Pomoc s rootkitem

Zpráva

vili_lv · #1 Příspěvek od **vili_lv** » 28 úno 2010 11:02

Dobrý den, NOD32 detekoval virus Rootkit.Kryptik.AF. Pomocí CCleaneru jsem se ho snazil odstranit, ted uz se mi nikde nehlasi, presto je jedno jadro procesoru porad na 100% vytizene. Muzete mi pomoci?

LOG COMBOFIX
ComboFix 10-02-27.04 - Ivana 28.02.2010 10:36:59.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.2539 [GMT 1:00]
Spuštěný z: c:\aaa\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3163324149-2260017873-395104601-500
C:\UCTO2010
c:\ucto2010\{GLOB}\ADRWEB.000
c:\ucto2010\{GLOB}\ADRWEB.X00
c:\ucto2010\{GLOB}\BANKY.000
c:\ucto2010\{GLOB}\BANKY.X00
c:\ucto2010\{GLOB}\BANKYHB.008
c:\ucto2010\{GLOB}\CISOKR.097
c:\ucto2010\{GLOB}\DATA.000
c:\ucto2010\{GLOB}\DATA.X00
c:\ucto2010\{GLOB}\EXPDEKLA.099
c:\ucto2010\{GLOB}\EXPDEKLA.T99
c:\ucto2010\{GLOB}\FAQ.000
c:\ucto2010\{GLOB}\FAQ.X00
c:\ucto2010\{GLOB}\FIRMY.000
c:\ucto2010\{GLOB}\FORMS.099
c:\ucto2010\{GLOB}\FORMS.T99
c:\ucto2010\{GLOB}\KODPOJ.004
c:\ucto2010\{GLOB}\MODULY.000
c:\ucto2010\{GLOB}\NAHRNEM.004
c:\ucto2010\{GLOB}\NAHRNEM.X04
c:\ucto2010\{GLOB}\NEZDAN.000
c:\ucto2010\{GLOB}\NEZDAN.X00
c:\ucto2010\{GLOB}\OKRESY.000
c:\ucto2010\{GLOB}\OKRESY.X00
.
.

c:\ucto2010\TOMES\POCZAM.097
c:\ucto2010\TOMES\POHLZAV.001
c:\ucto2010\TOMES\POHLZAV.T01
c:\ucto2010\TOMES\POJIST.004
c:\ucto2010\TOMES\POJIST.X04
c:\ucto2010\TOMES\PRACOV.004
c:\ucto2010\TOMES\PRACOV.T04
c:\ucto2010\TOMES\PRACOV.X04
c:\ucto2010\TOMES\PRACSML.004
c:\ucto2010\TOMES\PRACSML.T04
c:\ucto2010\TOMES\PRIKH.008
c:\ucto2010\TOMES\PRIKP.008
c:\ucto2010\TOMES\SCIT_H.099
c:\ucto2010\TOMES\SCIT_H.T99
c:\ucto2010\TOMES\SCIT_H.X99
c:\ucto2010\TOMES\SHIFTF3.000
c:\ucto2010\TOMES\SHIFTF3.X00
c:\ucto2010\TOMES\SIL.005
c:\ucto2010\TOMES\SIL.T05
c:\ucto2010\TOMES\SIL.X05
c:\ucto2010\TOMES\SILVOZ.005
c:\ucto2010\TOMES\SILVOZ.X05
c:\ucto2010\TOMES\SOUDOK_H.009
c:\ucto2010\TOMES\SOUDOK_H.T09
c:\ucto2010\TOMES\SOUDOK_P.009
c:\ucto2010\TOMES\TEXTY.002
c:\ucto2010\TOMES\TEXTY.T02
c:\ucto2010\TOMES\TRIDY.004
c:\ucto2010\TOMES\TRIDY.X04
c:\ucto2010\TOMES\TYPDOKL.001
c:\ucto2010\TOMES\UCTY.000
c:\ucto2010\TOMES\UKOLY.000
c:\ucto2010\TOMES\UKOLY.T00
c:\ucto2010\TOMES\UPR15.003
c:\ucto2010\TOMES\UPR15.X03
c:\ucto2010\TOMES\UPR16.003
c:\ucto2010\TOMES\UPR16.X03
c:\ucto2010\TOMES\UZAV.001
c:\ucto2010\TOMES\VYBERADR.000
c:\ucto2010\TOMES\VYBERADR.X00
c:\ucto2010\TOMES\VYKMAZA.UUU
c:\ucto2010\TOMES\VYRIZUJE.002
c:\ucto2010\TOMES\VYUCZAL.097
c:\ucto2010\TOMES\VZP08.003
c:\ucto2010\TOMES\VZP09.003
c:\ucto2010\TOMES\ZAL_H.099
c:\ucto2010\TOMES\ZAL_H.T99
c:\ucto2010\TOMES\ZAL_H.X99
c:\ucto2010\TOMES\ZAOKFA.006
c:\ucto2010\TOMES\ZP.009
c:\ucto2010\TOMES\ZP.T09
c:\ucto2010\TOMES\ZP.X09
c:\ucto2010\TOMES\ZURNALD.001
c:\ucto2010\TTT.CAT
c:\ucto2010\TTT.RDB
c:\ucto2010\TTT.TTT
c:\ucto2010\TTTNEW.UUU
c:\ucto2010\TXTNARTF.EXE
c:\ucto2010\U.BAT
c:\ucto2010\UCTO.000
c:\ucto2010\UCTO.PAL
c:\ucto2010\UCTO2010.CAT
c:\ucto2010\UCTO2010.ICO
c:\ucto2010\UCTO2010.RDB
c:\ucto2010\UCTO2010.TTT
c:\ucto2010\UCTOINFO.PRO
c:\ucto2010\UCTOINFO.TRO
c:\ucto2010\UCTOTXT.UUU
c:\ucto2010\UCTOTXT2.UUU
c:\ucto2010\UCTOTXT3.UUU
c:\ucto2010\UEMAIL.UUU
c:\ucto2010\UFAND.EXE
c:\ucto2010\UFAND.OVR
c:\ucto2010\UFANDHLP.000
c:\ucto2010\UFANDHLP.T00
c:\ucto2010\UK.BAT
c:\ucto2010\UPG.PRO
c:\ucto2010\UPG.TRO
c:\ucto2010\UPG01.PRO
c:\ucto2010\UPG01.TRO
c:\ucto2010\UPG02.PRO
c:\ucto2010\UPG02.TRO
c:\ucto2010\UPG03.PRO
c:\ucto2010\UPG03.TRO
c:\ucto2010\UPG04.PRO
c:\ucto2010\UPG04.TRO
c:\ucto2010\UPG05.PRO
c:\ucto2010\UPG05.TRO
c:\ucto2010\UPG06.PRO
c:\ucto2010\UPG06.TRO
c:\ucto2010\UPG07.PRO
c:\ucto2010\UPG07.TRO
c:\ucto2010\UPG08.PRO
c:\ucto2010\UPG08.TRO
c:\ucto2010\UPG09.PRO
c:\ucto2010\UPG09.TRO
c:\ucto2010\UPG97.PRO
c:\ucto2010\UPG97.TRO
c:\ucto2010\UPG99.PRO
c:\ucto2010\UPG99.TRO
c:\ucto2010\UPGPAR.000
c:\ucto2010\VEDLCIN.UUU
c:\ucto2010\VERZE.UUU
c:\ucto2010\VYBERTXT.EXE
c:\ucto2010\VZORTISK.000
c:\ucto2010\ZASTUPCE.CAT
c:\ucto2010\ZASTUPCE.INI
c:\ucto2010\ZASTUPCE.RDB
c:\ucto2010\ZASTUPCE.TTT
c:\ucto2010\ZETROZET.PAL
c:\ucto2010\ZZZ.BAT
c:\windows\system32\drivers\FSC__PI__ESPRIMO Mobile V6545 __FUJITSU SIEMENS_D45 __Ver 1.00PARTTBL_FSC - 6040000_V1.16 .MRK

