Rootkit.Agent NSF trojan

[Bucek]

Mam stále stejný problém s ikonami vedle hodin,které se nezobrazují pouze po obnovení systému se začali objevovat ovl.hlasitosti a sítová připojení. Dále mi antivir stále naczází Rootkit.Agent NSF trojana. i když napíše že je vyléčený.Dále se mi stáva toto:vytvořil jsem složku do které jsem uložil film nazval jsem ji Duchové a tato složka se mi neustále objevuje na přenosných discích i když jí smažu tak se tam po čase opět ukáže.Koupil jsem si přenosný HDD a v tom okamžiku se tam objevila.Prosím o kontrolu. Dík Bucek

Logfile of random's system information tool 1.06 (written by random/random)
Run by B at 2010-01-09 18:02:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (38%) free of 35 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:34, on 9.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Seznam\Postak\Postak.exe
D:\PROGRAM FILES\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\STAHOVÁNÍ Z NETU\PROGRAMY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\B.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Device Detection] D:\PROGRAM FILES\HappyFoto\HF Designer\dd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - D:\PROGRAM FILES\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - D:\PROGRAM FILES\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7804554982
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7804540435
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7267 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Device Detection"=D:\PROGRAM FILES\HappyFoto\HF Designer\dd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\B\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\PROGRAM FILES\CyberLink\PowerCinema\PowerCinema.exe"="D:\PROGRAM FILES\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema Main Program"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\hry\UT2004Demo\System\UT2004.exe"="D:\hry\UT2004Demo\System\UT2004.exe:*:Disabled:UT2004"
"D:\PROGRAM FILES\Flas get\flashget.exe"="D:\PROGRAM FILES\Flas get\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-09 14:01:47 ----D---- C:\rsit
2010-01-09 13:44:00 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-30 15:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\PhotoGenie
2009-12-16 16:29:02 ----D---- C:\Program Files\Seagate
2009-12-16 16:16:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Seagate
2009-12-16 16:12:18 ----SHD---- C:\WINDOWS\ftpcache
2009-12-16 15:55:46 ----D---- C:\Documents and Settings\B\Data aplikací\Leadertech
2009-12-16 11:39:20 ----A---- C:\WINDOWS\system32\vbuzip10.DLL
2009-12-16 11:39:19 ----A---- C:\WINDOWS\system32\wt_menu.dll
2009-12-16 11:39:19 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2009-12-16 11:39:15 ----D---- C:\Program Files\Smarty Uninstaller Pro
2009-12-13 14:02:26 ----D---- C:\Documents and Settings\B\Data aplikací\NeroDigital™
2009-12-13 11:38:27 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-13 11:04:27 ----D---- C:\Documents and Settings\B\Data aplikací\Nero
2009-12-13 11:03:02 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-13 10:53:30 ----D---- C:\Program Files\Nero
2009-12-13 10:53:30 ----D---- C:\Program Files\Common Files\Nero
2009-12-13 10:53:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero

======List of files/folders modified in the last 1 months======

2010-01-09 18:02:20 ----D---- C:\WINDOWS\Temp
2010-01-09 16:08:54 ----D---- C:\WINDOWS\Prefetch
2010-01-09 15:48:55 ----D---- C:\WINDOWS\system32\drivers
2010-01-09 15:47:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 14:55:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-09 13:44:39 ----D---- C:\WINDOWS\system32\config
2010-01-09 13:44:23 ----D---- C:\WINDOWS\system32\wbem
2010-01-09 13:44:23 ----D---- C:\WINDOWS\Registration
2010-01-08 18:38:30 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-08 18:38:16 ----D---- C:\Program Files
2010-01-08 18:37:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-02 11:00:23 ----D---- C:\Documents and Settings\B\Data aplikací\Spyware Terminator
2010-01-01 13:43:49 ----D---- C:\Documents and Settings\B\Data aplikací\Skype
2010-01-01 13:13:20 ----D---- C:\Documents and Settings\B\Data aplikací\skypePM
2009-12-27 20:33:31 ----D---- C:\WINDOWS\system32
2009-12-27 20:33:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-22 20:05:05 ----D---- C:\Config.Msi
2009-12-22 19:32:20 ----SHD---- C:\WINDOWS\Installer
2009-12-22 19:31:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-22 19:26:14 ----RSD---- C:\WINDOWS\Fonts
2009-12-22 19:25:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-22 19:20:10 ----D---- C:\Program Files\Microsoft Works
2009-12-22 19:08:10 ----A---- C:\WINDOWS\win.ini
2009-12-22 19:07:54 ----D---- C:\Program Files\Common Files\System
2009-12-19 13:24:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-12-16 19:27:07 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-16 16:29:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-16 16:12:18 ----D---- C:\WINDOWS
2009-12-16 15:53:18 ----HD---- C:\WINDOWS\inf
2009-12-13 13:12:25 ----D---- C:\WINDOWS\network diagnostic
2009-12-13 10:53:30 ----D---- C:\Program Files\Common Files
2009-12-13 10:53:26 ----D---- C:\WINDOWS\Cursors
2009-12-12 19:22:19 ----D---- C:\WINDOWS\WinSxS
2009-12-12 19:17:50 ----D---- C:\Program Files\Ahead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-25 2831232]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-04 157696]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-02-24 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-12-04 27784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a50oussz;a50oussz; C:\WINDOWS\system32\drivers\a50oussz.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221257]
R2 CLSched;CyberLink Task Scheduler (CTS); d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-11 110663]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 ekrn;Eset Service; D:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-08 1097216]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Bucek]

