VIRY.CZ

Zdravím, mam hrozne pomaly internet (prakaticky nepouzitelny), vytizeni cpu skoro na 100%, netmonitor me ukazuje plnou aktivitu procesu services (a svchost), který odesíla data neznamo kam. Prosím poradte, predem diky. Výpis z combofixu:

ComboFix 10-01-19.08 - Administrator 20.01.2010 20:54:35.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.1475 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-614266077-972239720-897709346-500
c:\recycled\Recycled
c:\users\Administrator\AppData\Roaming\avdrn.dat
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\AutoRun.inf
D:\services.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-20 do 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 20:08 . 2003-07-30 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys
2010-01-20 20:06 . 2010-01-20 20:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-20 20:06 . 2010-01-20 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-20 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:09 . 2007-11-15 04:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-20 20:07 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-19 14:42 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\Ask.com
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-02 21:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - nmemok

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-Virtual PDF Printer - c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM-Run-Network Traffic Monitor - (no file)
AddRemove-Mihov Image Resizer - c:\program files\Mihov Image Resizer\Uninstall.exe
AddRemove-Pocket Fractals (Pocket PC) - c:\program files\SpaceTime Mathematics\Pocket Fractals\uninstall.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4888)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\conime.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
d:\xampp\filezillaftp\filezillaserver.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
d:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\IfxPsdSv.exe
c:\windows\RtHDVCpl.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\TouchKit\xTouchMon.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2010-01-20 21:19:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-20 20:19

Před spuštěním: Volných bajtů: 72 038 658 048
Po spuštění: Volných bajtů: 72 999 829 504

- - End Of File - - 07414F49DE1E5AF03DB5FB9CAD4F20C1

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\acovcnt.exe

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Diky, pocitac se zrychlil, uz je zase zatizeni v klidu na jednotkach procent... Porad ale mam problemy s tim service.exe, kterej posila buhvico na spousty adres a dokonale tak blokuje internet (mam dva notebooky napojeni na jeden router, abych toto vubec mohl psat, tak vzdycky musim ten nakazenej pocitac odpojit) a posila data napr na 218.102.23.50 (coz vypada na nejaky cinany).

Soucasnej log z combofix:

ComboFix 10-01-19.08 - Administrator 21.01.2010 11:48:59.2.2 - x86
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\system32\acovcnt.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 10:57 . 2010-01-21 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-20 10:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 10:41 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-19 14:42 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-11-02 19:42 . 2009-10-02 21:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - nmemok

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 11:59:32
ComboFix-quarantined-files.txt 2010-01-21 10:59
ComboFix2.txt 2010-01-20 20:19

Před spuštěním: Volných bajtů: 72 952 197 120
Po spuštění: Volných bajtů: 72 887 631 872

- - End Of File - - 4B170DF9B3C01624E92C4A28FFE1BC72

Prosim, fakt jsem z toho uz zoufalej... Kdyz se to vyresi, mate u me par dolaru pres paypal

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

Po par minutach se skener zastavi na souboru nmemok.sys (objevil se i v logu viz prispevek nahore), ohlasi ze objevil virus a cely antivirus se jakoby zasekne... Mam ten soubor smazat?

Hm tak v tom /system32/drivers/mnemok.sys je Rootkit.Win32.Agent.abmh, kaspersky pise ze ho odstrani po restartu, ale nevede se mu... je tam porad...

Spusťte CF tímto skriptem:

Collect::
c:\windows\system32\drivers\mnemok.sys

Driver::
mnemok

Sakra to je zmetek... Porad to tam je... Vsechno ostatni uz je v pohode, jen ten services.exe mi porad vyuziva linku uplne naplno... uz nevim co vyzkouset...