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 14:58 . 2010-02-27 14:58 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-02-27 14:41 . 2010-02-27 14:42 -------- d-----w- c:\program files\trend micro
2010-02-27 14:41 . 2010-02-27 14:42 -------- d-----w- C:\rsit
2010-02-27 14:18 . 2010-02-27 14:18 -------- d-----w- c:\documents and settings\Ivana\DoctorWeb
2010-02-27 13:57 . 2010-02-27 13:57 -------- d-----w- c:\program files\ReviverSoft
2010-02-27 13:22 . 2010-02-27 13:22 -------- d-----w- c:\program files\CCleaner
2010-02-27 13:14 . 2010-02-28 09:32 -------- d-----w- C:\aaa
2010-02-27 12:33 . 2010-02-27 12:33 -------- d-sh--w- c:\documents and settings\Ivana\IECompatCache
2010-02-27 12:30 . 2010-02-27 12:30 -------- d-----w- c:\program files\Alwil Software
2010-02-14 12:47 . 2010-02-23 16:02 -------- d-----w- C:\STEREO18

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 08:54 . 2008-06-23 22:51 82750 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 08:54 . 2008-06-23 22:51 438070 ----a-w- c:\windows\system32\perfh005.dat
2010-02-27 13:23 . 2008-12-20 17:31 -------- d-----w- c:\program files\Winamp
2010-02-24 16:45 . 2008-12-04 11:47 16 ----a-w- c:\documents and settings\Ivana\pKLC21.dll
2010-02-24 07:15 . 2009-11-10 07:18 16 ----a-w- c:\documents and settings\Ivana\pPFVkA81.dll
2010-01-15 12:15 . 2010-01-04 06:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 08:40 . 2010-01-12 08:40 5443 ----a-w- c:\windows\unins000.dat
2010-01-12 08:39 . 2010-01-12 08:40 1188443 ----a-w- c:\windows\unins000.exe
2010-01-02 13:20 . 2008-09-23 16:13 -------- d-----w- c:\program files\ESET
2009-12-31 16:50 . 2008-06-23 22:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-06-23 22:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-06-23 23:04 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-06-23 22:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-06-23 22:50 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-06-23 22:50 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 06:46 . 2009-11-10 07:33 16 ----a-w- c:\documents and settings\Ivana\pPFVuA81.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"\\192.168.1.100\EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-23 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ivana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
winesm32.exe [2008-4-14 29184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [23.9.2008 17:14 15424]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [23.9.2008 14:17 84240]
S3 LKFUFLQJ;LKFUFLQJ;c:\docume~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe --> c:\docume~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe [?]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [23.9.2008 14:21 118784]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-28 c:\windows\Tasks\Registry Reviver-Ivana-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-02-22 10:49]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{6D76E0E4-03A8-4C00-846C-554EB2754777}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 10:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

