VIRY.CZ

Problém s PC se projevuje tak, že když se Win spustí, tak když na něm něco dělám,
obrazovka se rozsvěcuje a zhasíná víceméně pravidelně v těchto intervalech: asi tak
na 2 vteřiny zhasne, pak se rozsvítí tak na 5, poté opět zhasne. Toto se děje tak
dlouho, dokud na něm něco dělám. Také veškerá činnost (např. ukládání logu) mu trvá
ukrutně dlouho. Ukazatel myši vypadá jakoby měl vadné pixely.
Když PC nechám v klidu, tak monitor nebliká. V nouzovém režimu se chová normálně.

Log po aplikaci ComboFixu:

ComboFix 10-02-09.04 - Administrator 10.02.2010 14:42:31.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1649 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\drivers\35cc3162.sys
c:\windows\system32\hrpdcf.bin
c:\windows\system32\ieuinit.inf
c:\windows\system32\scpsssh2.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\tmp10.tmp
c:\windows\system32\tmp11.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_35cc3162

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 13:49 . 2009-07-15 18:38 -------- d-----w- c:\program files\ICQ6.5
2010-01-21 15:17 . 2009-04-04 07:03 -------- d-----w- c:\program files\Crawler
2010-01-09 17:47 . 2006-10-18 11:21 -------- d-----w- c:\program files\Spyware Terminator
2010-01-06 17:46 . 2010-01-06 17:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-03 18:58 . 2009-12-27 13:58 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-27 19:18 . 2009-07-03 12:10 -------- d-----w- c:\program files\Nokia
2009-12-27 19:17 . 2009-12-05 21:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-27 18:37 . 2007-11-11 20:13 -------- d---a-w- c:\program files\Ancestry1.0.18b
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-24 23:54 . 2008-11-15 08:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-11-15 08:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-11-15 08:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-11-15 08:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-15 08:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-15 08:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-15 08:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-15 08:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-11-15 08:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 16:19 . 2008-02-01 11:13 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-23 16:19 . 2008-02-01 11:13 109080 ----a-w- c:\windows\system32\OpenAL32.dll
.

------- Sigcheck -------

[-] 2007-01-13 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2007-01-13 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2001-10-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-06-05 26624]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2007-11-06 1741184]
"Steam"="c:\hry\steam\steam.exe" [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-16 1783808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Hry\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Hry\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Hry\\Xfire\\Xfire.exe"=
"c:\\Hry\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Hry\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Hry\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Hry\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Hry\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Hry\\Pazaak Cantina\\PazaakCantina.exe"=
"c:\\Hry\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10293:TCP"= 10293:TCP:BitComet 10293 TCP
"10293:UDP"= 10293:UDP:BitComet 10293 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2006 17:09 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.11.2008 9:55 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [22.10.2006 21:17 114496]
R1 savrkboottasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14.9.2009 21:40 18816]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.6.2007 20:31 141312]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [18.2.2007 17:50 120320]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [19.2.2007 17:26 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.11.2008 9:55 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.8.2009 21:08 133104]
S3 dmskssrh;DMSKSSRh;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 memsweep2;MEMSWEEP2;\??\c:\windows\system32\C3.tmp --> c:\windows\system32\C3.tmp [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 20:08]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 20:08]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://zpravy.idnes.cz/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Crawler Search - tbr:iemenu
IE: download all links using bitcomet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: download all videos using bitcomet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: download link using &bitcomet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\atncm4cd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 14:55
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync04.sys >>UNKNOWN [0x89B9F1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74aecb8
\Driver\atapi -> prosync1.sys @ 0xf798f661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3bbc3
PacketIndicateHandler -> NDIS.sys @ 0xf7b29a0b
SendHandler -> NDIS.sys @ 0xf7b3db31
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\memsweep2]
"ImagePath"="\??\c:\windows\system32\C3.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cf,68,83,1c,d2,2f,19,25,9d,8b,e1,34,00,7d,58,11,67,da,9c,ad,99,32,94,
6c,eb,95,a2,e3,96,9e,03,51,2a,4b,3d,b6,b5,93,42,8f,53,b0,4e,cb,6e,c5,dd,83,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba

[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\SecuROM\license information*]
"datasecu"=hex:55,df,7b,26,cc,54,cf,fc,a8,bd,1c,88,8c,0a,48,04,b0,5d,97,56,ea,
1e,c5,c1,ad,56,56,33,1a,d5,91,45,ba,eb,bb,fe,01,a1,20,dd,20,e2,af,d8,b9,dc,\
"rkeysecu"=hex:4a,13,4c,d1,e3,39,43,f0,b9,65,ff,42,72,6d,8a,f9
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\msv1_0.dll

- - - - - - - > 'explorer.exe'(924)
c:\windows\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-10 15:07:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-10 14:07

Před spuštěním: Volných bajtů: 32 878 972 928
Po spuštění: Volných bajtů: 32 762 802 176

- - End Of File - - 05E9A0C8B686E2B2D0C6DA2604A3DA54

Zdravím

Na logu se pracuje, prosím o strpení.

