Prosim o kontrolu logu

[Doil]

Dobry den, nedavno mi (pred 14dny) mi nod32 zahlasil virus, ten jsem uspesne vlozil do karanteny, ale pro zmenu se obevilo zatizeni svchost.exe 99procent.
Nejake zkusenosti uz s tim mam tak jsem pouzil ComboFix a zda se ze vse prestalo.
Tak nyni jen pro kontrolu jestli je vse OK.
PS: 14dni jsem nebyl u PC proto pisi az ted.

Logfile of random's system information tool 1.06 (written by random/random)
Run by lama at 2010-03-20 00:04:46
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 410 MB (6%) free of 7 GB
Total RAM: 255 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:05:28, on 20.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\lama\Plocha\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\trend micro\lama.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3579 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2008-03-24 921600]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016]
"VirtualCloneDrive"=D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

D:\Documents and Settings\lama\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\Vuze\Azureus.exe"="D:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 00:04:51 ----D---- D:\Program Files\trend micro
2010-03-20 00:04:46 ----D---- D:\rsit
2010-03-07 15:45:43 ----D---- D:\WINDOWS\temp
2010-03-07 15:45:41 ----A---- D:\ComboFix.txt
2010-03-07 15:35:38 ----D---- D:\WINDOWS\CSC
2010-03-07 15:35:31 ----A---- D:\WINDOWS\ntbtlog.txt
2010-03-07 14:57:11 ----A---- D:\WINDOWS\MBR.exe
2010-03-07 14:57:09 ----A---- D:\WINDOWS\NIRCMD.exe
2010-03-07 14:57:00 ----A---- D:\WINDOWS\PEV.exe
2010-03-07 14:56:58 ----A---- D:\WINDOWS\SWREG.exe
2010-03-07 14:56:57 ----A---- D:\WINDOWS\zip.exe
2010-03-07 14:56:56 ----A---- D:\WINDOWS\grep.exe
2010-03-07 14:56:55 ----A---- D:\WINDOWS\sed.exe
2010-03-07 14:56:53 ----A---- D:\WINDOWS\SWSC.exe
2010-03-07 14:56:52 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-03-07 14:45:55 ----D---- D:\WINDOWS\ERDNT
2010-03-07 14:41:43 ----D---- D:\Qoobox
2010-03-07 03:02:09 ----A---- D:\WINDOWS\system32\fjhdyfhsn.bat

======List of files/folders modified in the last 1 months======

2010-03-20 00:04:54 ----D---- D:\WINDOWS\Prefetch
2010-03-20 00:04:51 ----RD---- D:\Program Files
2010-03-20 00:03:33 ----D---- D:\Program Files\Mozilla Firefox
2010-03-14 18:12:34 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-03-14 18:12:33 ----D---- D:\WINDOWS\system32
2010-03-07 15:45:43 ----D---- D:\WINDOWS
2010-03-07 15:44:05 ----A---- D:\WINDOWS\system.ini
2010-03-07 15:43:08 ----D---- D:\WINDOWS\system32\drivers
2010-03-07 15:42:41 ----D---- D:\WINDOWS\AppPatch
2010-03-07 15:42:38 ----D---- D:\Program Files\Common Files
2010-03-07 15:39:51 ----D---- D:\WINDOWS\system32\CatRoot2
2010-03-07 15:35:43 ----D---- D:\Documents and Settings
2010-03-07 03:03:14 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-03-06 19:21:29 ----A---- D:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 DumaNT;NVIDIA Stereo Helper Service; D:\WINDOWS\system32\DRIVERS\dumant.sys [2002-03-09 393784]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\D:\WINDOWS\system32\drivers\amon.sys []
R2 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-10-13 4022528]
R3 ElbyDelay;ElbyDelay; D:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2008-03-24 507904]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2005-02-24 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[Doil]