c:\combofix\swxcacls.cfxxe [51276] 0x832DB3E0
? [54732]
c:\combofix\CF4898.cfxxe [55596] 0x83F218A0
? [55612]
skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????? ??|???|???????|????????L????????T????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??W?s??????????7~?h@???????????????A?~??s??????A???@??S??vs@??S???W?s??@??T?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????? ??|???|???????|????????L????????T????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??W?s??????????7~?h@???????????????A?~??s??????A???@??S??vs@??S???W?s??@??T?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????? ??|???|???????|????????L????????T????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A??W?s??????????7~?h@???????????????A?~??s??????A???@??S??vs@??S???W?s??@??T?????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-02-28 10:49:37
ComboFix-quarantined-files.txt 2010-02-28 09:49

Před spuštěním: Volných bajtů: 289 829 076 992
Po spuštění: Volných bajtů: 289 880 006 656

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6BD3ADD2313504823A71EECCDD79E4F8

LOG RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivana at 2010-02-27 15:41:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 276 GB (91%) free of 305 GB
Total RAM: 3067 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:16, on 27.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\aaa\RootkitRevealer\RootkitRevealer.exe
C:\DOCUME~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe
C:\aaa\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Ivana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Ivana\LOCALS~1\Temp\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Automaticky EPSON Stylus DX4400 Series v SMEJDIROVA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S3F7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S43C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LKFUFLQJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 8848 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registry Reviver-Ivana-Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6D76E0E4-03A8-4C00-846C-554EB2754777}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-07-26 192512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-09-23 949376]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe []
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe []
"Wbutton"=C:\Program Files\Launch Manager\WButton.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"\\192.168.1.100\EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"Automaticky EPSON Stylus DX4400 Series v SMEJDIROVA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

C:\Documents and Settings\Ivana\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Office\Office12\ONENOTEM.EXE
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Office\Office12\OUTLOOK.EXE"="C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Windows\DSAssistant\Application\DSAssistant.exe"="D:\Windows\DSAssistant\Application\DSAssistant.exe:*:Enabled:Synology Assistant"
"C:\Program Files\Office\Office12\ONENOTE.EXE"="C:\Program Files\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-27 15:41:55 ----D---- C:\Program Files\trend micro
2010-02-27 15:41:53 ----D---- C:\rsit
2010-02-27 15:00:38 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-27 14:57:28 ----D---- C:\Program Files\ReviverSoft
2010-02-27 14:57:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\ReviverSoft
2010-02-27 14:22:33 ----D---- C:\Program Files\CCleaner
2010-02-27 14:14:07 ----D---- C:\aaa
2010-02-27 13:30:27 ----D---- C:\Program Files\Alwil Software
2010-02-27 13:30:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-24 07:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-14 13:47:20 ----D---- C:\STEREO18
2010-02-10 22:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 22:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 22:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 22:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 22:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 22:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 22:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 22:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 22:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-02-27 15:42:16 ----D---- C:\WINDOWS\Temp
2010-02-27 15:42:00 ----D---- C:\WINDOWS\Prefetch
2010-02-27 15:41:55 ----RD---- C:\Program Files
2010-02-27 15:36:39 ----D---- C:\WINDOWS\system32
2010-02-27 15:35:03 ----D---- C:\WINDOWS\system32\drivers
2010-02-27 15:25:20 ----D---- C:\Documents and Settings\Ivana\Data aplikací\Skype
2010-02-27 15:16:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 15:12:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 15:04:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 15:02:43 ----D---- C:\WINDOWS
2010-02-27 15:00:50 ----SHD---- C:\WINDOWS\Installer
2010-02-27 15:00:50 ----D---- C:\WINDOWS\WinSxS
2010-02-27 14:57:42 ----SD---- C:\WINDOWS\Tasks
2010-02-27 14:36:02 ----SHD---- C:\System Volume Information
2010-02-27 14:36:02 ----D---- C:\WINDOWS\system32\Restore
2010-02-27 14:34:37 ----A---- C:\WINDOWS\wincmd.ini
2010-02-27 14:25:30 ----D---- C:\WINDOWS\Debug
2010-02-27 14:23:31 ----D---- C:\Program Files\Winamp
2010-02-27 13:37:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-27 13:30:08 ----D---- C:\Install
2010-02-27 13:20:03 ----D---- C:\Documents and Settings\Ivana\Data aplikací\skypePM
2010-02-26 12:11:58 ----D---- C:\UCTO2010
2010-02-26 09:05:35 ----HD---- C:\WINDOWS\inf
2010-02-24 13:48:24 ----D---- C:\UCTO2009
2010-02-24 07:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 08:26:32 ----D---- C:\WINDOWS\system32\config
2010-02-18 09:53:41 ----D---- C:\UCTO2003
2010-02-16 10:48:49 ----D---- C:\STEREO17
2010-02-10 22:16:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-08 12:51:48 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-29 17:32:46 ----D---- C:\UCTO2005

