VIRY.CZ

ahojte
asi před týdnem jsem si po zapnutí pc všiml, že mi zmizely všechny programy ze složky "programy" (cca 20), kam je všechny počlivě instaluju. zbyly po nich jen instalačky. po některých ani ty. jsem si na 99% jistý že jsem je omylem nesmazal ani nepřesunul -uvonilo se z ničeho nic cca 10GB. i přes to jsem zkusil program na obnovu smazaných dat, a byť to bylo hned ten den, neobjevily se v něm ani zbytky dat po nich. nechápu to. týden na to se mi začal sekat systém. každých 5 min se na 5s sekne nebo silně zpomalí. používám akualizovaný firewall, antivir, nainstalovaný nový SP i aktualizace a čas od času pustím CCleaner.
Mrkněte mi na to prosím, cítím z toho bubáky.
Díky moc
----------------------------------------------------------------------------------------------------------






Logfile of random's system information tool 1.08 (written by random/random)
Run by mdct2 at 2011-07-06 13:00:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (19%) free of 191 GB
Total RAM: 3070 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:12, on 6.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\programy\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razertra.exe
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\programy\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\mdct2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] "C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\programy\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://sykora.2020.net/planner/Core/Pla ... _Win32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9540116062
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1CC8C25-6281-4D38-8C4E-6C30CB62DAD3}: NameServer = 10.255.255.10,10.255.255.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\programy\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Unknown owner - C:\programy\Raxco\PerfectDisk2008\PD91Engine.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9658 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-01 1443072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872]
"razer"=C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe [2008-08-11 126976]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\programy\iTunes\iTunesHelper.exe [2010-09-01 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2010-07-19 323392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-09 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\programy\iTunes\iTunesHelper.exe [2010-09-01 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\programy\CyberLink\PowerDVD\Language\Language.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\programy\CyberLink\Power2Go\Power2GoExpress.exe /Startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\programy\PowerISO\PWRISOVM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
C:\Program Files\Razer Pro Solutions\ProClick v1.6\razerhid.exe [2008-08-11 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\programy\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe delay 20000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\programy\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-01-27 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2011-06-06 1240992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-12-11 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mdct2.MDCT^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMBalloonTip"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\programy\CyberLink\PowerDVD\PowerDVD.exe"="C:\programy\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\programy\uTorrent\utorrent.exe"="C:\programy\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Documents and Settings\All Users.WINDOWS\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\programy\BitSpirit\BitSpirit.exe"="C:\programy\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Downloads\utorrent.exe"="C:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Hry\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Hry\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Steam\steamapps\madcat_\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\madcat_\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Hrys\Fable III\Fable3.exe"="C:\Hrys\Fable III\Fable3.exe:*:Enabled:Fable III"
"C:\Downloads\utorrent-setup\utorrent.exe"="C:\Downloads\utorrent-setup\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\programy\iTunes\iTunes.exe"="C:\programy\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Hry\Combat Arms EU\CombatArms.exe"="C:\Hry\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Hry\Combat Arms EU\Engine.exe"="C:\Hry\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-06-26 20:39:08 ----D---- C:\WINDOWS\system32\20-20 Technologies
2011-06-26 12:47:30 ----D---- C:\Program Files\Recover Files
2011-06-26 12:44:11 ----D---- C:\Program Files\Runtime Software
2011-06-25 12:36:12 ----D---- C:\Documents and Settings\mdct2.MDCT\Data aplikací\Publish Providers
2011-06-25 11:51:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sony
2011-06-25 11:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2011-06-25 11:49:31 ----D---- C:\Documents and Settings\mdct2.MDCT\Data aplikací\Sony
2011-06-25 11:44:54 ----D---- C:\WINDOWS\RegisteredPackages
2011-06-25 10:45:59 ----D---- C:\Fraps
2011-06-21 20:08:42 ----D---- C:\Program Files\Adobe
2011-06-15 11:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-15 11:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-15 11:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-15 11:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-15 11:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-07 17:23:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\id Software