ComboFix 10-03-20.04 - lama 21.03.2010 12:16:16.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.100 [GMT 1:00]
Spuštěný z: d:\documents and settings\lama\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-21 do 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-19 23:04 . 2010-03-19 23:05 -------- d-----w- d:\program files\trend micro
2010-03-19 23:04 . 2010-03-19 23:05 -------- d-----w- D:\rsit
2010-03-07 02:02 . 2004-08-03 21:59 34688 ----a-w- d:\windows\system32\drivers\lbrtfdc.sys
2010-03-07 02:02 . 2004-08-03 22:00 8192 ----a-w- d:\windows\system32\drivers\changer.sys
2010-03-07 02:02 . 2004-08-03 22:00 8192 ----a-w- d:\windows\system32\drivers\i2omgmt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-03-07_14.20.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-21 10:44 . 2010-03-21 10:44 16384 d:\windows\temp\Perflib_Perfdata_110.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2008-03-24 921600]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\lama\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winesm32.exe [2004-8-17 30720]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\QIP\\qip.exe"=

.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\lama\Data aplikací\Mozilla\Firefox\Profiles\miqofcyt.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 12:21
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(732)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-03-21 12:23:55
ComboFix-quarantined-files.txt 2010-03-21 11:23
ComboFix2.txt 2010-03-07 14:45
ComboFix3.txt 2010-03-07 14:25

Před spuštěním: 396 738 560
Po spuštění: 377 126 912

- - End Of File - - BE37FF30DEE2DCA5063DFD4E2ABD1A6B

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
D:\Documents and Settings\lama\Nabídka Start\Programy\Po spuštění\winesm32.exe

Folder::
d:\Program Files\Garena

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Garena\\Garena.exe"=-

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Doil]