Nepoužívejte COMBOFIX bez doporučení rádce! Při špatné manipulaci může dojít k poškození systému !

Děkuji.

ComboFix jsem použil z důvodu toho, že jsem našel
diskuzi, kde se už tento RootKit řešil a jako první věcí
se použil CF a také proto, že mám kopletní systém
zálohovaný se vším všudy, takže se ničeho nebojím

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- Rozbalte a spusťte.
- Proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log, který sem vložíte.

- Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Gmer log1:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-10 16:13:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF74F4E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F51BA]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B9E1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 8907F1E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Sken pro log 2 zatím skončil restartem.
Vyzkouším to jěště jednou, případně vícekrát.
Bohužel nejdříve však zítra ráno. Teď musím pryč.

Nevadí, zítra je taky den

Gmer Log2 (zatím bez poslední položky "Files" - ta se jěště testuje)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-11 08:05:12
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB3D7A6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB3D7A574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB3D7AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB3D7A14C]
SSDT sptd.sys ZwEnumerateKey [0xF74F4E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F51BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB3D7A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB3D7A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB3D7A0F0]
SSDT sptd.sys ZwQueryKey [0xF74F5292]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB3D7A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB3D7A72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB3D7A8AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.sfreloc˙˙˙˙sfsync04unknown last section [0xF7886000, 0xBC8, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF7886000, 0xBC8, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9BF5360, 0x24CB9D, 0xE8000020]
.text USBPORT.SYS!DllUnload B9BD662C 5 Bytes JMP 899FB1C8
? System32\Drivers\amlaw6iu.SYS Systém nemůže nalézt uvedenou cestu. !
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xB3FA0000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xB3FD3000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xB3FE9000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB24DE300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF774F300, 0x1B7E, 0xE8000020]
pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xB225EF00, 0x24000, 0x48000000]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7505832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7527892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7505886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EFAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EFC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EFB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74F0748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74F061E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7504ACA] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)
IAT C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[2904] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0042F794] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe (ashampoo UnInstaller Watcher/ashampoo GmbH & Co. KG)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89B9E1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 89A011E8
Device \Driver\usbuhci \Device\USBPDO-1 89A011E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C0B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 89C0B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 89C0B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 89C0B1E8
Device \Driver\usbuhci \Device\USBPDO-2 89A011E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CAC2762B-517D-49DB-B83C-CE36B968A80E} 897EC4D0
Device \Driver\usbuhci \Device\USBPDO-3 89A011E8
Device \Driver\prodrv04 \Device\ProDrv04 8904CA90
Device \Driver\usbehci \Device\USBPDO-4 8999D1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\prodrv06 \Device\ProDrv06 E197FC30
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA01E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA01E8
Device \Driver\Cdrom \Device\CdRom0 899671E8
Device \Driver\atapi \Device\Ide\IdePort0 89B9F1E8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 89B9F1E8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 89B9F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 89B9F1E8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 89B9F1E8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 89B9F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-24 89B9F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-24 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 89B9F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 899671E8
Device \Driver\prohlp02 \Device\ProHlp02 E100EA08
Device \Driver\NetBT \Device\NetBt_Wins_Export 897EC4D0
Device \Driver\NetBT \Device\NetbiosSmb 897EC4D0
Device \Driver\PCI_NTPNP8736 \Device\0000005c sptd.sys
Device \Driver\PCI_NTPNP8736 \Device\0000005c sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 89A011E8
Device \Driver\usbuhci \Device\USBFDO-1 89A011E8
Device \Driver\usbuhci \Device\USBFDO-2 89A011E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897E71E8
Device \Driver\usbuhci \Device\USBFDO-3 89A011E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897E71E8
Device \Driver\Ftdisk \Device\FtControl 89BA01E8
Device \Driver\usbehci \Device\USBFDO-4 8999D1E8
Device \Driver\amlaw6iu \Device\Scsi\amlaw6iu1 89836628
Device \FileSystem\Cdfs \Cdfs 899FF1E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 892457105
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -162957429
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xD5 0x14 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA9 0x3D 0x21 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x8A 0xED 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB7 0xD5 0x14 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA9 0x3D 0x21 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x8A 0xED 0x7C ...

Takže to je kopletní log, nic dalšího tam nepřibylo

Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

- Nainstalujte, dejte úplný sken.
- Nic nemažte

MBAM má občas falešné detekce
- Log vložte sem

Uff, takže tady je log z Mbam

--- log smazán, protože byl omylem vložen nesprávný ---

Koukám, že to sám předem smazal, tak nevím, jestli jsem něco blbě odkliknul ...

Jak to vypadá s PC

Moc se omlouvám, ale to byl nějaký starý log, který mi v pc zůstal.
Tady je ten aktuální:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3724
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11.2.2010 13:27:20
mbam-log-2010-02-11 (13-27-11).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 259350
Uplynulý čas: 2 hour(s), 48 minute(s), 3 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\mediacenter0.4-by coolstreaming.mynshandler (Spyware.AdaEbook) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\35cc3162.sys.vir (Rootkit.Agent) -> No action taken.
C:\Hry\Legie\legie.exe (Rogue.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

Vše, co našel MBAM smažte a restartujte PC.

