Aut. konf bezdrátových zařízení - svchost.exe (nespousti se)

[dinospages]

Zdravím rádce, potřeboval bych help s tímto:

Sluzba
Automatická konfigurace bezdrátových zařízení

cesta ke spustitelnému souboru
C:\WINDOWS\System32\svchost.exe -k netsvcs

pokaždé po restartu se mi tato sluzba nespusti, a po nejake dobe kdyz ji pustim se sama vypne treba kdyz zavru a otevru notas, pritom tam mam nastavene automaticke spusteni. v cem je problem?

jinak zde je log pro preventivku:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Dell at 2010-02-11 23:03:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (6%) free of 36 GB
Total RAM: 2558 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:02, on 11.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRAM FILES\WEPOS\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\Printer Utilities\UsbService.exe
C:\PROGRAM FILES\WEPOS\InterBase\bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LINKMAGIC\LINKMAGIC.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dell\Plocha\RSIT.exe
C:\Program Files\trend micro\Dell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - ukoly.lnk = C:\Documents and Settings\Dell\Plocha\ukoly.txt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LINKMAGIC.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner - C:\PROGRAM.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - C:\PROGRAM.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ASUS Virtual MFP Service (UsbService) - ASUSTek COMPUTER INC. - C:\Program Files\ASUS\Printer Utilities\UsbService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7876 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-12-29 1392640]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2008-12-29 36864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-29 851968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-14 149280]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2008-12-29 405504]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-06-15 49152]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
""= []
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2007-12-10 695808]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
LINKMAGIC.lnk - C:\Program Files\LINKMAGIC\LINKMAGIC.EXE

C:\Documents and Settings\Dell\Nabídka Start\Programy\Po spuštění
Zástupce - ukoly.lnk - C:\Documents and Settings\Dell\Plocha\ukoly.txt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\hppniprint01.exe"="E:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe"
"E:\setup\hppniprint64.exe"="E:\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe"
"E:\setup\hppnicifs01.exe"="E:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"E:\setup\hpntwkexe.exe"="E:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"D:\QIP Infium PafoPack\inf.exe"="D:\QIP Infium PafoPack\inf.exe:*:Enabled:QIP Infium"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\sdc230\StrongDC.exe"="D:\sdc230\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"D:\games\Pro Evolution Soccer 2009\pes2009.exe"="D:\games\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"D:\games\TmNationsForever\TmForever.exe"="D:\games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"E:\Printer\Printer.exe"="E:\Printer\Printer.exe:*:Enabled:ASUS Virtual USB Utility"
"C:\Program Files\ASUS\Printer Utilities\UsbService.exe"="C:\Program Files\ASUS\Printer Utilities\UsbService.exe:*:Enabled:ASUS Virtual USB Service"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Stron DC\MOHAA\MOHAA.exe"="C:\Stron DC\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f87e35-10f4-11df-a395-001d09d182a8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a3e7378-f49e-11de-a388-001d09d182a8}]
shell\AutoRun\command - G:\installer.exe
shell\verb\command - G:\installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c2f39e-c7c2-11de-a37b-001d09d182a8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7d8d998-b6b4-11de-84bf-f3c4c38c4f84}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 1 months======

2010-02-11 23:03:51 ----D---- C:\Program Files\trend micro
2010-02-11 23:03:50 ----D---- C:\rsit
2010-02-06 19:53:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-06 19:53:38 ----D---- C:\Program Files\Alwil Software
2010-02-06 19:53:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-03 19:44:08 ----D---- C:\Program Files\AXA
2010-02-03 19:37:50 ----D---- C:\WINDOWS\system32\cs-CZ
2010-02-03 19:35:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-03 19:35:51 ----D---- C:\Program Files\MSBuild
2010-02-03 19:35:49 ----D---- C:\WINDOWS\system32\en-US
2010-02-03 19:35:40 ----D---- C:\Program Files\Reference Assemblies
2010-02-03 18:54:37 ----D---- C:\Program Files\UNIQA
2010-02-03 14:57:29 ----D---- C:\Documents and Settings\Dell\Data aplikací\Nokia Multimedia Player
2010-02-02 18:44:58 ----D---- C:\Program Files\Dawe Software
2010-02-01 19:24:04 ----D---- C:\Program Files\MP3 Cutter
2010-01-21 16:31:46 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 1 months======