Aktualni combofix.log:

ComboFix 10-01-19.08 - Administrator 21.01.2010 23:46:22.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.1836 [GMT 1:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-21 do 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 22:56 . 2010-01-21 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 18:40 . 2010-01-21 20:06 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-21 18:38 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\90965572.sys
2010-01-21 18:38 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\9096557.sys
2010-01-21 18:38 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\90965571.sys
2010-01-21 18:34 . 2010-01-21 18:34 -------- d-----w- c:\program files\CCleaner
2010-01-21 18:34 . 2010-01-21 18:36 61061464 ----a-w- C:\setup_9.0.0.722_21.01.2010_18-00.exe
2010-01-21 18:34 . 2010-01-21 18:34 3165824 ----a-w- C:\ccleaner.exe
2010-01-21 16:01 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-21 16:01 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\programdata\Avira
2010-01-21 16:01 . 2010-01-21 16:01 -------- d-----w- c:\program files\Avira
2010-01-21 15:32 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-21 13:48 . 2010-01-21 22:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-20 19:08 . 2010-01-20 19:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-20 19:08 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 19:07 . 2010-01-20 19:07 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 19:07 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-20 19:05 . 2010-01-20 19:09 -------- d-----w- c:\programdata\Lavasoft
2010-01-20 19:05 . 2010-01-20 19:05 -------- d-----w- c:\program files\Lavasoft
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 19:03 . 2010-01-20 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 19:03 . 2010-01-20 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 16:21 . 2010-01-20 16:21 -------- d-----w- c:\program files\WinPcap
2010-01-20 16:20 . 2010-01-20 16:20 -------- d-----w- c:\program files\Network Traffic Monitor
2010-01-20 16:20 . 2008-01-08 07:47 45056 ----a-w- c:\windows\system32\SETHOOK.DLL
2010-01-20 16:20 . 2004-05-20 12:19 165088 ----a-w- c:\windows\system32\cswhoapi.dll
2010-01-20 16:20 . 2004-05-20 12:19 193768 ----a-w- c:\windows\system32\csdnsapi.dll
2010-01-17 16:16 . 2006-11-22 09:34 982272 ----a-w- c:\windows\system32\drivers\smserial.sys
2010-01-16 10:28 . 2010-01-15 16:07 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-01-16 10:28 . 2010-01-15 16:07 798488 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-01-16 10:28 . 2010-01-15 16:07 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-01-16 10:28 . 2010-01-15 16:07 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-01-15 16:08 . 2010-01-17 16:02 -------- d-----w- C:\$AVG
2010-01-15 16:08 . 2010-01-16 10:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-15 16:08 . 2010-01-15 16:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-15 16:07 . 2010-01-15 16:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-15 16:07 . 2010-01-21 16:51 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-15 16:07 . 2010-01-16 10:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\AVG
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\programdata\avg9
2010-01-13 11:37 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:37 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 19:56 . 2010-01-10 19:56 -------- d-----w- c:\programdata\Motive
2010-01-10 14:01 . 2010-01-10 14:01 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-06 12:59 . 2010-01-06 13:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 22:39 . 2007-04-21 11:55 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-21 14:27 . 2008-01-08 21:46 406077 ----a-w- c:\users\Administrator\AppData\Roaming\nvModes.dat
2010-01-21 10:42 . 2009-09-25 14:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 19:25 . 2007-04-21 12:38 729166 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:25 . 2007-04-21 12:38 166346 ----a-w- c:\windows\system32\perfc005.dat
2010-01-20 14:56 . 2008-03-06 20:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-01-20 13:58 . 2008-03-06 20:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-01-18 19:05 . 2008-03-06 19:48 -------- d-----w- c:\programdata\Skype
2010-01-15 12:13 . 2010-01-15 12:13 16 ----a-w- c:\users\Administrator\AppData\Roaming\fvgqad.dat
2010-01-14 11:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 10:12 . 2009-10-02 21:56 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 07:29 . 2008-04-01 14:35 157627 ----a-w- c:\windows\hpoins14.dat
2009-12-17 15:12 . 2009-12-17 15:12 -------- d-----w- c:\program files\TouchKit
2009-12-17 15:12 . 2007-11-15 02:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 08:13 . 2008-10-21 11:47 -------- d-----w- c:\program files\OptionTrader
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-----w- c:\program files\LucasArts
2009-12-14 20:54 . 2009-12-14 20:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2009-12-14 20:47 . 2009-12-14 20:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-14 20:47 . 2009-12-14 20:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-14 20:46 . 2009-12-14 20:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-13 23:28 . 2009-12-13 23:28 -------- d-----w- c:\program files\CPUID
2009-12-10 19:53 . 2009-12-10 19:53 -------- d-----w- c:\program files\KenticoCMS
2009-12-08 18:33 . 2009-12-08 18:32 -------- d-----w- c:\program files\Autokelly
2009-11-27 15:55 . 2008-02-27 16:44 -------- d-----w- c:\program files\Opera
