Avast: Win32:Malware-gen - prosím o kontrolu.

Zpráva

Ikvous · #1 Příspěvek od **Ikvous** » 10 lis 2010 19:07

Přeji krásný dobrý večer,

mám tu jeden počítač po zátahu kouzelného šmejda ze Skypu (něco s fotkou a facebook.exe). Avast sice nalezl a odstranil, ale vyskakující ikona u hodin s nápisem "Z počítače byl odstraněn škodlivý software. Klepnutím sem dokončíte proces odstranění." se mi vůbec nelíbí. Nemluvě o tom, že tuhle ikonu jsem tam ještě neviděl, tak prosím o kontrolu logu. Díky moc. Jo, a ještě se samovolně odpojuje a připojuje Wi-Fi (sice otázka jedné sekundy), ale to spíš bude HW záležitost.

Logfile of random's system information tool 1.08 (written by random/random)
Run by uzivatel at 2010-11-10 19:02:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (34%) free of 238 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:18, on 10.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\T-Mobile\GT Connect\GT Connect.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\uzivatel\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: GT Connect.lnk = C:\Program Files\T-Mobile\GT Connect\GT Connect.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2652703105
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Služba Google Update (gupdate1ca385a49ebaeb8) (gupdate1ca385a49ebaeb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12114 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{97128AC4-7430-4968-8F0C-407D6D34E59C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2008-05-27 360448]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2007-10-15 266240]
"SmoothView"=C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe [2007-05-11 143360]
"NDSTray.exe"=NDSTray.exe []
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2007-04-26 495616]
"Adobe Reader Speed Launcher"=c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-07 16860672]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-04-29 417792]
"ACU"=C:\Program Files\Atheros\ACU.exe [2008-04-14 450648]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-14 98304]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2008-07-22 357376]
""= []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-09-15 1347496]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
GT Connect.lnk - C:\Program Files\T-Mobile\GT Connect\GT Connect.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-04-07 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe"="C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod"="C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid"
"C:\Program Files\Rockstar Games\GTA2\gta2.exe"="C:\Program Files\Rockstar Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\GscView\GscView.exe"="E:\GscView\GscView.exe:*:Enabled:GeviScope media and database viewer"
"C:\Program Files\GscView\GscView.exe"="C:\Program Files\GscView\GscView.exe:*:Enabled:GeviScope media and database viewer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\GscView\GscView.exe"="D:\GscView\GscView.exe:*:Enabled:GeviScope media and database viewer"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe"="C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-10 18:56:41 ----HD---- C:\WINDOWS\PIF
2010-11-10 18:48:30 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-10 18:45:04 ----D---- C:\rsit
2010-10-28 15:48:43 ----D---- C:\Prevence
2010-10-21 20:03:38 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-14 08:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 08:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 08:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 08:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 08:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 08:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 08:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 08:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 08:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-10 19:02:11 ----D---- C:\Program Files\trend micro
2010-11-10 19:00:49 ----D---- C:\WINDOWS\Temp
2010-11-10 19:00:47 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Skype
2010-11-10 18:57:44 ----AD---- C:\WINDOWS\system32
2010-11-10 18:57:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-10 18:57:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-10 18:57:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-10 18:56:44 ----A---- C:\WINDOWS\system.ini
2010-11-10 18:56:41 ----D---- C:\WINDOWS
2010-11-10 18:43:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 18:37:39 ----D---- C:\WINDOWS\Prefetch
2010-11-10 18:37:10 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
2010-11-10 11:19:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-10 11:19:42 ----D---- C:\Záloha flesh
2010-11-09 20:19:41 ----A---- C:\WINDOWS\ULead32.ini
2010-11-09 20:07:29 ----A---- C:\WINDOWS\wincmd.ini
2010-11-09 17:01:58 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\FileZilla
2010-11-09 16:35:01 ----D---- C:\HDV master
2010-11-09 15:17:50 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Image Zone Express
2010-11-09 14:20:58 ----D---- C:\Odkladaci
2010-11-08 19:40:08 ----A---- C:\WINDOWS\VFO.INI
2010-10-25 10:26:30 ----HD---- C:\WINDOWS\inf
2010-10-21 20:03:48 ----SHD---- C:\WINDOWS\Installer
2010-10-21 20:03:48 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-10-21 20:03:45 ----HD---- C:\Config.Msi
2010-10-21 20:03:38 ----RD---- C:\Program Files
2010-10-14 08:57:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 08:57:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 08:57:51 ----A---- C:\WINDOWS\imsins.BAK
2010-10-14 08:57:45 ----D---- C:\WINDOWS\system32\drivers
2010-10-14 08:57:39 ----D---- C:\WINDOWS\WinSxS
2010-10-14 08:57:15 ----D---- C:\Program Files\Internet Explorer
2010-10-14 08:57:06 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-06-12 89264]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-04-15 312344]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sbp2port;Ovladač sběrnice pro přenos dat zařízení podporujícího protokol SBP-2; C:\WINDOWS\system32\DRIVERS\sbp2port.sys [2008-04-13 43904]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-06 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver; C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-08 1309504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-08 2876928]
R3 FwLnk;FwLnk Driver; C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-09 4703744]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2006-11-16 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Chicony USB 2.0 Camera; C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 UVCFTR;UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a8g61ki0;a8g61ki0; C:\WINDOWS\system32\drivers\a8g61ki0.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 catchme;catchme; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-10-31 8064]
S3 GTUQBUS;GT UQ BUS; C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2006-10-31 36992]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys []
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-10-11 110080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2008-04-14 467028]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-04-07 536576]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 EmmaDevMgmtSvc;Emma Device Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-07-01 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management; C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-07-01 162936]
R2 GtFlashSwitch;GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2008-04-14 34304]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2007-11-21 129632]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 124264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate1ca385a49ebaeb8;Služba Google Update (gupdate1ca385a49ebaeb8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-13 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 10 lis 2010 19:36