2010-02-11 23:03:59 ----D---- C:\WINDOWS\Prefetch
2010-02-11 23:03:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 23:03:51 ----RD---- C:\Program Files
2010-02-11 22:49:40 ----D---- C:\Program Files\Mozilla Firefox
2010-02-11 22:48:25 ----D---- C:\WINDOWS
2010-02-11 22:48:12 ----D---- C:\WINDOWS\Temp
2010-02-11 22:47:52 ----D---- C:\WINDOWS\system32
2010-02-11 22:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 22:46:12 ----A---- C:\WINDOWS\WINCMD.INI
2010-02-11 06:43:01 ----D---- C:\Documents and Settings\Dell\Data aplikací\vlc
2010-02-11 06:34:27 ----D---- C:\Program Files\LogMeIn
2010-02-10 23:24:21 ----D---- C:\Stron DC
2010-02-06 20:48:03 ----D---- C:\WINDOWS\system32\Restore
2010-02-06 20:48:02 ----SHD---- C:\System Volume Information
2010-02-06 19:53:59 ----D---- C:\WINDOWS\system32\drivers
2010-02-06 19:53:52 ----SHD---- C:\WINDOWS\Installer
2010-02-06 19:53:51 ----HD---- C:\Config.Msi
2010-02-06 19:53:50 ----D---- C:\WINDOWS\WinSxS
2010-02-03 21:59:26 ----RSD---- C:\WINDOWS\assembly
2010-02-03 21:59:26 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-03 19:36:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-03 19:35:47 ----RSD---- C:\WINDOWS\Fonts
2010-02-01 18:28:21 ----D---- C:\Documents and Settings\Dell\Data aplikací\Nokia
2010-02-01 18:26:16 ----D---- C:\Documents and Settings\Dell\Data aplikací\PC Suite
2010-01-27 00:50:24 ----D---- C:\Documents and Settings\Dell\Data aplikací\dvdcss
2010-01-27 00:29:12 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-21 16:47:48 ----SD---- C:\Documents and Settings\Dell\Data aplikací\Microsoft
2010-01-21 16:32:06 ----D---- C:\Program Files\Microsoft Office
2010-01-21 16:32:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-17 22:19:19 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6345472]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vuhub;Virtual Usb Hub; C:\WINDOWS\system32\DRIVERS\vuhub.sys [2007-12-20 66432]
S3 a41lo9m3;a41lo9m3; C:\WINDOWS\system32\drivers\a41lo9m3.sys []
S3 axvbusx;axvbusx; C:\WINDOWS\system32\DRIVERS\axvbusx.sys []
S3 axvscsi;axvscsi; C:\WINDOWS\system32\DRIVERS\axvscsi.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 52800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 InterBaseGuardian;Firebird Guardian Service; C:\PROGRAM FILES\WEPOS\InterBase\bin\ibguard -s []
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-14 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UsbService;ASUS Virtual MFP Service; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [2008-07-21 217088]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-12-29 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 InterBaseServer;Firebird Server; C:\PROGRAM FILES\WEPOS\InterBase\bin\ibserver -s []
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f87e35-10f4-11df-a395-001d09d182a8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c2f39e-c7c2-11de-a37b-001d09d182a8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7d8d998-b6b4-11de-84bf-f3c4c38c4f84}]

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[dinospages]