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-09-23 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-09-23 512096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-12 2870784]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standardní řadič disku IDE/ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-12 532480]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-09-23 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 LKFUFLQJ;LKFUFLQJ; C:\DOCUME~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe [2010-02-27 514944]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 28 úno 2010 11:22

Hezké poledne

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\docume~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe
c:\documents and settings\Ivana\Nabídka Start\Programy\Po spuštění\winesm32.exe
Driver
LKFUFLQJ

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

vili_lv · #3 Příspěvek od **vili_lv** » 28 úno 2010 13:17

Tady je vysledny log:

ComboFix 10-02-27.04 - Ivana 28.02.2010 12:13:52.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.1590 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

file zipped: c:\documents and settings\Ivana\Nabídka Start\Programy\Po spuštění\winesm32.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ivana\Nabídka Start\Programy\Po spuštění\winesm32.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 14:58 . 2010-02-27 14:58 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-02-27 14:41 . 2010-02-27 14:42 -------- d-----w- c:\program files\trend micro
2010-02-27 14:41 . 2010-02-27 14:42 -------- d-----w- C:\rsit
2010-02-27 14:18 . 2010-02-27 14:18 -------- d-----w- c:\documents and settings\Ivana\DoctorWeb
2010-02-27 13:57 . 2010-02-27 13:57 -------- d-----w- c:\program files\ReviverSoft
2010-02-27 13:22 . 2010-02-27 13:22 -------- d-----w- c:\program files\CCleaner
2010-02-27 13:14 . 2010-02-28 09:32 -------- d-----w- C:\aaa
2010-02-27 12:33 . 2010-02-27 12:33 -------- d-sh--w- c:\documents and settings\Ivana\IECompatCache
2010-02-27 12:30 . 2010-02-27 12:30 -------- d-----w- c:\program files\Alwil Software
2010-02-14 12:47 . 2010-02-23 16:02 -------- d-----w- C:\STEREO18

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 08:54 . 2008-06-23 22:51 82750 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 08:54 . 2008-06-23 22:51 438070 ----a-w- c:\windows\system32\perfh005.dat
2010-02-27 13:23 . 2008-12-20 17:31 -------- d-----w- c:\program files\Winamp
2010-02-24 16:45 . 2008-12-04 11:47 16 ----a-w- c:\documents and settings\Ivana\pKLC21.dll
2010-02-24 07:15 . 2009-11-10 07:18 16 ----a-w- c:\documents and settings\Ivana\pPFVkA81.dll
2010-01-15 12:15 . 2010-01-04 06:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 08:40 . 2010-01-12 08:40 5443 ----a-w- c:\windows\unins000.dat
2010-01-12 08:39 . 2010-01-12 08:40 1188443 ----a-w- c:\windows\unins000.exe
2010-01-02 13:20 . 2008-09-23 16:13 -------- d-----w- c:\program files\ESET
2009-12-31 16:50 . 2008-06-23 22:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-06-23 22:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-06-23 23:04 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-06-23 22:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-06-23 22:50 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-06-23 22:50 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 06:46 . 2009-11-10 07:33 16 ----a-w- c:\documents and settings\Ivana\pPFVuA81.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"\\192.168.1.100\EPSON Stylus DX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-23 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [BU]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ivana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [23.9.2008 17:14 15424]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [23.9.2008 14:17 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [23.9.2008 14:21 118784]
S3 LKFUFLQJ;LKFUFLQJ;c:\docume~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe --> c:\docume~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-28 c:\windows\Tasks\Registry Reviver-Ivana-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-02-22 10:49]

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{6D76E0E4-03A8-4C00-846C-554EB2754777}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????? ??|???|???????|????????L????????J????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A?X? ???????????7~?h@???????????????A??N]???????A???@??J??vs@??J??0? ???@??J?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????? ??|???|???????|????????L????????J????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A?X? ???????????7~?h@???????????????A??N]???????A???@??J??vs@??J??0? ???@??J?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????? ??|???|???????|????????L????????J????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A?X? ???????????7~?h@???????????????A??N]???????A???@??J??vs@??J??0? ???@??J?????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(6256)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-28 12:20:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-28 11:20
ComboFix2.txt 2010-02-28 09:49

Před spuštěním: Volných bajtů: 289 888 718 848
Po spuštění: Volných bajtů: 289 862 299 648

- - End Of File - - AC286F84D28C34A2BED5F8CF8D633C9E

#4 Příspěvek od **motji** » 28 úno 2010 13:38

Jak to ted vypadá s počítačem?

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

vili_lv · #5 Příspěvek od **vili_lv** » 28 úno 2010 18:23

Při skenování se počítač vypnul, po naběhnutí systému je situace taková, že procesor má vytížená už obě jádra na 100%, takže skenování trvá několik hodin a není pořád u konce. Zkusil jsem ho zastavit a aplikovat ccleaner, ale ani ten nezabral. Můžu zkusit ještě něo jiného před skenováním gmerem?