Zdravim chtelo to po mě vypnout antivir atd. vypnul jsem ho ukončil aplikace vypnul jsem pro jistotu i internet ale v zápětí to chtělo aktualizace combofixu ale net už mi nejde na Pc povolit tak píšu z \NTB nabídlo mi to udělat kontrolu se starou verzí tak jsem dal že ano naskočila tabulka napsalo to check hal. a nic to neudelalo. ,Využití CPU na 100procent sítě nebyly nalezeny žádné sítové adaptery ,toto bylo ve správci uloh, a dal jsem restartovat Pc ,PC naskočilo normálně akorát tentokrát uplně bez těch ikon u hodin zapl jsem antivir a skusil jsem zapnout sít.To se podařilo takže nyní internet jde. pustil jsem combo to nereagovalo tak jsem stahl nové zaktualizoval se a restartoval Pc a jede chtělo to konzoli pro zotavení tak jsem ji dal stáhnout .Píše to warning: transient problem:timeout Will retry in 1 seconds.2 retries left.
Ted to zmizelo a napsalo že to nešlo stáhnou a jde hledat nakažené soubory.
No zaplat pan bůh se to zdařilo.Td jdu do práce budu přítomen až zítra ráno.Bucek

ComboFix 10-01-04.01 - B 2010-01-10 5:33.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1023.698 [GMT 1:00]
Spuštěný z: d:\stahování z netu\PROGRAMY\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\B\Local Settings\Temporary Internet Files\SLOVA.WAV
H:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 04:13 . 2010-01-10 04:12 390144 ----a-w- c:\windows\system32\CF5095.exe
2010-01-09 21:18 . 2010-01-09 21:18 390144 ----a-w- c:\windows\system32\CF22171.exe
2010-01-09 13:01 . 2010-01-09 13:01 -------- d-----w- C:\rsit
2010-01-09 12:44 . 2010-01-09 12:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-09 12:44 . 2010-01-09 12:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-16 15:29 . 2009-12-16 15:29 -------- d-----w- c:\program files\Seagate
2009-12-16 15:12 . 2009-12-16 15:12 -------- d-sh--w- c:\windows\ftpcache
2009-12-16 10:39 . 1999-02-09 20:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2009-12-16 10:39 . 2007-08-15 12:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2009-12-16 10:39 . 2007-08-15 12:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-12-16 10:39 . 2009-12-16 10:53 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2009-12-13 09:53 . 2009-12-13 09:59 -------- d-----w- c:\program files\Common Files\Nero
2009-12-13 09:53 . 2009-12-13 09:53 -------- d-----w- c:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 17:38 . 2009-06-22 09:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-27 19:33 . 2004-08-18 12:00 83562 ----a-w- c:\windows\system32\perfc005.dat
2009-12-27 19:33 . 2004-08-18 12:00 440812 ----a-w- c:\windows\system32\perfh005.dat
2009-12-22 18:20 . 2008-12-11 07:31 -------- d-----w- c:\program files\Microsoft Works
2009-12-16 15:29 . 2008-11-26 14:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 18:17 . 2009-07-01 08:54 -------- d-----w- c:\program files\Ahead
2009-12-09 19:41 . 2009-12-09 19:41 -------- d-----w- c:\program files\Ashampoo
2009-11-20 16:56 . 2009-11-20 16:55 -------- d-----w- c:\program files\DivX
2009-11-20 16:55 . 2009-11-20 16:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:45 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-18 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-18 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-18 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-18 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\B\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\PROGRAM FILES\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-09-08 138752]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-12-21 2831232]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-06-22 721904]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - d:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - d:\program files\FlashGet\jc_all.htm
Trusted Zone: oupobo.cz\www
Trusted Zone: share-rapid.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Device Detection - d:\program files\HappyFoto\HF Designer\dd.exe
MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 05:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-01-10 05:40:38
ComboFix-quarantined-files.txt 2010-01-10 04:40

Před spuštěním: Volných bajtů: 19,214,774,272
Po spuštění: Volných bajtů: 19,179,245,568

- - End Of File - - 853B8423932D03080A44FA835F5B9D15

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Rudy]

2 položky smazány, zbytek logu vypadá čistý. Je patrna nějaká změna?

