problém s Antivirus 2010 a CleanUp antivirus

[yugges]

Zdravím,
prosim o pomoc! Dostal se mi do ruky PC nestastnika, ktery veril vsemu co na webu nasel a nainstaloval...

Tady je RSIT log...

Předem díky, MS

-------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by mki at 2011-01-20 15:28:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (33%) free of 38 GB
Total RAM: 511 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]
"farstone"=NULL []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-09-20 1404928]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 708608]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-23 149280]
"movie[1]"=C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"CleanUp Antivirus"=C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe [2010-03-24 2696192]
"YVIBBBHA8C"=C:\DOCUME~1\mki\LOCALS~1\Temp\Rx1.exe [2010-04-18 165376]
"QZAIB7KITK"=C:\WINDOWS\Rqogue.exe [2010-04-18 163328]
"U36VRSFLG6"=C:\DOCUME~1\mki\LOCALS~1\Temp\Ryb.exe [2010-10-27 258048]
"C8H1KKCTZV"=C:\WINDOWS\Rqoguk.exe [2010-10-27 249856]
"q592pcusc8sv"=C:\Documents and Settings\mki\Local Settings\Temp\m.28.tmp.exe [2010-11-07 4163584]
"SecurityCenter"=C:\Documents and Settings\mki\Data aplikací\AntiVirus 2010\securitycenter.exe [2010-11-06 336896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\mki\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\mki\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe"="C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe:*:Enabled:CleanUp Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9667a7cb-3768-11df-b0ec-0011d803d363}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98f80f02-4712-11df-b129-0011d803d363}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6291dac-a7a4-11de-b071-0011d803d363}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe


======List of files/folders created in the last 1 months======

2011-01-20 15:29:02 ----DC---- C:\Program Files\trend micro
2011-01-20 15:28:59 ----DC---- C:\rsit

======List of files/folders modified in the last 1 months======

2011-01-20 15:29:02 ----RDC---- C:\Program Files
2011-01-20 15:27:22 ----AC---- C:\WINDOWS\ntbtlog.txt
2011-01-20 15:27:11 ----DC---- C:\WINDOWS\system32\CatRoot2
2011-01-20 15:19:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-20 15:06:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-20 15:06:43 ----SDC---- C:\WINDOWS\Tasks
2011-01-20 15:06:40 ----DC---- C:\WINDOWS\system32\drivers
2011-01-20 15:06:29 ----DC---- C:\WINDOWS\Temp
2011-01-16 23:51:41 ----DC---- C:\WINDOWS\Prefetch
2011-01-10 20:07:03 ----AC---- C:\WINDOWS\PhotoSnapViewer.INI
2011-01-07 23:57:22 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2011-01-02 23:10:27 ----DC---- C:\WINDOWS\Minidump
2011-01-02 23:10:27 ----DC---- C:\WINDOWS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-02-12 34978]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-04-09 120780]
S2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-04-09 20480]
S2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2003-04-09 20224]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-04-09 13070]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2008-02-05 129408]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-08-31 131184]
S3 CTSFSYN;Creative SoundFont Synth; C:\WINDOWS\system32\drivers\ctsfsyn.sys [2004-08-24 155904]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2008-02-05 235100]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-08-31 178736]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2008-02-05 732928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-08 259968]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-23 153376]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-02-05 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[yugges]

jeste doplnim, ze je z nouzoveho rezimu, protoze v normalnim modu je pro samy vyskakovaci okna pocitac nepouzitelny...

MS

[cernohous13]

Zdravím,

proveď v nouzovém režimu s prací v síti

Stáhni si ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[yugges]

Tak jsem ho spustil, nainstaloval si konzoli a pak řekl, že za deset... dvacet minut. Tak jsem mu nechal času do rána. Nestihl to, ale ráno bylo těch kombofixovejch voken otevřenejch asi 30...
Není možné spostit taskmanagera, takže co všechno tam běží a může s ním kolidovat....
Jsou nějaké další možnosti?

Díky, M.

[cernohous13]

Restartuj do nouzového režimu s prací v síti.

Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusť a nechej ho pracovat. Sám se ukončí.

- Teď nesmíš restartovat počítač!