ComboFix 10-03-20.04 - lama 21.03.2010 12:44:03.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.111 [GMT 1:00]
Spuštěný z: d:\documents and settings\lama\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\lama\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"d:\documents and settings\lama\Nabídka Start\Programy\Po spuštění\winesm32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\lama\Nabídka Start\Programy\Po spuštění\winesm32.exe
d:\program files\Garena
d:\program files\Garena\AESocket.dll
d:\program files\Garena\atl71.dll
d:\program files\Garena\Avatar\boy.swf
d:\program files\Garena\Avatar\boy_s.swf
d:\program files\Garena\Avatar\girl.swf
d:\program files\Garena\Avatar\girl_s.swf
d:\program files\Garena\Avatar\unknown.swf
d:\program files\Garena\Avatar\unknown_s.swf
d:\program files\Garena\clients.dat
d:\program files\Garena\CommonLib.dll
d:\program files\Garena\config\bs.br.xml
d:\program files\Garena\config\bs.cn.xml
d:\program files\Garena\config\bs.en.xml
d:\program files\Garena\config\bs.id.xml
d:\program files\Garena\config\bs.pp.xml
d:\program files\Garena\config\bs.ru.xml
d:\program files\Garena\config\bs.sd.xml
d:\program files\Garena\config\bs.sp.xml
d:\program files\Garena\config\bs.th.xml
d:\program files\Garena\config\bs.tw.xml
d:\program files\Garena\config\bs.vn.xml
d:\program files\Garena\config\loccn.xml
d:\program files\Garena\config\locen.xml
d:\program files\Garena\config\lockr.xml
d:\program files\Garena\config\loctw.xml
d:\program files\Garena\CS15Hook.dll
d:\program files\Garena\deps\vww.gzp
d:\program files\Garena\dlls\CTSys.dll
d:\program files\Garena\dlls\flags.dll
d:\program files\Garena\dlls\FPSHelper.dll
d:\program files\Garena\dlls\GFireMan.dll
d:\program files\Garena\dlls\IPvR.dll
d:\program files\Garena\dlls\PEngine.dll
d:\program files\Garena\dlls\PluginLanguage.dll
d:\program files\Garena\dlls\WC3J.dll
d:\program files\Garena\face\1.bmp
d:\program files\Garena\face\1_m.bmp
d:\program files\Garena\face\10.bmp
d:\program files\Garena\face\10_m.bmp
d:\program files\Garena\face\11.bmp
d:\program files\Garena\face\11_m.bmp
d:\program files\Garena\face\12.bmp
d:\program files\Garena\face\12_m.bmp
d:\program files\Garena\face\13.bmp
d:\program files\Garena\face\13_m.bmp
d:\program files\Garena\face\14.bmp
d:\program files\Garena\face\14_m.bmp
d:\program files\Garena\face\15.bmp
d:\program files\Garena\face\15_m.bmp
d:\program files\Garena\face\16.bmp
d:\program files\Garena\face\16_m.bmp
d:\program files\Garena\face\17.bmp
d:\program files\Garena\face\17_m.bmp
d:\program files\Garena\face\18.bmp
d:\program files\Garena\face\18_m.bmp
d:\program files\Garena\face\19.bmp
d:\program files\Garena\face\19_m.bmp
d:\program files\Garena\face\2.bmp
d:\program files\Garena\face\2_m.bmp
d:\program files\Garena\face\20.bmp
d:\program files\Garena\face\20_m.bmp
d:\program files\Garena\face\21.bmp
d:\program files\Garena\face\21_m.bmp
d:\program files\Garena\face\22.bmp
d:\program files\Garena\face\22_m.bmp
d:\program files\Garena\face\23.bmp
d:\program files\Garena\face\23_m.bmp
d:\program files\Garena\face\24.bmp
d:\program files\Garena\face\24_m.bmp
d:\program files\Garena\face\3.bmp
d:\program files\Garena\face\3_m.bmp
d:\program files\Garena\face\4.bmp
d:\program files\Garena\face\4_m.bmp
d:\program files\Garena\face\5.bmp
d:\program files\Garena\face\5_m.bmp