ComboFix 10-02-11.04 - Dell 12.02.2010 14:17:53.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2558.2235 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dell\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dell\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-12 do 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-11 22:03 . 2010-02-11 22:04 -------- d-----w- c:\program files\trend micro
2010-02-11 22:03 . 2010-02-11 22:04 -------- d-----w- C:\rsit
2010-02-06 18:53 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-06 18:53 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-06 18:53 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-06 18:53 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-06 18:53 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-06 18:53 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-06 18:53 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-06 18:53 . 2010-01-28 22:09 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-06 18:53 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-06 18:53 . 2010-02-06 18:53 -------- d-----w- c:\program files\Alwil Software
2010-02-03 18:44 . 2010-02-03 18:44 -------- d-----w- c:\program files\AXA
2010-02-03 18:37 . 2010-02-03 18:37 -------- d-----w- c:\windows\system32\cs-CZ
2010-02-03 18:35 . 2010-02-03 18:37 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\MSBuild
2010-02-03 18:35 . 2010-02-03 18:35 -------- d-----w- c:\program files\Reference Assemblies
2010-02-03 17:54 . 2010-02-03 17:54 -------- d-----w- c:\program files\UNIQA
2010-02-02 17:44 . 2010-02-02 17:44 -------- d-----w- c:\program files\Dawe Software
2010-02-01 18:24 . 2010-02-01 18:24 -------- d-----w- c:\program files\MP3 Cutter
2010-01-21 15:31 . 2010-01-21 15:31 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 12:49 . 2009-10-29 21:15 -------- d-----w- c:\program files\LogMeIn
2010-02-04 15:47 . 2009-09-11 07:51 65608 ----a-w- c:\windows\system32\nvModes.dat
2010-02-03 18:36 . 2001-10-25 14:00 82818 ----a-w- c:\windows\system32\perfc005.dat
2010-02-03 18:36 . 2001-10-25 14:00 437568 ----a-w- c:\windows\system32\perfh005.dat
2010-01-21 15:24 . 2009-12-04 17:55 528 ----a-w- c:\windows\system32\SP701ASM.dat
2010-01-16 10:20 . 2009-10-15 15:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-09 17:23 . 2009-09-14 15:41 -------- d-----w- c:\program files\Simulace_2009
2010-01-05 16:57 . 2010-01-05 16:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-16 14:53 . 2009-12-04 17:52 -------- d-----w- c:\program files\LINKMAGIC
2009-12-07 14:55 . 2009-09-11 08:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 13:32 . 2009-11-24 13:32 10 ----a-w- c:\windows\popcinfo.dat
2009-09-14 15:48 . 2009-09-14 15:48 1731663 ----a-w- c:\program files\MAN1.ZIP
2009-09-14 15:48 . 2009-09-14 15:45 1544917 ----a-w- c:\program files\RTF.ZIP
2009-09-14 15:48 . 2009-09-14 15:45 1210157 ----a-w- c:\program files\OTHEREXE.ZIP
2009-09-14 15:48 . 2009-09-14 15:45 3035148 ----a-w- c:\program files\WINPOS.ZIP
2009-09-14 15:48 . 2009-09-14 15:45 2752937 ----a-w- c:\program files\ORIG.ZIP
2009-09-14 15:48 . 2009-09-14 15:45 4038192 ----a-w- c:\program files\DATA.ZIP
2009-09-14 15:45 . 2009-09-14 15:45 2704156 ----a-w- c:\program files\IBBIN.ZIP
2004-08-17 13:49 . 2004-08-17 13:49 171376 --sha-r- c:\windows\system32\uzgjxn.dll
.

------- Sigcheck -------

[-] 2008-07-16 . 21DC51B6D100B4C7691D07ECF3807444 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-29 1392640]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-12-29 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-29 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"nwiz"="nwiz.exe" [2007-05-11 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-11 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"SigmatelSysTrayApp"="stsystra.exe" [2008-12-29 405504]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\Dell\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - ukoly.lnk - c:\documents and settings\Dell\Plocha\ukoly.txt [2009-9-14 561]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
LINKMAGIC.lnk - c:\program files\LINKMAGIC\LINKMAGIC.EXE [2009-12-4 1810432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"d:\\QIP Infium PafoPack\\inf.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\sdc230\\StrongDC.exe"=
"d:\\games\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Stron DC\\MOHAA\\MOHAA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1725:TCP"= 1725:TCP:mfilwuif