Spusť ComboFix - dej mi log - při problémech informuj


blahopřeji k dnešním narozeninám

[yugges]

Děkuji za přání!

Vyzkoušel jsem, ale ComboFix se chová nadále stejně. Pokusí se vytvořit bod obnovení, pak napíše že vyhledává nakažené soubory a že to potrvá do 10ti minut a třetí řádek s tím, že se to může u hodně nakažených protáhnout na dvojnásobek a tak mu to zůstane.
M.

[cernohous13]

Zkusíme to jinak, ale teď zrovna mám fofr - připravím za hoďku

[cernohous13]

Tak zatím zkusíme odstranit to, co je v logu vidět - když nejde v normálním, tak v nouzovém režimu.

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Processes
explorer.exe

:Files
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe
C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe
C:\Documents and Settings\mki\Local Settings\Temp\Rx1.exe
C:\WINDOWS\Rqogue.exe 
C:\Documents and Settings\mki\Local Settings\Temp\Ryb.exe
C:\WINDOWS\Rqoguk.exe
C:\Documents and Settings\mki\Local Settings\Temp\m.28.tmp.exe
C:\Documents and Settings\mki\Data aplikací\AntiVirus 2010
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"farstone"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"movie[1]"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"MSMSGS"=-
"CleanUp Antivirus"=-
"YVIBBBHA8C"=-
"QZAIB7KITK"=-
"U36VRSFLG6"=-
"C8H1KKCTZV"=-
"q592pcusc8sv"=-
"SecurityCenter"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9667a7cb-3768-11df-b0ec-0011d803d363}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98f80f02-4712-11df-b129-0011d803d363}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6291dac-a7a4-11de-b071-0011d803d363}]

:Services
SSHNAS
NMIndexingService

:commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[REBOOT]

[yugges]

Tak v normálním módu vytuhnul u řádku SSHNAS a log po sobě nezanechal (předpokládám že samotný přesunutý soubory nebele předmětem zájmu)

V safe módu proběhl celý skript a po restartu jsem našel toto:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File/Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File/Folder C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
File/Folder C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe not found.
File/Folder C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe not found.
File/Folder C:\Documents and Settings\mki\Local Settings\Temp\Rx1.exe not found.
File/Folder C:\WINDOWS\Rqogue.exe not found.
File/Folder C:\Documents and Settings\mki\Local Settings\Temp\Ryb.exe not found.
File/Folder C:\WINDOWS\Rqoguk.exe not found.
File/Folder C:\Documents and Settings\mki\Local Settings\Temp\m.28.tmp.exe not found.
File/Folder C:\Documents and Settings\mki\Data aplikací\AntiVirus 2010 not found.
File/Folder E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\farstone not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\movie[1] not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CleanUp Antivirus not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QZAIB7KITK not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\U36VRSFLG6 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\C8H1KKCTZV not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\q592pcusc8sv not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityCenter not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\All Users\Data aplikací\f2e8232\CUf2e8.exe not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9667a7cb-3768-11df-b0ec-0011d803d363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9667a7cb-3768-11df-b0ec-0011d803d363}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98f80f02-4712-11df-b129-0011d803d363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98f80f02-4712-11df-b129-0011d803d363}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6291dac-a7a4-11de-b071-0011d803d363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6291dac-a7a4-11de-b071-0011d803d363}\ not found.
========== SERVICES/DRIVERS ==========
Service SSHNAS stopped successfully!
Service SSHNAS deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.BBB-35331487EF6
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.BBB-35331487EF6.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3021688 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 1874735 bytes

User: mki
->Temp folder emptied: 595922262 bytes
->Temporary Internet Files folder emptied: 18395603 bytes
->Java cache emptied: 24711175 bytes
->Flash cache emptied: 136596 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37115686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 650,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.17.2 log created on 01212011_132701

[JaRon]

aby si nebol len tak volnepohodeny, pokial pride kolega vloz mu aktualny log RSIT a popis ako sa sprava PC

[yugges]

tak tady je ten log z RSIT:

PC sa správá o mnoho přátelštěji, zatím neprovedlo nic, co bych označil za činnost nějaké havěti. Dokonce se mi podařilo tuto zprávu vytvořit na tom samotném "postiženém kousku"

M.