d:\program files\Garena\face\6.bmp
d:\program files\Garena\face\6_m.bmp
d:\program files\Garena\face\7.bmp
d:\program files\Garena\face\7_m.bmp
d:\program files\Garena\face\8.bmp
d:\program files\Garena\face\8_m.bmp
d:\program files\Garena\face\9.bmp
d:\program files\Garena\face\9_m.bmp
d:\program files\Garena\files\files.ggz
d:\program files\Garena\FPSHook.dll
d:\program files\Garena\Gamecn.dat
d:\program files\Garena\GameConfig.xml
d:\program files\Garena\Gameen.dat
d:\program files\Garena\Gametw.dat
d:\program files\Garena\Garena.exe
d:\program files\Garena\GarenaSkin.dll
d:\program files\Garena\GarenaSkin1.dll
d:\program files\Garena\GarenaTV.xml
d:\program files\Garena\GarenaTV\0.bmp
d:\program files\Garena\GarenaTV\1.bmp
d:\program files\Garena\GarenaTV\2.bmp
d:\program files\Garena\GarenaTV\3.bmp
d:\program files\Garena\GarenaTV\4.bmp
d:\program files\Garena\GarenaTV\5.bmp
d:\program files\Garena\GarenaTV\6.bmp
d:\program files\Garena\GarenaTV\cn.ggz
d:\program files\Garena\GarenaTV\cn_s.ggz
d:\program files\Garena\GarenaTV\en.ggz
d:\program files\Garena\GarenaTV\en_s.ggz
d:\program files\Garena\GarenaTV\id_s.ggz
d:\program files\Garena\GarenaTV\tw.ggz
d:\program files\Garena\GarenaTV\tw_s.ggz
d:\program files\Garena\GarenaTV_UI.dll
d:\program files\Garena\GarenaTVHook.dll
d:\program files\Garena\GGICON.ico
d:\program files\Garena\Gn.ggz
d:\program files\Garena\gs.dat
d:\program files\Garena\hc.xml
d:\program files\Garena\Inject.dll
d:\program files\Garena\L4DSocket.dll
d:\program files\Garena\langs.xml
d:\program files\Garena\Languages\FPSGame.dll.cn
d:\program files\Garena\Languages\FPSGame.dll.en
d:\program files\Garena\Languages\FPSGame.dll.tw
d:\program files\Garena\Languages\Garena.exe.br
d:\program files\Garena\Languages\Garena.exe.cn
d:\program files\Garena\Languages\Garena.exe.en
d:\program files\Garena\Languages\Garena.exe.id
d:\program files\Garena\Languages\Garena.exe.ru
d:\program files\Garena\Languages\Garena.exe.sp
d:\program files\Garena\Languages\Garena.exe.th
d:\program files\Garena\Languages\Garena.exe.tw
d:\program files\Garena\Languages\Garena.exe.vn
d:\program files\Garena\Languages\GarenaTV_UI.dll.cn
d:\program files\Garena\Languages\GarenaTV_UI.dll.en
d:\program files\Garena\Languages\GarenaTV_UI.dll.id
d:\program files\Garena\Languages\GarenaTV_UI.dll.tw
d:\program files\Garena\Languages\languages.glf
d:\program files\Garena\Languages\update.exe.cn
d:\program files\Garena\Languages\update.exe.tw
d:\program files\Garena\Languages\update2.exe.cn
d:\program files\Garena\Languages\update2.exe.tw
d:\program files\Garena\Languages\WC3Ass.dll.cn
d:\program files\Garena\Languages\WC3Ass.dll.en
d:\program files\Garena\Languages\WC3Ass.dll.tw
d:\program files\Garena\Languages\WC3Ass.dll.vn
d:\program files\Garena\Languages\WC3Ladder.dll.cn
d:\program files\Garena\Languages\WC3Ladder.dll.en
d:\program files\Garena\Languages\WC3Ladder.dll.tw
d:\program files\Garena\layout\BlackShotView.layout
d:\program files\Garena\layout\layout.ggz
d:\program files\Garena\lib\common\Language.dll
d:\program files\Garena\lib\GarenaRoomSystem.dll
d:\program files\Garena\lib\GarenaWebService.dll
d:\program files\Garena\lib\HttpLayer.dll
d:\program files\Garena\lib\Language.dll
d:\program files\Garena\lib\Layout.dll
d:\program files\Garena\lib\LibPlugin.ggz