======List of files/folders modified in the last 1 months======

2011-07-06 13:00:09 ----D---- C:\Program Files\trend micro
2011-07-06 13:00:08 ----D---- C:\WINDOWS\temp
2011-07-06 13:00:00 ----D---- C:\WINDOWS\Prefetch
2011-07-06 12:57:48 ----D---- C:\Downloads
2011-07-06 10:38:28 ----SHD---- C:\WINDOWS\Installer
2011-07-06 10:38:28 ----SHD---- C:\Config.Msi
2011-07-06 10:29:31 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-06 10:26:56 ----D---- C:\WINDOWS
2011-07-06 01:04:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-05 21:29:49 ----D---- C:\WINDOWS\Minidump
2011-07-05 21:29:49 ----D---- C:\WINDOWS\Debug
2011-07-05 20:36:26 ----D---- C:\programy
2011-07-04 16:21:03 ----RSH---- C:\boot.ini
2011-07-04 16:21:03 ----A---- C:\WINDOWS\win.ini
2011-07-04 16:21:03 ----A---- C:\WINDOWS\system.ini
2011-07-02 23:46:23 ----D---- C:\škola
2011-07-02 21:40:13 ----D---- C:\Hry
2011-07-01 10:08:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-28 09:41:13 ----D---- C:\Program Files\Steam
2011-06-27 07:40:22 ----D---- C:\Documents and Settings\mdct2.MDCT\Data aplikací\uTorrent
2011-06-26 20:39:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-26 20:39:09 ----HD---- C:\WINDOWS\inf
2011-06-26 20:39:08 ----D---- C:\WINDOWS\system32
2011-06-26 13:37:46 ----D---- C:\Program Files\QIP
2011-06-26 13:35:28 ----D---- C:\Program Files
2011-06-26 12:51:07 ----D---- C:\Program Files\QIP Infium
2011-06-26 12:44:11 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-26 12:43:11 ----D---- C:\Documents and Settings\mdct2.MDCT\Data aplikací\WinRAR
2011-06-26 12:27:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-26 12:27:52 ----D---- C:\Program Files\Movie Maker
2011-06-26 12:27:50 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-26 09:37:44 ----D---- C:\Program Files\Garena
2011-06-26 09:37:38 ----D---- C:\Program Files\DOSBox-0.74
2011-06-25 13:55:56 ----D---- C:\WINDOWS\system32\drivers
2011-06-25 13:25:07 ----D---- C:\Program Files\Mozilla Firefox
2011-06-21 20:08:55 ----D---- C:\Program Files\Common Files\Adobe
2011-06-21 20:08:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2011-06-15 12:01:27 ----RSD---- C:\WINDOWS\assembly
2011-06-15 11:55:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-15 11:55:13 ----D---- C:\WINDOWS\WinSxS
2011-06-15 11:47:46 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-15 11:47:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-15 11:46:54 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-23 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-01 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-16 281760]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2008-08-28 71184]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-01 71176]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-16 25888]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-10-15 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-28 863402]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-03-01 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 Razerlow;Razerlow USB Filter Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [1857-01-01 5888]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-28 46992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys []
S2 wcafix;Windows Cursor Acceleration Fix; C:\WINDOWS\system32\DRIVERS\wcafix.sys [2007-11-19 1992]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-05-09 13312]
S3 aoaj6xcn;aoaj6xcn; C:\WINDOWS\system32\drivers\aoaj6xcn.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-11-28 47907]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-10-15 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-15 67672]
S3 catchme;catchme; \??\C:\DOCUME~1\MDCT2~1.MDC\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\MDCT2~1.MDC\LOCALS~1\Temp\DDN11B2.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.21\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-12-11 266295]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2009-04-27 32256]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-03 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 PD91Agent;PD91Agent; C:\programy\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-01-07 75136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-06 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\programy\Raxco\PerfectDisk2008\PD91Engine.exe []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dobrý den

tady to vypadá minimálně na rootkit

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

log je neuvěřitelně masitý

http://www.ulozto.cz/9590295/combofix-txt

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  
  KillAll::
  
