VIRY.CZ

dobrý den,
po spuštění pc se mi samovolně otevře složka C:\Documents and Settings\......\Data aplikací\Microsoft , k tomu také nefunguje čtečka paměťových karet, kterou když nechám povolenou ve správci zařízení, tak se mi neustále opakuje hláška windows - chybí disk ( exception processing message.....)-přeinstalování ovladače nepomohlo,
přidávám log,
díky za rady


Logfile of random's system information tool 1.06 (written by random/random)
Run by bečvářovi at 2010-10-03 16:36:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (42%) free of 38 GB
Total RAM: 1023 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\COMODO System Cleaner Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-07-29 1153024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.06\RivaTuner.exe [2007-10-30 2650112]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-07-29 1024512]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Windows Security Center"=C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe [2010-07-14 987136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Security Center"=C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe [2010-07-14 987136]
"Windows Update"=C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe [2010-09-22 1536000]
"Microsoft Driver"=C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe [2010-09-22 1536000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Windows Security Center"=C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe [2010-07-14 987136]
"OEXPRESS"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Security Center"=C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe [2010-07-14 987136]
"Windows Update"=C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe [2010-09-22 1536000]
"Microsoft Driver"=C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe [2010-09-22 1536000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
C:\PROGRA~1\MOBILE~2\SMARTS~1\SCHEDU~1.EXE [2005-10-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bečvářovi^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Disabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\DC+\Dokončené\soft\sdc221\StrongDC.exe"="D:\DC+\Dokončené\soft\sdc221\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium Beta"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\bečvářovi\Dokumenty\Honza\sdc222\StrongDC.exe"="C:\Documents and Settings\bečvářovi\Dokumenty\Honza\sdc222\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe"="C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2"
"C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe"="C:\Documents and Settings\bečvářovi\Data aplikací\winlogon.exe:*:Enabled:Windows Security Center"
"C:\WINDOWS\System32\winpea.exe"="C:\WINDOWS\System32\winpea.exe:*:Enabled:Window Proxy Service"
"C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe"="C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe"
"C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\csrss.exe"="C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups\csrss.exe:*:Enabled:lsass"
"C:\Documents and Settings\Administrator.BEČVY\Data aplikací\winlogon.exe"="C:\Documents and Settings\Administrator.BEČVY\Data aplikací\winlogon.exe:*:Enabled:Windows Security Center"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56287d80-b3f0-11dd-ae98-0040ca833c2d}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa741f1c-8035-11df-b2e7-0040ca833c2d}]
shell\AutoRun\command - E:\HPLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77f09c4-eddc-11dd-af43-0040ca833c2d}]
shell\AutoRun\command - D:\ZÁLOHA\DRUHÁ\WDSETUP.EXE


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-10-03 16:14:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-03 13:54:31 ----D---- C:\rsit
2010-10-03 11:35:37 ----SHD---- C:\Config.Msi
2010-09-22 11:05:05 ----D---- C:\Program Files\Common Files\Java
2010-09-22 11:04:42 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-22 11:04:42 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-22 11:04:42 ----A---- C:\WINDOWS\system32\java.exe
2010-09-22 11:03:54 ----D---- C:\Documents and Settings\bečvářovi\Data aplikací\tor
2010-09-22 11:02:45 ----SHD---- C:\Documents and Settings\bečvářovi\Data aplikací\Microsoft Backups
2010-09-16 16:51:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2010-09-16 16:51:11 ----D---- C:\Documents and Settings\bečvářovi\Data aplikací\LangSoft

