\Samsung
2010-07-30 01:27:42 ----A---- G:\WINDOWS\system32\unrar.dll
2010-07-30 01:27:41 ----A---- G:\WINDOWS\avisplitter.ini
2010-07-30 01:27:31 ----A---- G:\WINDOWS\system32\yv12vfw.dll
2010-07-30 01:27:30 ----A---- G:\WINDOWS\system32\xvidvfw.dll
2010-07-30 01:27:30 ----A---- G:\WINDOWS\system32\xvidcore.dll
2010-07-30 01:27:26 ----A---- G:\WINDOWS\system32\dpl100.dll
2010-07-30 01:27:13 ----A---- G:\WINDOWS\system32\divx.dll
2010-07-30 01:27:11 ----A---- G:\WINDOWS\system32\ff_vfw.dll.manifest
2010-07-30 01:27:11 ----A---- G:\WINDOWS\system32\ff_vfw.dll
2010-07-30 01:27:05 ----D---- G:\Program Files\K-Lite Codec Pack
2010-07-29 09:30:09 ----A---- G:\WINDOWS\IFinst27.exe
2010-07-26 13:45:57 ----D---- G:\Program Files\ReflexiveArcade
2010-07-21 09:39:59 ----D---- G:\Program Files\Common Files\Adobe AIR
2010-07-21 09:39:59 ----D---- G:\Program Files\Adobe
2010-07-21 09:13:53 ----D---- G:\Documents and Settings\All Users\Data aplikací\McAfee
2010-07-21 09:13:28 ----D---- G:\Documents and Settings\All Users\Data aplikací\NOS
2010-07-21 09:05:34 ----D---- G:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-07-21 09:04:26 ----D---- G:\WINDOWS\Downloaded Installations
2010-07-17 12:13:33 ----D---- G:\Documents and Settings\All Users\Data aplikací\Fallout3
2010-07-17 12:11:22 ----D---- G:\Program Files\MSBuild
2010-07-17 12:09:30 ----D---- G:\WINDOWS\system32\XPSViewer
2010-07-17 12:09:28 ----D---- G:\WINDOWS\system32\en-us
2010-07-17 12:08:51 ----D---- G:\Program Files\Reference Assemblies
2010-07-14 07:27:32 ----D---- G:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-08-08 01:55:45 ----D---- G:\WINDOWS\Prefetch
2010-08-08 01:47:03 ----D---- G:\WINDOWS\Temp
2010-08-07 13:49:19 ----D---- G:\Documents and Settings\Admin\Data aplikací\Skype
2010-08-07 10:10:19 ----D---- G:\WINDOWS\system32\CatRoot2
2010-08-07 09:47:47 ----D---- G:\Documents and Settings\Admin\Data aplikací\skypePM
2010-08-07 09:46:07 ----D---- G:\WINDOWS\system32\Lang
2010-08-07 02:29:41 ----A---- G:\WINDOWS\SchedLgU.Txt
2010-08-06 20:53:52 ----HD---- G:\Program Files\InstallShield Installation Information
2010-08-04 16:42:33 ----A---- G:\WINDOWS\NeroDigital.ini
2010-08-04 09:09:21 ----D---- G:\WINDOWS
2010-08-04 01:57:49 ----RSD---- G:\WINDOWS\Fonts
2010-08-03 21:36:23 ----D---- G:\WINDOWS\system32\drivers
2010-08-03 21:36:21 ----SD---- G:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-08-03 21:07:26 ----HD---- G:\WINDOWS\inf
2010-08-03 21:05:20 ----SHD---- G:\WINDOWS\Installer
2010-08-03 21:05:20 ----D---- G:\Config.Msi
2010-08-03 21:04:50 ----DC---- G:\WINDOWS\system32\DRVSTORE
2010-08-03 21:04:04 ----RD---- G:\Program Files
2010-08-03 21:03:43 ----D---- G:\Program Files\DIFX
2010-08-03 21:03:15 ----D---- G:\WINDOWS\system32
2010-08-03 20:57:26 ----D---- G:\WINDOWS\system32\LogFiles
2010-08-03 20:55:50 ----D---- G:\Program Files\Windows Media Player
2010-08-03 20:55:47 ----RSHDC---- G:\WINDOWS\system32\dllcache
2010-08-03 20:51:08 ----D---- G:\Program Files\Common Files
2010-08-01 19:26:38 ----D---- G:\Documents and Settings\Admin\Data aplikací\Mumble
2010-07-25 10:34:41 ----A---- G:\WINDOWS\WTRAN32.INI
2010-07-21 09:40:00 ----D---- G:\Documents and Settings\All Users\Data aplikací\Adobe
2010-07-21 09:40:00 ----D---- G:\Documents and Settings\Admin\Data aplikací\Adobe
2010-07-21 09:11:39 ----D---- G:\Documents and Settings\Admin\Data aplikací\Macromedia
2010-07-20 11:31:27 ----A---- G:\WINDOWS\WINCMD.INI
2010-07-20 11:31:10 ----A---- G:\WINDOWS\wcx_ftp.ini
2010-07-17 19:51:00 ----RSD---- G:\WINDOWS\assembly
2010-07-17 19:51:00 ----D---- G:\WINDOWS\Microsoft.NET
2010-07-17 12:13:31 ----D---- G:\WINDOWS\system32\DirectX
2010-07-17 12:11:50 ----A---- G:\WINDOWS\system32\PerfStringBackup.INI
2010-07-16 22:37:12 ----D---- G:\Documents and Settings\All Users\Data aplikací\FireGlow
2010-07-12 17:07:16 ----D---- G:\Documents and Settings\Admin\Data aplikací\Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; G:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; G:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-26 15424]