  Driver::
  GarenaPEngine
  
  Rootkit::
  c:\docume~1\MDCT2~1.MDC\LOCALS~1\Temp\DDN11B2.tmp
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\License information*]
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NvMediaCenter"=-
  "iTunesHelper"=-
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AutoCAD Startup Accelerator.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^mdct2.MDCT^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
  [-HKEY_LOCAL_MACHINE\System\ControlSet009\Services\GarenaPEngine]
  
  DDS::
  uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

během comboxifování vyskočila chyba. windows chyba aplikace... víc jsem nestihl přečíst, pc se resetl

-----------------------------------------------------






ComboFix 11-07-06.02 - mdct2 06.07.2011 21:12:06.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2307 [GMT 2:00]
Spuštěný z: c:\documents and settings\mdct2.MDCT\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mdct2.MDCT\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-06 do 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-06-26 18:39 . 2011-06-26 18:39 -------- d-----w- c:\windows\system32\20-20 Technologies
2011-06-26 10:47 . 2011-06-26 10:47 -------- d-----w- c:\program files\Recover Files
2011-06-26 10:44 . 2011-06-26 10:44 -------- d-----w- c:\program files\Runtime Software
2011-06-25 10:36 . 2011-06-25 10:36 -------- d-----w- c:\documents and settings\mdct2.MDCT\Data aplikací\Publish Providers
2011-06-25 09:52 . 2011-06-25 09:52 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\Sony
2011-06-25 09:51 . 2011-06-25 09:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Sony
2011-06-25 09:49 . 2011-06-25 10:36 -------- d-----w- c:\documents and settings\mdct2.MDCT\Data aplikací\Sony
2011-06-25 09:46 . 2011-06-25 09:46 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\WMTools Downloaded Files
2011-06-25 08:45 . 2011-06-25 09:23 -------- d-----w- C:\Fraps
2011-06-25 08:34 . 2011-06-25 08:37 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\FLVService
2011-06-21 20:27 . 2011-06-21 20:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 20:27 . 2011-06-21 20:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 08:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 15:23 . 2011-06-07 15:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\id Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 19:19 . 2008-01-05 14:55 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-06-22 07:18 . 2011-05-17 07:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-21 20:07 . 2008-01-06 01:17 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-21 20:07 . 2009-03-13 21:52 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-21 20:07 . 2008-01-06 01:17 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-02 15:32 . 2008-01-05 13:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 1857-01-01 01:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 09:01 . 2008-01-06 01:17 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-25 16:06 . 2006-06-23 12:27 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 1857-01-01 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 1857-01-01 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 1857-01-01 01:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 20:27 . 2011-05-01 18:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-06_14.00.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-06 19:20 . 2011-07-06 19:20 16384 c:\windows\temp\Perflib_Perfdata_c8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"razer"="c:\program files\Razer Pro Solutions\ProClick v1.6\razerhid.exe" [2008-08-11 126976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hrys\\Fable III\\Fable3.exe"=
"c:\\Downloads\\utorrent-setup\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R?2 PD91Agent;PD91Agent;c:\programy\Raxco\PerfectDisk2008\PD91Agent.exe [31.12.2008 14:12 693512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2008 19:26 717296]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [15.1.2008 17:12 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4.6.2008 11:18 36608]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [3.1.2009 23:04 13225]
S2 wcafix;Windows Cursor Acceleration Fix;c:\windows\system32\drivers\wcafix.sys [16.5.2009 13:57 1992]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [15.7.2008 12:00 13824]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7.2.2011 21:47 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7.2.2011 21:47 8576]
S3 PD91Engine;PD91Engine;c:\programy\Raxco\PerfectDisk2008\PD91Engine.exe --> c:\programy\Raxco\PerfectDisk2008\PD91Engine.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\programy\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{E1CC8C25-6281-4D38-8C4E-6C30CB62DAD3}: NameServer = 10.255.255.10,10.255.255.20
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\mdct2.MDCT\Data aplikací\Mozilla\Firefox\Profiles\k6wrj46k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:1c,25,98,2a,b1,8e,75,6d,1e,f0,2e,ed,51,3f,fe,71,cb,cc,b9,c3,38,95,92,
63,f5,1b,57,bf,2f,27,99,58,48,9a,9a,72,6e,02,43,ac,d8,92,04,cd,e0,6b,4e,10,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,1d,68,81,a6,ef,ca,10,c4,64,0e,80,de,df,bc,7c,60,01,0d,9e,13,
5b,82,66,2e,70,13,35,02,6a,ac,6e,63,01,8b,c0,24,92,93,ee,56,6b,8e,24,28,fa,\
"rkeysecu"=hex:2f,a6,3f,a5,54,55,15,bb,8b,83,50,fd,26,cc,69,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2596)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\program files\Razer Pro Solutions\ProClick v1.6\razertra.exe
c:\program files\Razer Pro Solutions\ProClick v1.6\razerofa.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\imapi.exe
c:\windows\system32\msiexec.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Celkový čas: 2011-07-06 21:22:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-06 19:22
ComboFix2.txt 2011-07-06 14:01
ComboFix3.txt 2010-07-08 23:39
ComboFix4.txt 2009-03-08 18:50
.
Před spuštěním: Volných bajtů: 37 178 789 888
Po spuštění: Volných bajtů: 37 022 511 104
.
Current=9 Default=9 Failed=8 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - 24B780F7A7F94BA99ED5503891EF6C37