Dejte nový log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

Smazáno, problémy stále stejné.

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-11 13:49:30
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 32 GB (42%) free of 76 GB
Total RAM: 2047 MB (81% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2009-12-17 1217896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2007-06-05 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f7e362-828a-4b5a-bcaf-5b79bfdfea60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 394816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-13 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-06-05 491520]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2009-12-17 1217896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-16 1783808]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"nwiz"=nwiz.exe /install []
"C-Media Mixer"=Mixer.exe /startup []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"VX1000"=C:\WINDOWS\vVX1000.exe [2006-12-06 707360]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2006-11-07 972432]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2007-06-05 26624]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2007-11-06 1741184]
"Steam"=c:\hry\steam\steam.exe [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Hry\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Hry\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Hry\SEGA\Medieval II Total War\medieval2.exe"="C:\Hry\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\Hry\Xfire\Xfire.exe"="C:\Hry\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Hry\Techland\Call of Juarez\CoJ.exe"="C:\Hry\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Hry\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe"="C:\Hry\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:jk2mp"
"C:\Hry\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe"="C:\Hry\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Tvorba postavy Dragon Age Prameny"
"C:\Hry\Dragon Age Origins Character Creator\DAOriginsLauncher.exe"="C:\Hry\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Tvorba postavy Dragon Age Prameny Spustit"
"C:\Hry\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Hry\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Hry\Pazaak Cantina\PazaakCantina.exe"="C:\Hry\Pazaak Cantina\PazaakCantina.exe:*:Enabled:KotOR Pazaak Cantina"
"C:\Hry\Metin2_CZ\metin2client.bin"="C:\Hry\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b069667a-1645-11df-9075-0013d3ea7917}]
shell\AutoRun\command - H:\hbcd\wintools\autorun.exe
shell\Option1\command - H:\hbcd\wintools\autorun.exe

======List of files/folders created in the last 1 months======

2010-02-11 13:49:34 ----D---- C:\Program Files\trend micro
2010-02-11 13:49:30 ----D---- C:\rsit
2010-02-11 10:33:54 ----SHD---- C:\RECYCLER
2010-02-11 10:33:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-02-11 10:32:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-11 10:32:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 15:07:13 ----A---- C:\ComboFix.txt
2010-02-10 14:37:13 ----A---- C:\WINDOWS\MBR.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\zip.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\SWSC.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\SWREG.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\sed.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\PEV.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-10 14:37:12 ----A---- C:\WINDOWS\grep.exe
2010-02-10 14:36:51 ----D---- C:\WINDOWS\ERDNT
2010-02-10 14:31:16 ----D---- C:\Qoobox
2010-02-10 12:49:49 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-02-11 13:49:34 ----D---- C:\Program Files
2010-02-11 13:46:30 ----D---- C:\WINDOWS\Temp
2010-02-11 13:42:06 ----SHD---- C:\WINDOWS\Installer
2010-02-11 13:42:06 ----D---- C:\WINDOWS\system32\drivers
2010-02-11 13:41:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 11:14:17 ----D---- C:\WINDOWS\Prefetch
2010-02-10 16:15:52 ----D---- C:\WINDOWS
2010-02-10 15:04:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 14:55:30 ----A---- C:\WINDOWS\system.ini
2010-02-10 14:51:50 ----D---- C:\WINDOWS\system32
2010-02-10 14:51:04 ----D---- C:\WINDOWS\system32\config
2010-02-10 14:49:19 ----D---- C:\Program Files\ICQ6.5
2010-02-10 14:47:20 ----D---- C:\WINDOWS\AppPatch
2010-02-10 14:47:14 ----D---- C:\Program Files\Common Files
2010-02-10 14:11:26 ----A---- C:\WINDOWS\win.ini
2010-02-10 14:11:25 ----D---- C:\Config.Msi
2010-01-21 17:42:40 ----A---- C:\WINDOWS\wincmd.ini
2010-01-21 16:17:16 ----D---- C:\Program Files\Crawler
2010-01-21 16:16:59 ----D---- C:\Program Files\Mozilla Firefox
2010-01-19 17:48:40 ----A---- C:\WINDOWS\WDICT32.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2006-10-22 114496]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 savrkboottasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys []
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-27 278984]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-27 25416]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-03-01 373518]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
S3 axwatfee;axwatfee; C:\WINDOWS\system32\drivers\axwatfee.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dmskssrh;DMSKSSRh; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2006-11-22 94080]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-17 25280]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 memsweep2;MEMSWEEP2; \??\C:\WINDOWS\system32\C3.tmp []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-11-22 47360]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 usbserfilt;usbserfilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 wudfrd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 pnkbstra;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-01 75064]
R2 pnkbstrb;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-09-01 189640]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-16 570880]
R2 wudfsvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-12 133104]
S2 nero backitup scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 servicelayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

VIRY.CZ

Avast našel Win32: RustNT (Rtk)

Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)

Re: Avast našel Win32: RustNT (Rtk)