R1 SbFw;SbFw; G:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; G:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; G:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; G:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; G:\WINDOWS\system32\drivers\amon.sys [2009-08-26 512096]
R3 BlueletAudio;Bluetooth Audio Service; G:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; G:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 dgderdrv;dgderdrv; G:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\G:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; G:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; G:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); G:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-04 2951680]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver; G:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2006-03-27 26752]
R3 nv;nv; G:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 pcouffin;VSO Software pcouffin; G:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-29 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; G:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; G:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tap0901;TAP-Win32 Adapter V9; G:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-10-02 25984]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; G:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; G:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; G:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; G:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; G:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 ab5sglqw;ab5sglqw; G:\WINDOWS\system32\drivers\ab5sglqw.sys []
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; G:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
S3 BT;Bluetooth PAN Network Adapter; G:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; G:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 hamachi;Hamachi Network Interface; G:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-08-26 25280]
S3 npkcrypt;npkcrypt; \??\D:\HRY\RO\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\HRY\RO\npkycryp.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; G:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); G:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); G:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; G:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; G:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; G:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; G:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; G:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; G:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\H:\Program Files\Karaoke Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; G:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 dgdersvc;Device Error Recovery Service; G:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 FsUsbExService;FsUsbExService; G:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 NOD32krn;NOD32 Kernel Service; G:\Program Files\Eset\nod32krn.exe [2009-08-26 552064]
R2 NVSvc;NVIDIA Display Driver Service; G:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; G:\WINDOWS\system32\PnkBstrA.exe [2009-10-09 66872]
R2 SbPF.Launcher;SbPF.Launcher; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; H:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UxTuneUp;TuneUp Theme Extension; G:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; G:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; G:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; H:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; G:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 OpenVPNService;OpenVPN Service; H:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-10-02 36352]
S3 ServiceLayer;ServiceLayer; G:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 gupdate;Služba Google Update (gupdate); G:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; G:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; G:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service; G:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-19 306432]