#6 Příspěvek od **motji** » 28 úno 2010 18:25

Zkuste ho spustit v nouzovém režimu. Pokud ani pak nepůjde jak má, uložte co bude mít naskenováno a log vložte zde.

vili_lv · #7 Příspěvek od **vili_lv** » 28 úno 2010 20:18

Takze tady jsou vysledky:

LOG1
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-28 18:08:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ivana\LOCALS~1\Temp\ufaoifow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

LOG2
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-28 20:12:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ivana\LOCALS~1\Temp\ufaoifow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CDF000, 0x188AF6, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37596723
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37596723 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#8 Příspěvek od **motji** » 28 úno 2010 20:24

Otestujte na www.virustotal.com
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Jak to ted vypadá s počítačem?

vili_lv · #9 Příspěvek od **vili_lv** » 28 úno 2010 20:51

PC momentálně vypadá v pořádku. Výkon je na cca 20 % (flash v exploreru).
Tak doufejme, že to bude v pořádku.
Jak to vidíte vy?

Test je zde:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.28 -
AhnLab-V3 5.0.0.2 2010.02.28 -
AntiVir 8.2.1.176 2010.02.28 -
Antiy-AVL 2.0.3.7 2010.02.26 -
Authentium 5.2.0.5 2010.02.28 -
Avast 4.8.1351.0 2010.02.28 -
Avast5 5.0.332.0 2010.02.28 -
AVG 9.0.0.730 2010.02.28 -
BitDefender 7.2 2010.02.28 -
CAT-QuickHeal 10.00 2010.02.27 -
ClamAV 0.96.0.0-git 2010.02.28 -
Comodo 4091 2010.02.28 -
eSafe 7.0.17.0 2010.02.28 -
eTrust-Vet 35.2.7331 2010.02.26 -
F-Prot 4.5.1.85 2010.02.28 -
F-Secure 9.0.15370.0 2010.02.27 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.02.28 -
Ikarus T3.1.1.80.0 2010.02.28 -
Jiangmin 13.0.900 2010.02.28 -
K7AntiVirus 7.10.984 2010.02.26 -
Kaspersky 7.0.0.125 2010.02.28 -
McAfee 5906 2010.02.28 -
McAfee+Artemis 5906 2010.02.28 -
McAfee-GW-Edition 6.8.5 2010.02.28 -
Microsoft 1.5502 2010.02.28 -
NOD32 4903 2010.02.28 -
Norman 6.04.08 2010.02.28 -
nProtect 2009.1.8.0 2010.02.28 -
Panda 10.0.2.2 2010.02.28 -
PCTools 7.0.3.5 2010.02.28 -
Prevx 3.0 2010.02.28 -
Rising 22.36.06.04 2010.02.28 -
Sophos 4.50.0 2010.02.28 -
Sunbelt 5710 2010.02.28 -
Symantec 20091.2.0.41 2010.02.28 -
TheHacker 6.5.1.7.215 2010.02.28 -
TrendMicro 9.120.0.1004 2010.02.28 -
VBA32 3.12.12.2 2010.02.26 -
ViRobot 2010.2.27.2206 2010.02.27 -
VirusBuster 5.0.27.0 2010.02.28 -
Rozšiřující informace
File size: 2870784 bytes
MD5...: a4d1c3cd20c8c595af1817bb5352ecd6
SHA1..: 13041a4ec2404934ad6cbeac2685e3951ccc77b9
SHA256: bd4dc23a308cf6483dcdc4c1a4be769f22d334a62f220a7cacc1147a0b796994
ssdeep: 49152:VZoq+1dF3/+jKOitBsWAsOeG4w1v6XrzX9HR30tbzYDvgdHi74hrbGGvWR
RNa2l:bof1doitBsWAsOeG4w1v6XX9wC7UGGe/

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x413005
timedatestamp.....: 0x47d847f4 (Wed Mar 12 21:15:32 2008)
machinetype.......: 0x14c (I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x188af6 0x188c00 6.68 74b52c06a3f0059d6e4c8c128fb59649
_W_CODE 0x18a000 0x6ec 0x800 5.94 9d9ad5cf1dddedeec1198f652dbd14d3
.rdata 0x18b000 0x2fc94 0x2fe00 6.23 f1ed6c18b3d6dafab4962bd64f09173f
.data 0x1bb000 0x2124c0 0xaec00 6.64 2cefaac4d9537957219703ded35d8549
PAGE_INI 0x3ce000 0xa576 0xa600 6.43 bd210d67d2e931af617d00ee58149862
PAGE_COM 0x3d9000 0x2ff4a 0x30000 6.51 2747ef49167155555307cc9ce1b89c60
PAGE_DDC 0x409000 0x929 0xa00 6.00 f05b319c3a4257a8018077533d64d957
PAGE 0x40a000 0x8f58 0x9000 2.92 4b62ce38942ab7dd097f63d4b87fe418
INIT 0x413000 0x14d8 0x1600 5.39 1af5c86892a8594d7c8c1e57e696a592
.rsrc 0x415000 0x908 0xa00 3.20 7be0cb4c0a8566ee9e41ecf295846600
.reloc 0x416000 0xeaf0 0xec00 6.20 de3ffeb31123f7d64acc4f876b612da4