2009-11-21 06:40 . 2009-12-10 00:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 00:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 00:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 00:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:23 . 2009-12-12 02:00 10752 ----a-w- c:\windows\system32\wamregps.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 8192 ----a-w- c:\windows\system32\iisrstap.dll
2009-11-09 13:20 . 2009-12-12 02:00 153600 ----a-w- c:\windows\system32\iisRtl.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 13:18 . 2009-12-12 02:00 27136 ----a-w- c:\windows\system32\ahadmin.dll
2009-11-09 13:18 . 2009-12-12 02:00 51712 ----a-w- c:\windows\system32\admwprox.dll
2009-11-09 11:21 . 2009-12-12 02:00 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 15:14 . 2009-10-05 15:08 2668672 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-11-05 15:14 . 2009-11-05 15:14 25214 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{5FD88490-011C-4DF1-B886-F298D955171B}\SunReg.exe
2009-10-29 09:41 . 2009-11-28 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 07:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]
"Google Update"="c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-18 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-11 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-15 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-15 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ClearTKHandle"="c:\program files\TouchKit\ClearTKHandle.exe" [2007-06-12 118784]
"AutoCalibration"="c:\program files\TouchKit\xAuto4PtsCal.exe" [2007-06-12 245760]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_21.01.2010_18-00.lnk - c:\users\Administrator\Desktop\Virus Removal Tool\setup_9.0.0.722_21.01.2010_18-00\startup.exe [2010-1-21 72208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
LaunchTouchMon.lnk - c:\program files\TouchKit\LaunchTouchMon.exe [2009-12-17 118784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 01:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 90965572;90965572 Boot Guard Driver;c:\windows\System32\drivers\90965572.sys [21.1.2010 19:38 37392]
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [9.7.2007 6:28 209408]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.1.2010 20:08 64288]
R1 90965571;90965571;c:\windows\System32\drivers\90965571.sys [21.1.2010 19:38 128016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15.1.2010 17:07 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [15.1.2010 17:08 360584]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 18:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R1 setup_9.0.0.722_21.01.2010_18-00drv;setup_9.0.0.722_21.01.2010_18-00drv;c:\windows\System32\drivers\9096557.sys [21.1.2010 19:38 311312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21.1.2010 17:01 108289]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [5.3.2007 11:23 16896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5.6.2008 10:31 21504]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\ATCHKSRV.EXE [15.11.2007 5:11 183064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.1.2010 17:07 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [14.12.2009 0:28 12672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2.12.2009 14:19 1184912]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [18.4.2007 23:42 24576]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [15.11.2007 5:11 1489688]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25.4.2007 2:32 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [6.6.2007 3:40 1260672]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [14.12.2009 21:46 691696]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\System32\drivers\adusbmdm65.sys [14.10.2008 12:56 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\System32\drivers\adusbser.sys [20.12.2006 4:58 97920]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\System32\drivers\adusbser65.sys [14.10.2008 12:57 64896]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [15.11.2007 5:34 36352]
S3 EGXFilter;EGXFilter;c:\windows\System32\drivers\EGXFilter.sys [17.12.2009 16:12 96640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [29.6.2007 1:01 42512]
S3 xTouch;xTouch;c:\windows\System32\drivers\xTouch.sys [17.12.2009 16:12 83072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - nmemok

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-614266077-972239720-897709346-1000UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-18 16:46]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{CCBEFDDE-D5A8-430A-A8B1-60175E0B1CD9}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: {919634D4-50EE-4F05-BEBE-E8B45E3ADE43} = 194.228.41.113,90.183.231.251
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.ppiwidget.com/campaigns/startrek_AR ... taller.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 23:56
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmemok]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-21 23:59:52
ComboFix-quarantined-files.txt 2010-01-21 22:59
ComboFix2.txt 2010-01-21 15:04
ComboFix3.txt 2010-01-21 10:59
ComboFix4.txt 2010-01-20 20:19

Před spuštěním: Volných bajtů: 74 543 669 248
Po spuštění: Volných bajtů: 74 510 278 656

- - End Of File - - 6B53103341CEC273039C8385E3F80782

Spusťte znovu ComboFix tímto skriptem:

Collect::
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\90965572.sys
c:\windows\system32\drivers\9096557.sys
c:\windows\system32\drivers\90965571.sys

Driver::
90965572
9096557
90965571