[Bucek]

2 položky smazány, zbytek logu vypadá čistý. Je patrna nějaká změna?

Zdravím je to pořád stejné v oznamovací části se mi zobrazí pouze síťové připojení jinak musím všechno spouštět ručně .Někde je chyba ,ale já nejsem zas tak dobrý na pc .Ikony nejdou spustit ani z vlastností hlavního panelu prostě musím najet do programu a tam j to spustit. Nechápu jak k tomu vůbec došlo.Syn tvrdí že s tím nic nedělal a já také ne.Máte nějaký návrh? Dík Bucek

[Bucek]

2 položky smazány, zbytek logu vypadá čistý. Je patrna nějaká změna?

Zdravím je to pořád stejné v oznamovací části se mi zobrazí pouze síťové připojení jinak musím všechno spouštět ručně .Někde je chyba ,ale já nejsem zas tak dobrý na pc .Ikony nejdou spustit ani z vlastností hlavního panelu prostě musím najet do programu a tam j to spustit. Nechápu jak k tomu vůbec došlo.Syn tvrdí že s tím nic nedělal a já také ne.Máte nějaký návrh? Dík Bucek

Tak dodávám.
Musel jsem reinstalovat všechno aby se mi to spouštělo tak doufám že je všechno OK.
Pro jistotu přidávám log.
Děkui Bucek


Logfile of random's system information tool 1.06 (written by random/random)
Run by B at 2010-01-11 10:31:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (52%) free of 35 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31, on 2010-01-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seznam.cz\postak.exe
d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wuauclt.exe
d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Seznam.cz\MiniBrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\STAHOVÁNÍ Z NETU\PROGRAMY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\B.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - D:\PROGRAM FILES\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - D:\PROGRAM FILES\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7804554982
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7804540435
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7312 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-11-02 1085080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-09-08 2957824]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2009-11-02 448664]

C:\Documents and Settings\B\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\PROGRAM FILES\CyberLink\PowerCinema\PowerCinema.exe"="D:\PROGRAM FILES\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema Main Program"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-11 10:12:22 ----D---- C:\Program Files\Seznam.cz
2010-01-11 09:25:37 ----N---- C:\WINDOWS\setup.ini
2010-01-11 09:25:30 ----A---- C:\WINDOWS\system32\udaprop.dll
2010-01-11 09:25:29 ----A---- C:\WINDOWS\system32\cmuda.dll
2010-01-11 09:25:29 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2010-01-11 09:25:29 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2010-01-11 09:25:28 ----A---- C:\WINDOWS\system32\Audio3D.dll
2010-01-10 05:40:38 ----A---- C:\ComboFix.txt
2010-01-10 05:17:33 ----A---- C:\WINDOWS\MBR.exe
2010-01-10 05:17:29 ----A---- C:\WINDOWS\PEV.exe
2010-01-10 05:13:18 ----A---- C:\WINDOWS\system32\CF5095.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\zip.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\SWSC.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\SWREG.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\sed.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-09 22:18:52 ----A---- C:\WINDOWS\grep.exe
2010-01-09 22:18:44 ----A---- C:\WINDOWS\system32\CF22171.exe
2010-01-09 22:13:13 ----D---- C:\WINDOWS\ERDNT
2010-01-09 22:11:58 ----AD---- C:\Qoobox
2010-01-09 14:01:47 ----D---- C:\rsit
2010-01-09 13:44:00 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-30 15:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\PhotoGenie
2009-12-16 16:29:02 ----D---- C:\Program Files\Seagate
2009-12-16 16:16:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Seagate
2009-12-16 16:12:18 ----SHD---- C:\WINDOWS\ftpcache
2009-12-16 15:55:46 ----D---- C:\Documents and Settings\B\Data aplikací\Leadertech
2009-12-16 11:39:20 ----A---- C:\WINDOWS\system32\vbuzip10.DLL
2009-12-16 11:39:19 ----A---- C:\WINDOWS\system32\wt_menu.dll
2009-12-16 11:39:19 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2009-12-16 11:39:15 ----D---- C:\Program Files\Smarty Uninstaller Pro
2009-12-13 14:02:26 ----D---- C:\Documents and Settings\B\Data aplikací\NeroDigital™
2009-12-13 11:38:27 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-13 11:04:27 ----D---- C:\Documents and Settings\B\Data aplikací\Nero
2009-12-13 11:03:02 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-13 10:53:30 ----D---- C:\Program Files\Nero
2009-12-13 10:53:30 ----D---- C:\Program Files\Common Files\Nero
2009-12-13 10:53:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero

======List of files/folders modified in the last 1 months======

2010-01-11 10:31:10 ----D---- C:\WINDOWS\Prefetch
2010-01-11 10:29:55 ----D---- C:\WINDOWS\Temp
2010-01-11 10:27:21 ----D---- C:\WINDOWS
2010-01-11 10:26:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-11 10:24:19 ----SHD---- C:\WINDOWS\Installer
2010-01-11 10:24:19 ----D---- C:\Config.Msi
2010-01-11 10:24:13 ----D---- C:\WINDOWS\system32\drivers
2010-01-11 10:24:12 ----HD---- C:\WINDOWS\inf
2010-01-11 10:23:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-11 10:23:06 ----D---- C:\Program Files\ESET
2010-01-11 10:12:22 ----D---- C:\Program Files
2010-01-11 09:57:43 ----D---- C:\Documents and Settings\B\Data aplikací\Spyware Terminator
2010-01-11 09:26:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 09:25:57 ----D---- C:\WINDOWS\system32
2010-01-11 09:25:56 ----D---- C:\WINDOWS\system
2010-01-11 09:25:47 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 09:25:36 ----A---- C:\WINDOWS\CMISETUP.INI
2010-01-11 09:25:32 ----A---- C:\WINDOWS\CMCDPLAY.INI
2010-01-11 09:25:26 ----D---- C:\Program Files\C-Media 3D Audio
2010-01-10 05:38:43 ----A---- C:\WINDOWS\system.ini
2010-01-10 05:37:09 ----D---- C:\WINDOWS\AppPatch
2010-01-10 05:37:05 ----D---- C:\Program Files\Common Files
2010-01-09 18:29:18 ----A---- C:\WINDOWS\win.ini
2010-01-09 13:44:39 ----D---- C:\WINDOWS\system32\config
2010-01-09 13:44:23 ----D---- C:\WINDOWS\system32\wbem
2010-01-09 13:44:23 ----D---- C:\WINDOWS\Registration
2010-01-08 18:38:30 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-08 18:37:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-01 13:43:49 ----D---- C:\Documents and Settings\B\Data aplikací\Skype
2010-01-01 13:13:20 ----D---- C:\Documents and Settings\B\Data aplikací\skypePM
2009-12-27 20:33:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-22 19:31:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-22 19:26:14 ----RSD---- C:\WINDOWS\Fonts
2009-12-22 19:25:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-22 19:20:10 ----D---- C:\Program Files\Microsoft Works
2009-12-22 19:07:54 ----D---- C:\Program Files\Common Files\System
2009-12-19 13:24:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-12-16 19:27:07 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-16 16:29:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-13 13:12:25 ----D---- C:\WINDOWS\network diagnostic
2009-12-13 10:53:26 ----D---- C:\WINDOWS\Cursors
2009-12-12 19:22:19 ----D---- C:\WINDOWS\WinSxS
2009-12-12 19:17:50 ----D---- C:\Program Files\Ahead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-25 2831232]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-04 157696]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-02-24 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-12-04 27784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 af564kk9;af564kk9; C:\WINDOWS\system32\drivers\af564kk9.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\B\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221257]
R2 CLSched;CyberLink Task Scheduler (CTS); d:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-11 110663]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-09-08 1097216]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Log vypadá čistý.

[Bucek]

Log vypadá čistý.

DĚKUJI ZA POMOC ZATÍM TO JEDE OK.

[Rudy]

Nemáte zač!

[Bucek]

Nemáte zač!

Ještě bych se chtěl zeptat čím mám smazat prázdnou složku .Mam složku která se mi vyskytuje na přenosných flešhkách a mam ji i na telefonu a externím disku. Já ji smažu a příští den ,pokud se připojím k PC tak se tam zase objeví.Děkuji Bucek

[Rudy]

Překopírujte data z flešky někam do zálohy na pevný disk a zkuste ji zformátovat.

[Bucek]

Překopírujte data z flešky někam do zálohy na pevný disk a zkuste ji zformátovat.

To už jsem zkoušel je divné že pokaždé když se připojím k PC tak se tam ta složka objeví, prostě naskočí a je tam ,je prázná. Smazal jsem ji ,zadal jsem odstranit , smaže se ale objeví, smazal jsem ji shift del taky se objeví , zformátoval jsem flešky objevila se.Tak nevím

[Rudy]

Jak se složka jmenuje?

[Bucek]

Jak se složka jmenuje?

složka se jmenuje : Duchové

[Rudy]

Zkuste použít Flashdisinfector: http://download.bleepingcomputer.com/sU ... fector.exe .