d:\program files\Garena\lib\LoadSwf.dll
d:\program files\Garena\lib\MessagePumpLib.dll
d:\program files\Garena\lib\NetworkLayer.dll
d:\program files\Garena\lib\PKCS.dll
d:\program files\Garena\lib\WebCache.dll
d:\program files\Garena\mdata.ggz
d:\program files\Garena\PluginKernel.dll
d:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
d:\program files\Garena\plugins\Game\WC3Ass.dll
d:\program files\Garena\plugins\Game\WC3Ladder.dll
d:\program files\Garena\plugins\Game\WC3VC.dll
d:\program files\Garena\plugins\Plugins.ggz
d:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
d:\program files\Garena\plugins\UI\BlackShotPlugin.dll
d:\program files\Garena\plugins\UI\CafeLogin.dll
d:\program files\Garena\plugins\UI\FavListUIPlugin.dll
d:\program files\Garena\plugins\UI\FPSGame.dll
d:\program files\Garena\plugins\UI\GarenaTV.dll
d:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
d:\program files\Garena\plugins\UI\GEngine.dll
d:\program files\Garena\plugins\UI\Chenyx.dll
d:\program files\Garena\plugins\UI\ManagePlugin.dll
d:\program files\Garena\plugins\UI\StatPlugin.dll
d:\program files\Garena\plugins\UI\ViwawaPlugin.dll
d:\program files\Garena\plugins\UI\zDep.dll
d:\program files\Garena\plugins\UI\zzzPlugin.dll
d:\program files\Garena\RecConfig.xml
d:\program files\Garena\roomCN.dat
d:\program files\Garena\roomEN.dat
d:\program files\Garena\roomTW.dat
d:\program files\Garena\server.xml
d:\program files\Garena\shop\items\1.gif
d:\program files\Garena\shop\items\100.gif
d:\program files\Garena\shop\items\105.gif
d:\program files\Garena\shop\items\150.gif
d:\program files\Garena\shop\items\2.gif
d:\program files\Garena\shop\items\200.gif
d:\program files\Garena\shop\items\201.gif
d:\program files\Garena\shop\items\202.gif
d:\program files\Garena\shop\items\203.gif
d:\program files\Garena\shop\items\204.gif
d:\program files\Garena\shop\items\205.gif
d:\program files\Garena\shop\items\206.gif
d:\program files\Garena\shop\items\21.gif
d:\program files\Garena\shop\items\22.gif
d:\program files\Garena\shop\items\23.gif
d:\program files\Garena\shop\items\3.gif
d:\program files\Garena\shop\items\300.gif
d:\program files\Garena\shop\items\301.gif
d:\program files\Garena\shop\items\302.gif
d:\program files\Garena\shop\items\303.gif
d:\program files\Garena\shop\items\304.gif
d:\program files\Garena\shop\items\305.gif
d:\program files\Garena\shop\items\306.gif
d:\program files\Garena\shop\items\307.gif
d:\program files\Garena\shop\items\308.gif
d:\program files\Garena\shop\items\309.gif
d:\program files\Garena\shop\items\310.gif
d:\program files\Garena\shop\items\311.gif
d:\program files\Garena\shop\items\312.gif
d:\program files\Garena\shop\items\313.gif
d:\program files\Garena\shop\items\4.gif
d:\program files\Garena\shop\items\40.gif
d:\program files\Garena\shop\items\60.gif
d:\program files\Garena\shop\items\61.gif
d:\program files\Garena\shop\items\62.gif
d:\program files\Garena\shop\items\63.gif
d:\program files\Garena\shop\items\64.gif
d:\program files\Garena\shop\items\65.gif
d:\program files\Garena\shop\items\66.gif
d:\program files\Garena\Skin\Flags\-.gif
d:\program files\Garena\Skin\Flags\ad.gif
d:\program files\Garena\Skin\Flags\ae.gif
d:\program files\Garena\Skin\Flags\af.gif
d:\program files\Garena\Skin\Flags\ag.gif
d:\program files\Garena\Skin\Flags\ai.gif
d:\program files\Garena\Skin\Flags\al.gif