( 4 imports )
> VIDEOPRT.SYS: VideoPortGetAccessRanges, VideoPortGetVgaStatus, VideoPortGetDeviceBase, VideoPortVerifyAccessRanges, VideoPortFreeDeviceBase, VideoPortQueryServices, VideoPortSetTrappedEmulatorPorts, VideoPortScanRom, VideoPortReadRegisterUshort, VideoPortGetRomImage, VideoPortMapMemory, VideoPortLogError, VideoPortSynchronizeExecution, VideoPortQueueDpc, VideoPortReadRegisterUlong, VideoPortWriteRegisterUchar, VideoPortWriteRegisterUlong, VideoPortGetAssociatedDeviceExtension, VideoPortInitialize, VideoPortWritePortUchar, VideoPortInterlockedDecrement, VideoPortInterlockedExchange, VideoPortCompareMemory, VideoPortReadPortUlong, VideoPortWritePortUlong, VideoPortStallExecution, VideoPortSetRegistryParameters, VideoPortEnumerateChildren, VideoPortSetBusData, VideoPortGetBusData, VideoPortReadRegisterBufferUchar, VideoPortGetRegistryParameters, VideoPortReadRegisterUchar, VideoPortMoveMemory, VideoPortDisableInterrupt, VideoPortEnableInterrupt, VideoPortInt10, VideoPortUnmapMemory, VideoPortZeroMemory, VideoPortInterlockedIncrement
> NTOSKRNL.EXE: KeTickCount, KeBugCheckEx
> ntoskrnl.exe: KeWaitForSingleObject, KeReleaseMutex, KeInitializeDpc, KeInsertQueueDpc, KeRemoveQueueDpc, PsTerminateSystemThread, KeQueryInterruptTime, ZwQueryInformationProcess, PsGetCurrentProcessId, MmAllocateContiguousMemorySpecifyCache, MmFreeContiguousMemorySpecifyCache, ExAllocatePoolWithTag, ExFreePoolWithTag, MmGetPhysicalAddress, MmProbeAndLockPages, MmSizeOfMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmBuildMdlForNonPagedPool, KeUnstackDetachProcess, MmUnmapLockedPages, MmIsAddressValid, IoGetCurrentProcess, KeStackAttachProcess, RtlFreeUnicodeString, ZwCreateFile, RtlAppendUnicodeStringToString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwSetInformationFile, ZwClose, ZwWriteFile, ZwReadFile, KeInitializeMutex, wcsncpy, wcslen, wcsstr, ZwQueryValueKey, ZwOpenKey, wcscat, ZwSetValueKey, RtlQueryRegistryValues, KeSetEvent, ZwQuerySystemInformation, PsLookupProcessByProcessId, RtlEqualUnicodeString, ObfDereferenceObject, ObReferenceObjectByPointer, MmFreePagesFromMdl, MmAllocatePagesForMdl, MmLockPagableDataSection, MmUnlockPagableImageSection, KeSaveFloatingPointState, KeRestoreFloatingPointState, MmMapIoSpace, MmUnmapIoSpace, KeSetTargetProcessorDpc, KeSetImportanceDpc, KeNumberProcessors, ObReferenceObjectByHandle, ObOpenObjectByPointer, MmMapUserAddressesToPage, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeQueryTimeIncrement, MmHighestUserAddress, IoCreateSynchronizationEvent, IoCreateNotificationEvent, KeClearEvent, ExRegisterCallback, ExCreateCallback, ExUnregisterCallback, ExNotifyCallback, ZwPowerInformation, ZwMapViewOfSection, ZwOpenSection, ZwUnmapViewOfSection, wcscpy, ZwInitiatePowerAction, PsCreateSystemThread, PsSetCreateProcessNotifyRoutine, IoFreeMdl, IoAllocateMdl, KeReadStateEvent, _wcslwr, mbstowcs, KeSetTimer, KeInitializeTimer, KeCancelTimer, vsprintf, rand, srand, _vsnprintf, RtlAppendUnicodeToString, RtlTimeToTimeFields, ExSystemTimeToLocalTime, KeQuerySystemTime, ZwSetInformationThread, KeQueryActiveProcessors, KeQueryPriorityThread, KeGetCurrentThread, KeDelayExecutionThread, _purecall, _aullshr, ExfInterlockedRemoveHeadList, ExfInterlockedInsertTailList, ExfInterlockedInsertHeadList, ExFreeToPagedLookasideList, ExAllocateFromPagedLookasideList, ExDeleteNPagedLookasideList, ExDeletePagedLookasideList, ExInitializeNPagedLookasideList, ExInitializePagedLookasideList, KeInitializeSpinLock, KeInitializeEvent, ExInterlockedPushEntrySList, ExInterlockedPopEntrySList, KdDebuggerNotPresent, DbgBreakPoint, RtlInitUnicodeString, MmGetSystemRoutineAddress, wcstombs, _except_handler3, ZwQueryInformationFile, DbgPrint, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, _snprintf, RtlRaiseException
> HAL.dll: KeGetCurrentIrql, KfLowerIrql, KeQueryPerformanceCounter, HalGetBusDataByOffset, HalSetBusDataByOffset, HalAllocateCommonBuffer, HalGetAdapter, HalFreeCommonBuffer, KfAcquireSpinLock, KfReleaseSpinLock, KeRaiseIrqlToDpcLevel, ExAcquireFastMutex, ExReleaseFastMutex, KeAcquireSpinLock, KeReleaseSpinLock, KfRaiseIrql