R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29.9.2009 1:26 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.2.2010 19:53 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.2.2010 19:53 19024]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [29.10.2009 22:15 47640]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [14.9.2009 13:57 217088]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [14.9.2009 13:57 66432]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.9.2009 15:26 682232]
S0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [29.9.2009 1:26 159616]
S2 dnvxq;Update Time;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S3 axvbusx;axvbusx;c:\windows\system32\DRIVERS\axvbusx.sys --> c:\windows\system32\DRIVERS\axvbusx.sys [?]
S3 axvscsi;axvscsi;c:\windows\system32\DRIVERS\axvscsi.sys --> c:\windows\system32\DRIVERS\axvscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dnvxq
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Dell\Data aplikací\Mozilla\Firefox\Profiles\zpjbbmx9.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 14:21
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InterBaseGuardian]
"ImagePath"="c:\program files\WEPOS\InterBase\bin\ibguard -s"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InterBaseServer]
"ImagePath"="c:\program files\WEPOS\InterBase\bin\ibserver -s"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dnvxq]
"ServiceDll"="c:\windows\system32\uzgjxn.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-02-12 14:22:27
ComboFix-quarantined-files.txt 2010-02-12 13:22

Před spuštěním: 2 724 192 256
Po spuštění: 2 716 725 248

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

- - End Of File - - 46444E5CF432D00E422D4AFFDC944170

[JaRon]

OKi - dalsi CFScript:

Kód: Vybrat vše

Driver::
dnvxq

[dinospages]

pise mi to :
NRCMDC neni nazvem vnitrniho ani vnejsiho prikazu, spustitelneho programu nebo davkoveho souboru.

[dinospages]

oprava misto NRCMDC -> NIRCMDC

[JaRon]

prescanuj PC s MBAM

[dinospages]

po instalaci vyskocilo toto:
Error code: 732 (12007, 0)

program se ale spustil: zrejme neprobehla aktualizace.

mam dat rychly test nebo uplny

[dinospages]

zde je rychly test:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12.2.2010 15:04:53
mbam-log-2010-02-12 (15-04-49).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 121444
Uplynulý čas: 3 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\uzgjxn.dll (Worm.Conficker) -> No action taken.

[JaRon]

najdene ZMAZ - restart a mohlo by byt hotovo

[dinospages]

super diky moc vyzkousim a dam vedet jinak se zda ze sluzba maka tak jak ma , uz dlouho se nevypnula.

Jinak mam dva disky 750GB a 500GB zrejme jsou napadeny necim co se porad schovava do slozky recycled na vsech oddilech mam si zalozit nove tema a zkusit je pripojit ??? ze bychom to projeli??

[dinospages]

presneji ted jsem zapojil prazdnou flashku a nechal ji projet avastem:

toto je vysledek : G:/Recycled/ctfmon.exe, závažnost:vysoká, hrozba:Win32:VB-DYC[Trj]

co s tim presunout do truhly, opravit, ci smazat??


neco podobneho to dela u vsech oddílu vyse zminovanych disku

[JaRon]

ZMAZ to
cast zavirenia pochadza z flashky ,,, doporucujem vsetky disky pripojit a prescanovat s CureIT

[dinospages]

super diky moc jdu na to uz jsem si procetl par clanku o tom cervikovi, tam se jedna hlavne o zapisy mountpoints2 v registrech je to tak ???

projedu vsechyn pc ktere pouzivam cure it a pak smazu vsechny zaznamy v registrech co se tykyji mounpoints2
jdu na to díky

[JaRon]

no bacha nie vsetky zapisy mountpoints2 su skodlive ,,,
spolahni sa na AV >> CureIT prip. Avast >> vacsina tychto smejdov smeruje k autorun.inf na danom disku >> vzdy over obsah tychto suborov, ci spusta smejda alebo je to legalna podpora zariadeni