----------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by mki at 2011-01-21 13:45:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (36%) free of 38 GB
Total RAM: 511 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:02, on 21.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\PowerS.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\mki\Plocha\RSIT.exe
C:\Program Files\trend micro\mki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\RunServices: [movie[1]] C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-21 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2011-01-21 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-01-21 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-09-20 1404928]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 708608]
"PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-21 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\movie[1]]
C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\mki\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\mki\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-01-21 13:13:09 ----DC---- C:\_OTM
2011-01-21 11:02:27 ----SDC---- C:\ComboFix
2011-01-21 09:51:33 ----DC---- C:\Documents and Settings\mki\Data aplikací\Google
2011-01-21 09:50:00 ----DC---- C:\Program Files\CCleaner
2011-01-21 09:48:25 ----DC---- C:\Program Files\Google
2011-01-21 09:48:25 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-01-20 16:51:25 ----AC---- C:\Boot.bak
2011-01-20 16:51:18 ----RASHDC---- C:\cmdcons
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\zip.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\SWXCACLS.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\SWSC.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\SWREG.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\sed.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\PEV.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\NIRCMD.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\MBR.exe
2011-01-20 16:49:07 ----AC---- C:\WINDOWS\grep.exe
2011-01-20 16:48:59 ----DC---- C:\WINDOWS\ERDNT
2011-01-20 16:48:48 ----DC---- C:\Qoobox
2011-01-20 16:43:54 ----SHD---- C:\WINDOWS\CSC
2011-01-20 15:29:02 ----DC---- C:\Program Files\trend micro
2011-01-20 15:28:59 ----DC---- C:\rsit

======List of files/folders modified in the last 1 months======

2011-01-21 13:29:43 ----DC---- C:\WINDOWS\Temp
2011-01-21 13:27:25 ----AC---- C:\WINDOWS\ntbtlog.txt
2011-01-21 13:13:29 ----DC---- C:\WINDOWS\system32
2011-01-21 13:13:10 ----DC---- C:\WINDOWS
2011-01-21 13:13:09 ----SHDC---- C:\Documents and Settings\All Users\Data aplikací\f2e8232
2011-01-21 13:13:09 ----SDC---- C:\WINDOWS\Tasks
2011-01-21 13:10:32 ----DC---- C:\WINDOWS\system32\CatRoot2
2011-01-21 11:04:12 ----DC---- C:\WINDOWS\system32\drivers
2011-01-21 11:02:49 ----SHDC---- C:\RECYCLER
2011-01-21 10:53:58 ----DC---- C:\Documents and Settings
2011-01-21 10:01:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-21 09:50:00 ----RDC---- C:\Program Files
2011-01-21 09:49:45 ----SHDC---- C:\WINDOWS\Installer
2011-01-20 16:51:25 ----RASHC---- C:\boot.ini
2011-01-20 15:06:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-16 23:51:41 ----DC---- C:\WINDOWS\Prefetch
2011-01-10 20:07:03 ----AC---- C:\WINDOWS\PhotoSnapViewer.INI
2011-01-07 23:57:22 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2011-01-02 23:10:27 ----DC---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-04-09 120780]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2003-04-09 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2003-04-09 20224]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-04-09 13070]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2008-02-05 129408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-08-31 178736]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2008-02-05 732928]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-02-12 34978]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-08 259968]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S3 catchme;catchme; \??\C:\DOCUME~1\mki\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-08-31 131184]
S3 CTSFSYN;Creative SoundFont Synth; C:\WINDOWS\system32\drivers\ctsfsyn.sys [2004-08-24 155904]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2008-02-05 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-23 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2010-04-26 256512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-02-05 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-21 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

O4 - HKLM\..\RunServices: [movie[1]] C:\Documents and Settings\mki\Local Settings\Temporary Internet Files\Content.IE5\ETDEVEPW\movie[1].exe
toto FIXni v HijackThis

[yugges]

fixnuto...

zatím stále nic podezřelýho.

M.

[JaRon]

zaverecne zhodnotenie necham na kolegu, ktory Ti PC odviril
doporucujem doinstalovat aspon SP3 + nejaky AV

[yugges]

Mno na to se už docela těším, jen nechci předbíhat

nebo už s tím můžu začít?

a pěkně děkuji!!!