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  KillAll::
  
  FixCSet::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"=dword:00000001
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Poté začneme hledat přítomnost další havěti

Malwarebytes' Anti-Malware

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Popište mi jak se chová nyní PC

tentokrát žádná chyba nevyskočila
------------------------------------------------------



ComboFix 11-07-06.06 - mdct2 07.07.2011 9:15.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2535 [GMT 2:00]
Spuštěný z: c:\documents and settings\mdct2.MDCT\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mdct2.MDCT\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-06-26 18:39 . 2011-06-26 18:39 -------- d-----w- c:\windows\system32\20-20 Technologies
2011-06-26 10:47 . 2011-06-26 10:47 -------- d-----w- c:\program files\Recover Files
2011-06-26 10:44 . 2011-06-26 10:44 -------- d-----w- c:\program files\Runtime Software
2011-06-25 10:36 . 2011-06-25 10:36 -------- d-----w- c:\documents and settings\mdct2.MDCT\Data aplikací\Publish Providers
2011-06-25 09:52 . 2011-06-25 09:52 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\Sony
2011-06-25 09:51 . 2011-06-25 09:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Sony
2011-06-25 09:49 . 2011-06-25 10:36 -------- d-----w- c:\documents and settings\mdct2.MDCT\Data aplikací\Sony
2011-06-25 09:46 . 2011-06-25 09:46 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\WMTools Downloaded Files
2011-06-25 08:45 . 2011-06-25 09:23 -------- d-----w- C:\Fraps
2011-06-25 08:34 . 2011-06-25 08:37 -------- d-----w- c:\documents and settings\mdct2.MDCT\Local Settings\Data aplikací\FLVService
2011-06-21 20:27 . 2011-06-21 20:27 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 20:27 . 2011-06-21 20:27 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 08:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-07 15:23 . 2011-06-07 15:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\id Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 07:23 . 2008-01-05 14:55 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-06-22 07:18 . 2011-05-17 07:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-21 20:07 . 2008-01-06 01:17 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-21 20:07 . 2009-03-13 21:52 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-21 20:07 . 2008-01-06 01:17 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-02 15:32 . 2008-01-05 13:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 1857-01-01 01:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 09:01 . 2008-01-06 01:17 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-25 16:06 . 2006-06-23 12:27 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 1857-01-01 01:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 1857-01-01 01:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 1857-01-01 01:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-21 20:27 . 2011-05-01 18:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-06_14.00.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-07 07:24 . 2011-07-07 07:24 16384 c:\windows\temp\Perflib_Perfdata_2f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"razer"="c:\program files\Razer Pro Solutions\ProClick v1.6\razerhid.exe" [2008-08-11 126976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hrys\\Fable III\\Fable3.exe"=