======List of files/folders modified in the last 1 months======

2010-10-03 16:36:01 ----D---- C:\WINDOWS\Temp
2010-10-03 16:35:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-03 16:34:28 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-10-03 16:32:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-03 16:31:24 ----D---- C:\WINDOWS
2010-10-03 16:15:13 ----D---- C:\Documents and Settings
2010-10-03 14:30:35 ----D---- C:\WINDOWS\Prefetch
2010-10-03 13:46:34 ----A---- C:\WINDOWS\WINCMD.INI
2010-10-03 12:34:56 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-03 12:34:51 ----RSD---- C:\WINDOWS\assembly
2010-10-03 11:45:27 ----SHD---- C:\WINDOWS\Installer
2010-10-03 11:43:36 ----D---- C:\WINDOWS\system32
2010-10-03 11:43:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-03 11:42:53 ----D---- C:\WINDOWS\WinSxS
2010-09-29 17:17:36 ----HD---- C:\WINDOWS\inf
2010-09-26 16:24:46 ----D---- C:\Documents and Settings\bečvářovi\Data aplikací\U3
2010-09-22 11:05:05 ----D---- C:\Program Files\Common Files
2010-09-22 11:04:38 ----D---- C:\Program Files\Java
2010-09-16 16:55:42 ----D---- C:\Program Files\Translator
2010-09-16 16:48:52 ----D---- C:\WINDOWS\Debug
2010-09-15 14:12:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 14:12:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 14:08:39 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-12 16:02:39 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 81920]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2008-01-25 114496]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-05 71184]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-12-16 29440]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-05-09 13312]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-01-29 370382]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-23 47360]
R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-07-18 15264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 an670zpp;an670zpp; C:\WINDOWS\system32\drivers\an670zpp.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-14 25280]
S3 MA-620;Mobile Action MA-660 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\MA-620.sys [2003-03-25 27136]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2002-04-09 39552]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-07-18 47744]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-10-10 1617920]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe [2008-12-31 693512]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-19 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe [2008-12-31 910600]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ok, tady je log:


ComboFix 10-10-02.02 - bečvářovi 03.10.2010 17:48:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.643 [GMT 2:00]
Spuštěný z: c:\documents and settings\bečvářovi\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\kb128\SeARchsettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 14:15 . 2010-07-14 16:55 987136 --sh--r- c:\documents and settings\Administrator.BEČVY\Data aplikací\winlogon.exe
2010-10-03 14:15 . 2010-10-03 14:15 -------- d-----w- c:\documents and settings\Administrator.BEČVY
2010-10-03 11:54 . 2010-10-03 11:54 -------- d-----w- C:\rsit
2010-09-23 17:14 . 2010-09-24 09:11 1540096 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\svchost.exe
2010-09-22 09:05 . 2010-09-22 09:05 -------- d-----w- c:\program files\Common Files\Java
2010-09-22 09:03 . 2010-09-28 07:54 855040 --sh--w- c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\csrss.exe
2010-09-22 09:03 . 2010-09-22 09:03 61440 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4bd2a537-n\decora-sse.dll
2010-09-22 09:03 . 2010-09-22 09:03 503808 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-553697f5-n\msvcp71.dll
2010-09-22 09:03 . 2010-09-22 09:03 499712 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-553697f5-n\jmc.dll
2010-09-22 09:03 . 2010-09-22 09:03 348160 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-553697f5-n\msvcr71.dll
2010-09-22 09:03 . 2010-09-22 09:03 12800 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4bd2a537-n\decora-d3d.dll
2010-09-22 09:01 . 2010-09-22 09:01 1536000 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe
2010-09-16 14:53 . 2010-09-16 14:55 798771 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
2010-09-16 14:53 . 2010-09-16 14:55 299008 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnWord.dll
2010-09-16 14:53 . 2010-09-16 14:55 356352 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOutl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 14:14 . 2010-08-13 14:24 1356 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-10-03 09:43 . 2001-10-25 16:00 80866 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 09:43 . 2001-10-25 16:00 435296 ----a-w- c:\windows\system32\perfh005.dat
2010-09-22 09:04 . 2009-01-29 18:45 -------- d-----w- c:\program files\Java
2010-09-16 14:55 . 2008-08-19 18:44 -------- d-----w- c:\program files\Translator
2010-09-13 21:21 . 2010-08-17 18:19 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\Protexis\KGyGaAvL.sys
2010-09-12 14:02 . 2007-12-15 18:25 -------- d-----w- c:\program files\Opera
2010-08-17 18:21 . 2010-08-17 18:21 88 --sh--r- c:\documents and settings\All Users\Data aplikací\Protexis\D475166551.sys
2010-08-17 18:14 . 2010-08-17 18:14 333376 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-08-17 18:12 . 2010-08-17 18:12 333376 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-08-17 18:11 . 2010-08-17 18:11 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-17 18:09 . 2010-08-17 18:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-08-17 18:08 . 2010-08-17 18:08 -------- d-----w- c:\program files\Microsoft SDKs
2010-08-17 18:08 . 2010-08-17 18:08 -------- d-----w- c:\program files\Microsoft.NET
2010-08-17 17:55 . 2008-02-04 15:05 -------- d-----w- c:\program files\Corel
2010-08-17 13:17 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 21:27 . 2007-12-15 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-16 14:30 . 2009-02-11 16:32 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2010-08-13 17:21 . 2009-09-02 15:13 -------- d-----w- c:\program files\Sony
2010-08-13 15:30 . 2010-08-13 15:30 -------- d-----w- c:\program files\Common Files\Common Share
2010-08-13 15:30 . 2010-08-13 15:30 -------- d-----w- c:\program files\OJOsoft
2010-08-13 14:59 . 2007-12-15 19:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-13 14:38 . 2010-08-13 12:46 189008 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-08-13 11:50 . 2008-01-24 14:18 -------- d-----w- c:\program files\Foxit Software
2010-07-24 14:32 . 2010-07-24 14:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 15:46 . 2004-08-17 15:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-04-26 13:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 17:08 . 2010-07-15 17:08 1224704 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Microsoft Logic\msdtc.exe
2010-07-14 16:55 . 2010-07-15 17:06 987136 --sh--r- c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Security Center"="c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe" [2010-07-14 987136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-01-29 1228800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-12-05 81920]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 2650112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Windows Security Center"="c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe" [2010-07-14 987136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Security Center"="c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe" [2010-07-14 987136]
"Windows Update"="c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe" [2010-09-22 1536000]
"Microsoft Driver"="c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe" [2010-09-22 1536000]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Security Center"="c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe" [2010-07-14 987136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe"
"Taskman"="c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^bečvářovi^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\bečvářovi\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-08 05:27 536576 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Documents and Settings\\bečvářovi\\Data aplikací\\winlogon.exe"=
"c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe"= c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe
"c:\\Documents and Settings\\bečvářovi\\Data aplikací\\Microsoft Backups\\csrss.exe"=
"c:\\Documents and Settings\\Administrator.BEČVY\\Data aplikací\\winlogon.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [2.1.2008 23:04 114496]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
R2 PD91Agent;PD91Agent;c:\program files\RAXCO\PerfectDisk\PD91Agent.exe [31.12.2008 13:12 693512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2009 17:52 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 18:00 3584]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 PD91Engine;PD91Engine;c:\program files\RAXCO\PerfectDisk\PD91Engine.exe [31.12.2008 13:12 910600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.12.2007 20:43 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E6630F5F-B6DB-4246-B921-8C1A5FB792C4}]
2010-09-22 09:01 1536000 ----a-w- c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\lsass.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 15:52]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.gmail.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\bečvářovi\Data aplikací\Mozilla\Firefox\Profiles\149o3u46.default\
FF - prefs.js: browser.startup.homepage - gmail.com
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 17:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Windows Update = c:\documents and settings\be?v??ovi\Data aplikac?\Microsoft Backups\lsass.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Microsoft Driver = c:\documents and settings\be?v??ovi\Data aplikac?\Microsoft Backups\lsass.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Celkový čas: 2010-10-03 18:00:24
ComboFix-quarantined-files.txt 2010-10-03 16:00

Před spuštěním: Volných bajtů: 16 601 436 160
Po spuštění: Volných bajtů: 16 589 811 712

- - End Of File - - C622634DFA2E4DD137F23AF64225412A

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\Administrator.BEČVY\Data aplikací\winlogon.exe
c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\svchost.exe
c:\documents and settings\bečvářovi\Data aplikací\Microsoft Backups\csrss.exe
c:\documents and settings\bečvářovi\Data aplikací\winlogon.exe
c:\windows\system32\regedt32.exe

Driver::
NOD32FiXTemDono

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Security Center"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Security Center"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Security Center"=-
"Windows Update"=-
"Microsoft Driver"=-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Security Center"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
"Taskman"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E6630F5F-B6DB-4246-B921-8C1A5FB792C4}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

díky moc, složka už se nespouští, a nabíhání počítače se výrazně zrychlilo. super práce!

Rádo se stalo!