Zdravim a pekny den preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Ikvous · #3 Příspěvek od **Ikvous** » 10 lis 2010 20:04

Takže, ta ikona, co jsem psal předtím už nevyskočila a zde je log z CmbFixu

ComboFix 10-11-09.03 - uzivatel 10.11.2010 19:52:02.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1204 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\MPENGINE.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 17:56 . 2010-11-10 17:56 -------- d--h--w- c:\windows\PIF
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- C:\rsit
2010-10-28 14:48 . 2010-11-10 10:20 -------- d-----w- C:\Prevence
2010-10-25 19:17 . 2010-10-25 19:17 1409 ----a-w- c:\windows\QTFont.for
2010-10-21 19:03 . 2010-10-21 19:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-14 07:40 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 07:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 07:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 07:40 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-08-29 11:47 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-08-29 11:47 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-08-29 11:47 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-08-29 11:47 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-08-29 11:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-08-29 11:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-08-29 11:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-08-27 02:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-10-19 08:24 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-10-19 08:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-10-19 08:25 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-10-19 08:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-10-19 08:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-10-19 08:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-10-19 08:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-10-19 08:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 17:50 . 2010-09-06 17:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 11:52 . 2008-08-29 11:47 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-08-29 11:47 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-08-29 11:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-08-29 11:47 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 21:24 . 2010-08-26 21:24 199318 ----a-w- C:\cc_20100826_232423.reg
2010-08-26 13:39 . 2008-08-29 11:47 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-08-29 11:47 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-08-29 11:47 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-08-29 11:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-09-15 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"TPSMain"="TPSMain.exe" [2007-10-15 266240]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-14 98304]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
GT Connect.lnk - c:\program files\T-Mobile\GT Connect\GT Connect.exe [2007-5-31 557056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GscView\\GscView.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.9.2010 18:50 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.10.2009 9:25 165584]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [3.6.2010 11:26 122096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.10.2009 9:25 17744]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [1.7.2010 16:43 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [1.7.2010 16:43 162936]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [9.10.2009 11:50 16376]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [9.2.2007 13:48 176128]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [18.5.2010 9:53 90112]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.3.2007 11:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.2.2007 11:15 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [29.8.2008 13:32 5888]
S2 gupdate1ca385a49ebaeb8;Služba Google Update (gupdate1ca385a49ebaeb8);c:\program files\Google\Update\GoogleUpdate.exe [18.9.2009 13:19 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.7.2010 12:04 13224]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [31.10.2006 13:44 36992]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [9.10.2009 11:51 51040]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [18.5.2010 9:53 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [18.5.2010 9:53 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [18.5.2010 9:53 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [18.5.2010 9:54 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [18.5.2010 9:53 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [18.5.2010 9:54 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [18.5.2010 9:54 109736]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 12:19]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 12:19]

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{97128AC4-7430-4968-8F0C-407D6D34E59C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 19:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4332)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-10 20:02:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-10 19:02
ComboFix2.txt 2009-10-11 19:19

Před spuštěním: Volných bajtů: 85 823 901 696
Po spuštění: Volných bajtů: 86 806 155 264

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg

- - End Of File - - E24AB3768C66879AFB74154D3E5EE5C4

#4 Příspěvek od **vyosek** » 10 lis 2010 20:10

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Skype"=-
"Sony Ericsson PC Suite"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"DivXUpdate"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{97128AC4-7430-4968-8F0C-407D6D34E59C}.job

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Ikvous · #5 Příspěvek od **Ikvous** » 10 lis 2010 20:29

Tak LOG byl trošku delší (asi tak na čtyři příspěvky), tak jsem ho hodil na http://leteckaposta.cz/202611502

#6 Příspěvek od **vyosek** » 10 lis 2010 20:51

Vlozte jej prosim sem a jen vynechte tu cast SnapShot...