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: ATI Technologies Inc.
copyright....: Copyright (C) 1998-2004 ATI Technologies Inc.
product......: ATI Radeon WindowsNT Miniport Driver
description..: ATI Radeon WindowsNT Miniport Driver
original name: ati2mtag.sys
internal name: ati2mtag.sys
file version.: 6.14.10.6783
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (Kaspersky): PE_Patch

#10 Příspěvek od **motji** » 28 úno 2010 20:59

:arrow:Otevřete poznámkový blok a do něj zkopírujte:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

***********

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

vili_lv · #11 Příspěvek od **vili_lv** » 28 úno 2010 22:20

Tak s pocitacem to vypada dobre, NOD nic nehlasi, vykon procesoru se drzi na beznych hodnotach. Programy jdou spoustet.

Jste uzasny, moc diky za pomoc.

LOG
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivana at 2010-02-28 22:14:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 277 GB (91%) free of 305 GB
Total RAM: 3067 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:21, on 28.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ivana\Local Settings\Temporary Internet Files\Content.IE5\A4DOJJEX\RSIT[1].exe
C:\Program Files\trend micro\Ivana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Ivana\LOCALS~1\Temp\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LKFUFLQJ - Unknown owner - C:\DOCUME~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7441 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registry Reviver-Ivana-Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6D76E0E4-03A8-4C00-846C-554EB2754777}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-07-26 192512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-09-23 949376]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe []
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe []
"Wbutton"=C:\Program Files\Launch Manager\WButton.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"\\192.168.1.100\EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Ivana\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Office\Office12\OUTLOOK.EXE"="C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Office\Office12\ONENOTE.EXE"="C:\Program Files\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-28 22:14:13 ----D---- C:\Program Files\trend micro
2010-02-28 22:14:12 ----D---- C:\rsit
2010-02-28 14:32:08 ----SHD---- C:\RECYCLER
2010-02-28 12:20:59 ----D---- C:\WINDOWS\temp
2010-02-28 10:35:54 ----A---- C:\Boot.bak
2010-02-28 10:35:51 ----RASHD---- C:\cmdcons
2010-02-27 14:22:33 ----D---- C:\Program Files\CCleaner
2010-02-27 14:14:07 ----D---- C:\aaa
2010-02-27 13:30:27 ----D---- C:\Program Files\Alwil Software
2010-02-27 13:30:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-24 07:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-14 13:47:20 ----D---- C:\STEREO18
2010-02-10 22:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 22:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 22:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 22:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 22:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 22:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 22:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 22:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 22:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-02-28 22:14:18 ----D---- C:\WINDOWS\Prefetch
2010-02-28 22:14:13 ----RD---- C:\Program Files
2010-02-28 22:03:05 ----D---- C:\WINDOWS\system32
2010-02-28 22:03:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-28 22:00:17 ----D---- C:\Documents and Settings\Ivana\Data aplikací\Skype
2010-02-28 21:59:09 ----D---- C:\WINDOWS
2010-02-28 21:58:55 ----SHD---- C:\System Volume Information
2010-02-28 21:58:55 ----D---- C:\WINDOWS\system32\Restore
2010-02-28 21:57:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 21:56:25 ----SHD---- C:\WINDOWS\Installer
2010-02-28 18:11:37 ----D---- C:\WINDOWS\system32\drivers
2010-02-28 17:22:12 ----D---- C:\Documents and Settings\Ivana\Data aplikací\skypePM
2010-02-28 17:14:09 ----A---- C:\WINDOWS\wincmd.ini
2010-02-28 12:20:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 12:18:08 ----A---- C:\WINDOWS\system.ini
2010-02-28 12:15:32 ----D---- C:\WINDOWS\AppPatch
2010-02-28 12:15:32 ----D---- C:\Program Files\Common Files
2010-02-28 10:35:54 ----RASH---- C:\boot.ini
2010-02-27 15:00:50 ----D---- C:\WINDOWS\WinSxS
2010-02-27 14:57:42 ----SD---- C:\WINDOWS\Tasks
2010-02-27 14:25:30 ----D---- C:\WINDOWS\Debug
2010-02-27 14:23:31 ----D---- C:\Program Files\Winamp
2010-02-27 13:37:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-27 13:30:08 ----D---- C:\Install
2010-02-26 09:05:35 ----HD---- C:\WINDOWS\inf
2010-02-24 13:48:24 ----D---- C:\UCTO2009
2010-02-24 07:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 08:26:32 ----D---- C:\WINDOWS\system32\config
2010-02-18 09:53:41 ----D---- C:\UCTO2003
2010-02-16 10:48:49 ----D---- C:\STEREO17
2010-02-10 22:16:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-08 12:51:48 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-29 17:32:46 ----D---- C:\UCTO2005