d:\program files\Garena\Skin\Flags\am.gif
d:\program files\Garena\Skin\Flags\an.gif
d:\program files\Garena\Skin\Flags\ao.gif
d:\program files\Garena\Skin\Flags\aq.gif
d:\program files\Garena\Skin\Flags\ar.gif
d:\program files\Garena\Skin\Flags\as.gif
d:\program files\Garena\Skin\Flags\at.gif
d:\program files\Garena\Skin\Flags\au.gif
d:\program files\Garena\Skin\Flags\aw.gif
d:\program files\Garena\Skin\Flags\az.gif
d:\program files\Garena\Skin\Flags\ba.gif
d:\program files\Garena\Skin\Flags\bb.gif
d:\program files\Garena\Skin\Flags\bd.gif
d:\program files\Garena\Skin\Flags\be.gif
d:\program files\Garena\Skin\Flags\bf.gif
d:\program files\Garena\Skin\Flags\bg.gif
d:\program files\Garena\Skin\Flags\bh.gif
d:\program files\Garena\Skin\Flags\bi.gif
d:\program files\Garena\Skin\Flags\bj.gif
d:\program files\Garena\Skin\Flags\bm.gif
d:\program files\Garena\Skin\Flags\bn.gif
d:\program files\Garena\Skin\Flags\bo.gif
d:\program files\Garena\Skin\Flags\br.gif
d:\program files\Garena\Skin\Flags\bs.gif
d:\program files\Garena\Skin\Flags\bt.gif
d:\program files\Garena\Skin\Flags\bv.gif
d:\program files\Garena\Skin\Flags\bw.gif
d:\program files\Garena\Skin\Flags\by.gif
d:\program files\Garena\Skin\Flags\bz.gif
d:\program files\Garena\Skin\Flags\ca.gif
d:\program files\Garena\Skin\Flags\cd.gif
d:\program files\Garena\Skin\Flags\cf.gif
d:\program files\Garena\Skin\Flags\cg.gif
d:\program files\Garena\Skin\Flags\ci.gif
d:\program files\Garena\Skin\Flags\ck.gif
d:\program files\Garena\Skin\Flags\cl.gif
d:\program files\Garena\Skin\Flags\cm.gif
d:\program files\Garena\Skin\Flags\cn.gif
d:\program files\Garena\Skin\Flags\co.gif
d:\program files\Garena\Skin\Flags\cr.gif
d:\program files\Garena\Skin\Flags\cu.gif
d:\program files\Garena\Skin\Flags\cv.gif
d:\program files\Garena\Skin\Flags\cy.gif
d:\program files\Garena\Skin\Flags\cz.gif
d:\program files\Garena\Skin\Flags\de.gif
d:\program files\Garena\Skin\Flags\dj.gif
d:\program files\Garena\Skin\Flags\dk.gif
d:\program files\Garena\Skin\Flags\dm.gif
d:\program files\Garena\Skin\Flags\do.gif
d:\program files\Garena\Skin\Flags\dz.gif
d:\program files\Garena\Skin\Flags\ec.gif
d:\program files\Garena\Skin\Flags\ee.gif
d:\program files\Garena\Skin\Flags\eg.gif
d:\program files\Garena\Skin\Flags\er.gif
d:\program files\Garena\Skin\Flags\es.gif
d:\program files\Garena\Skin\Flags\et.gif
d:\program files\Garena\Skin\Flags\eu.gif
d:\program files\Garena\Skin\Flags\fi.gif
d:\program files\Garena\Skin\Flags\fj.gif
d:\program files\Garena\Skin\Flags\fk.gif
d:\program files\Garena\Skin\Flags\fm.gif
d:\program files\Garena\Skin\Flags\fo.gif
d:\program files\Garena\Skin\Flags\fr.gif
d:\program files\Garena\Skin\Flags\fx.gif
d:\program files\Garena\Skin\Flags\ga.gif
d:\program files\Garena\Skin\Flags\gb.gif
d:\program files\Garena\Skin\Flags\gd.gif
d:\program files\Garena\Skin\Flags\ge.gif
d:\program files\Garena\Skin\Flags\gh.gif
d:\program files\Garena\Skin\Flags\gi.gif
d:\program files\Garena\Skin\Flags\gl.gif
d:\program files\Garena\Skin\Flags\gm.gif
d:\program files\Garena\Skin\Flags\gn.gif
d:\program files\Garena\Skin\Flags\gp.gif
d:\program files\Garena\Skin\Flags\gq.gif
d:\program files\Garena\Skin\Flags\gr.gif
d:\program files\Garena\Skin\Flags\gt.gif
d:\program files\Garena\Skin\Flags\gu.gif
d:\program files\Garena\Skin\Flags\gw.gif
d:\program files\Garena\Skin\Flags\gy.gif