Ikvous · #7 Příspěvek od **Ikvous** » 10 lis 2010 20:57

Tak to už se vejdu

ComboFix 10-11-09.03 - uzivatel 10.11.2010 20:14:50.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1313 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{97128AC4-7430-4968-8F0C-407D6D34E59C}.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{97128AC4-7430-4968-8F0C-407D6D34E59C}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-10 do 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 17:56 . 2010-11-10 17:56 -------- d--h--w- c:\windows\PIF
2010-11-10 17:45 . 2010-11-10 17:45 -------- d-----w- C:\rsit
2010-10-28 14:48 . 2010-11-10 10:20 -------- d-----w- C:\Prevence
2010-10-25 19:17 . 2010-10-25 19:17 1409 ----a-w- c:\windows\QTFont.for
2010-10-21 19:03 . 2010-10-21 19:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-14 07:40 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 07:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 07:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 07:40 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-08-29 11:47 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-08-29 11:47 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-08-29 11:47 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-08-29 11:47 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-08-29 11:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-08-29 11:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-08-29 11:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-08-27 02:52 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-10-19 08:24 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-10-19 08:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-10-19 08:25 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-10-19 08:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-10-19 08:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-10-19 08:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-10-19 08:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-10-19 08:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 17:50 . 2010-09-06 17:50 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 11:52 . 2008-08-29 11:47 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-08-29 11:47 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-08-29 11:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-08-29 11:47 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 21:24 . 2010-08-26 21:24 199318 ----a-w- C:\cc_20100826_232423.reg
2010-08-26 13:39 . 2008-08-29 11:47 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-08-29 11:47 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-08-29 11:47 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-08-29 11:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-09-15 1347496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"TPSMain"="TPSMain.exe" [2007-10-15 266240]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
GT Connect.lnk - c:\program files\T-Mobile\GT Connect\GT Connect.exe [2007-5-31 557056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GscView\\GscView.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.9.2010 18:50 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.10.2009 9:25 165584]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [3.6.2010 11:26 122096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.10.2009 9:25 17744]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [1.7.2010 16:43 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [1.7.2010 16:43 162936]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [9.10.2009 11:50 16376]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [9.2.2007 13:48 176128]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.3.2007 11:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.2.2007 11:15 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [29.8.2008 13:32 5888]
S2 gupdate1ca385a49ebaeb8;Služba Google Update (gupdate1ca385a49ebaeb8);c:\program files\Google\Update\GoogleUpdate.exe [18.9.2009 13:19 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [18.5.2010 9:53 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.7.2010 12:04 13224]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [31.10.2006 13:44 36992]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [9.10.2009 11:51 51040]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [18.5.2010 9:53 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [18.5.2010 9:53 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [18.5.2010 9:53 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [18.5.2010 9:54 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [18.5.2010 9:53 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [18.5.2010 9:54 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [18.5.2010 9:54 109736]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-10 20:19:40
ComboFix-quarantined-files.txt 2010-11-10 19:19
ComboFix2.txt 2010-11-10 19:02
ComboFix3.txt 2009-10-11 19:19

Před spuštěním: Volných bajtů: 86 812 917 760
Po spuštění: Volných bajtů: 86 793 629 696

- - End Of File - - BA0DFBD4341D7A5FBCE548A86210C28C

#8 Příspěvek od **vyosek** » 10 lis 2010 20:58

Log vypada jiz cisty, jak se chova PC

Ikvous · #9 Příspěvek od **Ikvous** » 10 lis 2010 20:59

Přijde mi vše OK, alespoň takhle na první pohled, tak doufám, že to vydrží

Tak děkuji za pomoc, jsem Vaším dlužníkem.

#10 Příspěvek od **vyosek** » 10 lis 2010 21:23

Jeste uklidime

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Dluznikem nejste, u nas na foru se neplati - forum funguje na bazi dobrovolnosti, radci jsou tu ve svem volnem case a zadarmo...podporu kterou uzivatelele poskytnout jde na chod serveru, webu apod - my radci\modi z toho nemame vubec ni...

VIRY.CZ

Avast: Win32:Malware-gen - prosím o kontrolu.

Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.

Re: Avast: Win32:Malware-gen - prosím o kontrolu.