"c:\\Downloads\\utorrent-setup\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2008 19:26 717296]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [15.1.2008 17:12 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4.6.2008 11:18 36608]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [3.1.2009 23:04 13225]
S?2 PD91Agent;PD91Agent;c:\programy\Raxco\PerfectDisk2008\PD91Agent.exe [31.12.2008 14:12 693512]
S2 wcafix;Windows Cursor Acceleration Fix;c:\windows\system32\drivers\wcafix.sys [16.5.2009 13:57 1992]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [15.7.2008 12:00 13824]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7.2.2011 21:47 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [7.2.2011 21:47 8576]
S3 PD91Engine;PD91Engine;c:\programy\Raxco\PerfectDisk2008\PD91Engine.exe --> c:\programy\Raxco\PerfectDisk2008\PD91Engine.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\programy\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{E1CC8C25-6281-4D38-8C4E-6C30CB62DAD3}: NameServer = 10.255.255.10,10.255.255.20
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\mdct2.MDCT\Data aplikací\Mozilla\Firefox\Profiles\k6wrj46k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 09:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:1c,25,98,2a,b1,8e,75,6d,1e,f0,2e,ed,51,3f,fe,71,cb,cc,b9,c3,38,95,92,
63,f5,1b,57,bf,2f,27,99,58,48,9a,9a,72,6e,02,43,ac,d8,92,04,cd,e0,6b,4e,10,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2000478354-1547161642-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:bc,1d,68,81,a6,ef,ca,10,c4,64,0e,80,de,df,bc,7c,60,01,0d,9e,13,
5b,82,66,2e,70,13,35,02,6a,ac,6e,63,01,8b,c0,24,92,93,ee,56,6b,8e,24,28,fa,\
"rkeysecu"=hex:2f,a6,3f,a5,54,55,15,bb,8b,83,50,fd,26,cc,69,14
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\RTHDCPL.EXE
c:\program files\Razer Pro Solutions\ProClick v1.6\razertra.exe
c:\program files\Razer Pro Solutions\ProClick v1.6\razerofa.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\msiexec.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\MsiExec.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2011-07-07 09:27:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-07 07:27
ComboFix2.txt 2011-07-06 19:22
ComboFix3.txt 2011-07-06 14:01
ComboFix4.txt 2010-07-08 23:39
ComboFix5.txt 2011-07-07 07:15
.
Před spuštěním: Volných bajtů: 37 325 451 264
Po spuštění: Volných bajtů: 37 298 708 480
.
- - End Of File - - 87E26D1A120A950A092A63FD83CDFB79

V pořádku..jak se pc chová? vzhůru na MBAM

MBAM nic nenašel. pc budu pozorovat, a kdyžtak se ozvu, ale vypadá to supr
co bylo příčinou mizení dat?
každopádně díky moc!


EDIT: hlubší scan z MBAMU něco našel:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7.7.2011 11:16:58
mbam-log-2011-07-07 (11-16-47).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 348001
Uplynulý čas: 1 hodin, 15 minut, 44 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{6c0dc56c-7f4a-498c-b086-08b920371958}\RP1003\A0198137.exe (RiskWare.Tool.CK) -> No action taken.

Měl jste v pc havěť

nalezenou položku dejte smazat..Poté vyčistíme system volume information dle návodu: http://www.viry.cz/forum/viewtopic.php?f=11&t=6701

Poté vyčistíme pc od používaných utilit..


Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Poté provedeme údržbu pc

Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu
  obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Poté už jen pozorujte chování,kdyby cokoliv,tak se ozvěte

všechno hotovo vypadá to dobře, jen firefox pořád zlobí. každou chvíli se na 5s sekne, tak ani ne každých 5 min. disk začne na chvíli vždycky něco chroustat. zkoušel sem se dívat do procesů, co v tu chvíli žere výkon, ale během toho seknutí nejde ani ctrl-alt-del

Zkuste přeínstalovat firefox..mrkneme,zda není špatný disk

Stáhněte si CrystalDiskInfo

• Nainstalujte a spuste
• Klikněte na Úpravy-Kopírovat
• A pak sem vložte pomocí CTRL+V

jak je možné, že po odinstalování FF, smazání všeho, co po něm zbylo i z jeho složky i z documents...., si po nové instalaci stále pamatuje historii, hesla, oblíbené... ?




----------------------------------------------------------------------------
CrystalDiskInfo 4.0.2 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2011/07/10 22:12:43

-- Controller Map ----------------------------------------------------------
- Ricoh SD/MMC Host Controller [ATA]
- Ricoh Memory Stick Controller [ATA]
+ Intel(R) ICH8M Ultra ATA Storage Controllers - 2850 [ATA]
+ Primární kanál IDE (0)
- Slimtype DVDRW SSM-8515S
- Sekundární kanál IDE (1)
+ Intel(R) ICH8M 3 port Serial ATA Storage Controller - 2828 [ATA]
+ Primární kanál IDE (0)
- ST9200420ASG
- Sekundární kanál IDE (1)
+ AZPAJ1EH IDE Controller [SCSI]
- MTC MFGTQVSPUJK1 SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) ST9200420ASG : 200.0 GB [0-1-0, pd1]

----------------------------------------------------------------------------
(1) ST9200420ASG
----------------------------------------------------------------------------
Model : ST9200420ASG
Firmware : 3.AAA
Serial Number : 5SH064HR
Disk Size : 200.0 GB (8.4/137.4/200.0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 390721968
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 18982 hod.
Power On Count : 1615 krát
Temparature : 47 C (116 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 80FEh [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 253 __6 000000000000 Počet chyb čtení
03 _98 _98 __0 000000000000 Čas na roztočení ploten
04 _99 _99 _20 00000000064C Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _89 _60 _30 000032DBA437 Počet chybných hledání
09 _79 _79 __0 000000004A26 Hodin v činnosti
0A 100 100 _34 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 00000000064F Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _53 _42 _45 01F8331A002F Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000095 Počet vypnutí disku
C1 _99 _99 __0 000000000879 Počet cyklů načítání/vymazání
C2 _47 _58 __0 000A0000002F Teplota
C3 _54 _49 __0 00000E44CFAC Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů
FE __1 __1 __0 000000000004 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 35 53 48 30 36 34 48 52 00 00 80 00 00 04 33 2E
030: 41 41 41 20 20 20 53 54 39 32 30 30 34 32 30 41
040: 53 47 20 20 20 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 04 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 00 FE 00 00 34 6B 7D 09 60 03 34 69 3C 09 60 03
0B0: 00 7F 00 00 00 00 80 FE FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 F1 B0 17 49 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 F1 B0 17 49 F1 B0 17 49 20 20 00 02 8A B6
110: 80 02 00 00 3C 06 3C 06 FF FF 07 C6 01 00 00 00
120: 13 14 30 00 00 02 00 80 00 00 00 00 60 80 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 0B
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F8 A5

Protože jste při odinstalaci nezaškrknul,že chcete smazat profil
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: firefox -P a dejte enter

• otevře se vám manažer profilů
• smažte všechny profily a vytvořte nový

přeinstalováno a problém trvá v jednu chvíli začne FF žrát 50% výkonu a na chvíli se sekne