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-09-23 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-09-23 512096]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-12 2870784]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standardní řadič disku IDE/ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-12 532480]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-09-23 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LKFUFLQJ;LKFUFLQJ; C:\DOCUME~1\Ivana\LOCALS~1\Temp\LKFUFLQJ.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 Příspěvek od **motji** » 28 úno 2010 22:39

start - spustit - do okenka napište

sc delete LKFUFLQJ

enter

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=-
"CtrlVol"=-
"LaunchAp"=-
"Wbutton"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

restartujte počítač a poprosím o nový log ze Rsitu

Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980

vili_lv · #13 Příspěvek od **vili_lv** » 01 bře 2010 07:58

Je zapnuty pouze windowsovy firewall, po teto zkusenosti tam dam jiny.

Tady je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivana at 2010-03-01 07:55:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 277 GB (91%) free of 305 GB
Total RAM: 3067 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:37, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ivana\Local Settings\Temporary Internet Files\Content.IE5\A4DOJJEX\RSIT[1].exe
C:\Program Files\trend micro\Ivana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Ivana\LOCALS~1\Temp\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 6993 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registry Reviver-Ivana-Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6D76E0E4-03A8-4C00-846C-554EB2754777}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-07-26 192512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-09-23 949376]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"\\192.168.1.100\EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Ivana\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Office\Office12\OUTLOOK.EXE"="C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Office\Office12\ONENOTE.EXE"="C:\Program Files\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-28 22:14:13 ----D---- C:\Program Files\trend micro
2010-02-28 22:14:12 ----D---- C:\rsit
2010-02-28 14:32:08 ----SHD---- C:\RECYCLER
2010-02-28 12:20:59 ----D---- C:\WINDOWS\temp
2010-02-28 10:35:54 ----A---- C:\Boot.bak
2010-02-28 10:35:51 ----RASHD---- C:\cmdcons
2010-02-27 14:22:33 ----D---- C:\Program Files\CCleaner
2010-02-27 14:14:07 ----D---- C:\aaa
2010-02-27 13:30:27 ----D---- C:\Program Files\Alwil Software
2010-02-27 13:30:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-24 07:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-14 13:47:20 ----D---- C:\STEREO18
2010-02-10 22:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 22:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 22:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 22:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 22:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 22:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 22:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 22:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 22:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-01 07:54:43 ----D---- C:\Documents and Settings\Ivana\Data aplikací\Skype
2010-03-01 07:53:08 ----D---- C:\WINDOWS\Prefetch
2010-03-01 00:55:18 ----D---- C:\Documents and Settings\Ivana\Data aplikací\skypePM
2010-02-28 22:39:18 ----D---- C:\UCTO2009
2010-02-28 22:38:33 ----A---- C:\WINDOWS\wincmd.ini
2010-02-28 22:14:13 ----RD---- C:\Program Files
2010-02-28 22:03:05 ----D---- C:\WINDOWS\system32
2010-02-28 22:03:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-28 21:59:09 ----D---- C:\WINDOWS
2010-02-28 21:58:55 ----SHD---- C:\System Volume Information
2010-02-28 21:58:55 ----D---- C:\WINDOWS\system32\Restore
2010-02-28 21:57:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 21:56:25 ----SHD---- C:\WINDOWS\Installer
2010-02-28 18:11:37 ----D---- C:\WINDOWS\system32\drivers
2010-02-28 12:20:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 12:18:08 ----A---- C:\WINDOWS\system.ini
2010-02-28 12:15:32 ----D---- C:\WINDOWS\AppPatch
2010-02-28 12:15:32 ----D---- C:\Program Files\Common Files
2010-02-28 10:35:54 ----RASH---- C:\boot.ini
2010-02-27 15:00:50 ----D---- C:\WINDOWS\WinSxS
2010-02-27 14:57:42 ----SD---- C:\WINDOWS\Tasks
2010-02-27 14:25:30 ----D---- C:\WINDOWS\Debug
2010-02-27 14:23:31 ----D---- C:\Program Files\Winamp
2010-02-27 13:37:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-27 13:30:08 ----D---- C:\Install
2010-02-26 09:05:35 ----HD---- C:\WINDOWS\inf
2010-02-24 07:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 08:26:32 ----D---- C:\WINDOWS\system32\config
2010-02-18 09:53:41 ----D---- C:\UCTO2003
2010-02-16 10:48:49 ----D---- C:\STEREO17
2010-02-10 22:16:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-02-08 12:51:48 ----A---- C:\WINDOWS\PhotoSnapViewer.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-09-23 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-09-23 512096]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-12 2870784]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-28 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standardní řadič disku IDE/ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-12 532480]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-09-23 552064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 Příspěvek od **motji** » 01 bře 2010 08:12

Log vypadá v pořádku, jsou s počítačem ještě nějaké problémy?

vili_lv · #15 Příspěvek od **vili_lv** » 02 bře 2010 08:37

Vsechno vypada v poradku. Moc dekuji za podporu.

VIRY.CZ

Pomoc s rootkitem

Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem

Re: Pomoc s rootkitem