-----------------EOF-----------------

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

po skenu a restartu nemuzu najit ten log,v g:/Combofix.txt neni,ani ve slozce qoobox

/edit zkusim to jeste jednou
/edit2 ne,nejde dokoncit sken,asi u 50faze se vypne monitor(kontrolka blika jako v rezimu spanku) a nejde nicdelat,nechal sem pc 15 minut a nic,tak sem ho resetl,nyni nefungujou virtualni mechaniky (daemon) a nevidim jmena procesu - kdo a co je spustilo http://img825.imageshack.us/f/daemon.jpg/

Zkuste provést v Nouzovém režimu.

sken v nouzaku sel,sice trval dlouho,ale sel...potom ale pocitac nesel zapnout,pri zapnutim "power" se ozvalo jen *píííííííííííp* a zase se vypl,pomohlo vypnuti ze zasuvky,ale windows to nejak nerozchodily,parkrat se sekly v "spousteni systemu windows",potom nasledovalo 2x bsod, a potom se teprve uracily zapnout...

tak tady je log:
ComboFix 10-08-07.02 - Admin 08.08.2010 18:58:46.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.707 [GMT 2:00]
Spuštěný z: g:\documents and settings\Admin\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\windows\system32\muzapp.exe
H:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-03 19:04 . 2009-09-19 05:30 100224 ----a-w- g:\windows\system32\drivers\ss_bserd.sys
2010-08-03 19:04 . 2009-09-19 05:30 14848 ----a-w- g:\windows\system32\drivers\ss_bmdfl.sys
2010-08-03 19:04 . 2009-09-19 05:30 12416 ----a-w- g:\windows\system32\drivers\ss_bcmnt.sys
2010-08-03 19:04 . 2009-09-19 05:30 12416 ----a-w- g:\windows\system32\drivers\ss_bcm.sys
2010-08-03 19:04 . 2009-09-19 05:30 123648 ----a-w- g:\windows\system32\drivers\ss_bmdm.sys
2010-08-03 19:04 . 2009-09-19 05:30 98432 ----a-w- g:\windows\system32\drivers\ss_bbus.sys
2010-08-03 19:04 . 2009-09-19 05:30 12288 ----a-w- g:\windows\system32\drivers\ss_bwhnt.sys
2010-08-03 19:04 . 2009-09-19 05:30 12288 ----a-w- g:\windows\system32\drivers\ss_bwh.sys
2010-08-03 19:04 . 2010-08-03 19:04 -------- d-----w- g:\program files\SAMSUNG
2010-08-03 19:03 . 2008-08-26 07:26 18816 ----a-w- g:\windows\system32\drivers\pccsmcfd.sys
2010-08-03 19:03 . 2009-12-22 02:31 36640 ----a-w- g:\windows\system32\FsUsbExDisk.Sys
2010-08-03 19:03 . 2009-12-22 02:31 217088 ----a-w- g:\windows\system32\FsUsbExService.Exe
2010-08-03 19:03 . 2009-11-03 06:32 110592 ----a-w- g:\windows\system32\FsUsbExDevice.Dll
2010-08-03 19:00 . 2010-08-03 19:03 -------- d-----w- g:\program files\PC Connectivity Solution
2010-08-03 18:57 . 2010-08-03 18:57 -------- d-----w- g:\program files\MarkAny
2010-08-03 18:55 . 2010-08-03 19:36 -------- d-----w- g:\windows\system32\drivers\umdf
2010-08-03 18:51 . 2010-08-03 18:57 -------- d-----w- g:\program files\Common Files\Samsung
2010-07-29 23:27 . 2010-03-15 09:31 165376 ----a-w- g:\windows\system32\unrar.dll
2010-07-29 23:27 . 2004-01-25 16:18 217088 ----a-w- g:\windows\system32\yv12vfw.dll
2010-07-29 23:27 . 2010-06-08 16:10 790528 ----a-w- g:\windows\system32\xvidcore.dll
2010-07-29 23:27 . 2010-06-08 16:10 134144 ----a-w- g:\windows\system32\xvidvfw.dll
2010-07-29 23:27 . 2010-03-10 19:29 94208 ----a-w- g:\windows\system32\dpl100.dll
2010-07-29 23:27 . 2010-02-19 19:27 720384 ----a-w- g:\windows\system32\divx.dll
2010-07-29 23:27 . 2010-07-14 08:00 108032 ----a-w- g:\windows\system32\ff_vfw.dll
2010-07-29 23:27 . 2010-07-29 23:27 -------- d-----w- g:\program files\K-Lite Codec Pack
2010-07-29 07:30 . 2010-07-29 09:17 65536 ----a-w- g:\windows\IFinst27.exe
2010-07-26 11:45 . 2010-07-26 11:45 -------- d-----w- g:\program files\ReflexiveArcade
2010-07-21 07:39 . 2010-07-21 07:39 -------- d-----w- g:\program files\Common Files\Adobe AIR
2010-07-21 07:04 . 2010-07-21 10:59 -------- d-----w- g:\windows\Downloaded Installations
2010-07-17 10:11 . 2010-07-17 10:11 -------- d-----w- g:\program files\MSBuild
2010-07-17 10:09 . 2010-07-17 10:09 -------- d-----w- g:\windows\system32\XPSViewer
2010-07-17 10:08 . 2010-07-17 10:08 -------- d-----w- g:\program files\Reference Assemblies
2010-07-14 05:27 . 2010-07-14 05:27 -------- d-----w- g:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 11:21 . 2009-08-26 17:11 -------- d--h--w- g:\program files\InstallShield Installation Information
2010-08-03 19:03 . 2009-11-04 16:28 -------- d-----w- g:\program files\DIFX
2010-07-17 10:11 . 2001-10-25 14:00 78052 ----a-w- g:\windows\system32\perfc005.dat
2010-07-17 10:11 . 2001-10-25 14:00 429024 ----a-w- g:\windows\system32\perfh005.dat
2010-05-24 15:40 . 2009-12-19 20:21 107888 ----a-w- g:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="h:\program files\Samsung\Kies\" [X]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"DAEMON Tools Lite"="g:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Steam"="h:\program files\steam\steam.exe" [2010-05-07 1238352]
"Infium"="h:\program files\QIP Infium\infium.exe" [2009-03-25 5245440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"nod32kui"="g:\program files\Eset\nod32kui.exe" [2009-08-26 949376]
"PWRISOVM.EXE"="h:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

g:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - g:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.Defrag"=3 (0x3)
"LightScribeService"=2 (0x2)
"gupdate"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"h:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"g:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"h:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"h:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"g:\\WINDOWS\\system32\\PnkBstrA.exe"=
"g:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\XBlades\\xblades.exe"=
"h:\\Program Files\\XBlades\\launcher.exe"=
"h:\\Program Files\\capcom\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"h:\\Program Files\\capcom\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"h:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"h:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"h:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"h:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"h:\\Program Files\\capcom\\Bionic Commando Rearmed\\bcr.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando\\Bionic Commando\\bionic_commando.exe"=
"c:\\Program Files\\Capcom\\Bionic Commando\\Bionic Commando\\Support\\CAP1-0101.exe"=
"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"h:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iteraid;ITERAID_Service_Install;g:\windows\system32\drivers\iteraid.sys [26.8.2009 19:12 25067]
R1 SbFw;SbFw;g:\windows\system32\drivers\SbFw.sys [26.8.2009 21:14 270888]
R3 ip100xp;ASUS NX1001 Network Adapter NT Driver;g:\windows\system32\drivers\ipfnd51.sys [26.8.2009 18:57 26752]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;g:\windows\system32\drivers\SbFwIm.sys [26.8.2009 21:14 65576]
S1 nod32drv;nod32drv;g:\windows\system32\drivers\nod32drv.sys [26.8.2009 20:01 15424]
S1 sbhips;Sunbelt HIPS Driver;g:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 dgdersvc;Device Error Recovery Service;g:\windows\system32\dgdersvc.exe [22.12.2009 4:31 95568]
S2 FsUsbExService;FsUsbExService;g:\windows\system32\FsUsbExService.Exe [3.8.2010 21:03 217088]
S2 SbPF.Launcher;SbPF.Launcher;h:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;h:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288 begin_of_the_skype_highlighting 24 1365288 end_of_the_skype_highlighting]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;h:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [20.11.2009 15:17 25832]
S3 dgderdrv;dgderdrv;g:\windows\system32\drivers\dgderdrv.sys [22.12.2009 4:31 18136]
S3 FsUsbExDisk;FsUsbExDisk;g:\windows\system32\FsUsbExDisk.Sys [3.8.2010 21:03 36640]
S3 npkycryp;npkycryp;\??\d:\hry\RO\npkycryp.sys --> d:\hry\RO\npkycryp.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);g:\windows\system32\drivers\ss_bbus.sys [3.8.2010 21:04 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);g:\windows\system32\drivers\ss_bmdfl.sys [3.8.2010 21:04 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;g:\windows\system32\drivers\ss_bmdm.sys [3.8.2010 21:04 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;g:\windows\system32\drivers\ss_bserd.sys [3.8.2010 21:04 100224]
S3 zlportio;zlportio;\??\h:\program files\Karaoke Deluxe\zlportio.sys --> h:\program files\Karaoke Deluxe\zlportio.sys [?]
S4 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [15.1.2010 13:10 135664]
S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [26.8.2009 21:01 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-06 g:\windows\Tasks\1-Click Maintenance.job
- h:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-07-12 g:\windows\Tasks\Úklid 1 kliknutím.job
- h:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
LSP: g:\windows\system32\imon.dll
FF - ProfilePath - g:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\w3o702fj.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: h:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: g:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: h:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: h:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: h:\program files\Java\jre6\bin\new_plugin\npjp2.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
h:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ActiveSetup-{40U168R6-PDFN-12UO-136H-8QF5832V74HK} - g:\windows\system32\install\svchost.exe
AddRemove-01_Simmental - g:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - g:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - g:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - g:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - g:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - g:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - g:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - g:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - g:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - g:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - g:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - g:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - g:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - g:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - g:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - g:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - g:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 19:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1220945662-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,1f,c4,65,f4,9f,1e,0a,77,8f,e5,5b,ef,8c,59,61,cc,b2,b2,18,4e,0d,87,
68,e2,ee,53,96,3c,c2,d0,c1,9b,d1,8c,f9,51,68,d3,49,2c,a3,03,63,ae,3f,83,2d,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd

[HKEY_USERS\S-1-5-21-1004336348-1220945662-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,a3,d1,e9,43,49,bd,bb,1e,6c,8c,1f,35,2c,c2,25,49,6e,e7,dd,12,
9e,34,7b,55,ab,56,f2,ab,c0,93,fa,5b,34,d7,75,f7,2a,ca,db,80,69,7d,94,af,b6,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-08 19:05:54
ComboFix-quarantined-files.txt 2010-08-08 17:05

Před spuštěním: 9 948 356 608
Po spuštění: 9 951 723 520

- - End Of File - - B0A9515CCA1CF6530D61F9EC4AD38DC4

a jeste to smazalo "muzapp.exe"...mel by to bejt normalni software k mobilu

Stahněte ještě MBAM z mého podpisu a udelejte Rychly scan. Log sem vlozte, zatim nic nemazte.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4410

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9.8.2010 16:56:18
mbam-log-2010-08-09 (16-56-18).txt

Typ skenu: Rychlý sken
Skenované objekty: 127226
Uplynulý čas: 5 minuta(y), 19 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Co počítač a co mobil?

mobil je OK,pocitac najizdi normalne,jen FF porad zere vic pameti nez driv,mam otevreny 3 panely a s tim jejich plugin-container.exe to momentalne zere 160MB pameti

Nevím, kolik má žrát. Mně žere zhruba 110-120. Zkuste pročistit CCleanerem. Ovšem pokud máte dostatečnou paměť, nemělo by to s počítačem nic dělat.

mam jen 1GB pameti,kazdy kilo navic je znat,ale asi ses tim musim smirit, CCleaner pouzivam

dik za kontrolu..a mohl bys sem este hodit ten prikaz na smazani combofixu?

a jeste porad nefunguje daemon tools,jde to nak opravit?

Zkuste DaemonTools reinstalovat. Měl jste tam přecejenom vir.

Start-Spustit-combofix /Uninstall

VIRY.CZ

FF zere nejak moc pameti

FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti

Re: FF zere nejak moc pameti