d:\program files\Garena\Skin\Flags\hk.gif
d:\program files\Garena\Skin\Flags\hm.gif
d:\program files\Garena\Skin\Flags\hn.gif
d:\program files\Garena\Skin\Flags\hr.gif
d:\program files\Garena\Skin\Flags\ht.gif
d:\program files\Garena\Skin\Flags\hu.gif
d:\program files\Garena\Skin\Flags\ch.gif
d:\program files\Garena\Skin\Flags\id.gif
d:\program files\Garena\Skin\Flags\ie.gif
d:\program files\Garena\Skin\Flags\il.gif
d:\program files\Garena\Skin\Flags\im.gif
d:\program files\Garena\Skin\Flags\in.gif
d:\program files\Garena\Skin\Flags\io.gif
d:\program files\Garena\Skin\Flags\iq.gif
d:\program files\Garena\Skin\Flags\ir.gif
d:\program files\Garena\Skin\Flags\is.gif
d:\program files\Garena\Skin\Flags\it.gif
d:\program files\Garena\Skin\Flags\je.gif
d:\program files\Garena\Skin\Flags\jm.gif
d:\program files\Garena\Skin\Flags\jo.gif
d:\program files\Garena\Skin\Flags\jp.gif
d:\program files\Garena\Skin\Flags\ke.gif
d:\program files\Garena\Skin\Flags\kg.gif
d:\program files\Garena\Skin\Flags\kh.gif
d:\program files\Garena\Skin\Flags\ki.gif
d:\program files\Garena\Skin\Flags\km.gif
d:\program files\Garena\Skin\Flags\kn.gif
d:\program files\Garena\Skin\Flags\kp.gif
d:\program files\Garena\Skin\Flags\kr.gif
d:\program files\Garena\Skin\Flags\kw.gif
d:\program files\Garena\Skin\Flags\ky.gif
d:\program files\Garena\Skin\Flags\kz.gif
d:\program files\Garena\Skin\Flags\la.gif
d:\program files\Garena\Skin\Flags\lb.gif
d:\program files\Garena\Skin\Flags\lc.gif
d:\program files\Garena\Skin\Flags\li.gif
d:\program files\Garena\Skin\Flags\lk.gif
d:\program files\Garena\Skin\Flags\lr.gif
d:\program files\Garena\Skin\Flags\ls.gif
d:\program files\Garena\Skin\Flags\lt.gif
d:\program files\Garena\Skin\Flags\lu.gif
d:\program files\Garena\Skin\Flags\lv.gif
d:\program files\Garena\Skin\Flags\ly.gif
d:\program files\Garena\Skin\Flags\ma.gif
d:\program files\Garena\Skin\Flags\mc.gif
d:\program files\Garena\Skin\Flags\md.gif
d:\program files\Garena\Skin\Flags\me.gif
d:\program files\Garena\Skin\Flags\mg.gif
d:\program files\Garena\Skin\Flags\mh.gif
d:\program files\Garena\Skin\Flags\mk.gif
d:\program files\Garena\Skin\Flags\ml.gif
d:\program files\Garena\Skin\Flags\mm.gif
d:\program files\Garena\Skin\Flags\mn.gif
d:\program files\Garena\Skin\Flags\mo.gif
d:\program files\Garena\Skin\Flags\mp.gif
d:\program files\Garena\Skin\Flags\mq.gif
d:\program files\Garena\Skin\Flags\mr.gif
d:\program files\Garena\Skin\Flags\ms.gif
d:\program files\Garena\Skin\Flags\mt.gif
d:\program files\Garena\Skin\Flags\mu.gif
d:\program files\Garena\Skin\Flags\mv.gif
d:\program files\Garena\Skin\Flags\mw.gif
d:\program files\Garena\Skin\Flags\mx.gif
d:\program files\Garena\Skin\Flags\my.gif
d:\program files\Garena\Skin\Flags\mz.gif
d:\program files\Garena\Skin\Flags\na.gif
d:\program files\Garena\Skin\Flags\nc.gif
d:\program files\Garena\Skin\Flags\ne.gif
d:\program files\Garena\Skin\Flags\nf.gif
d:\program files\Garena\Skin\Flags\ng.gif
d:\program files\Garena\Skin\Flags\ni.gif
d:\program files\Garena\Skin\Flags\nl.gif
d:\program files\Garena\Skin\Flags\no.gif
d:\program files\Garena\Skin\Flags\np.gif
d:\program files\Garena\Skin\Flags\nr.gif
d:\program files\Garena\Skin\Flags\nz.gif
d:\program files\Garena\Skin\Flags\om.gif
d:\program files\Garena\Skin\Flags\pa.gif
d:\program files\Garena\Skin\Flags\pe.gif
d:\program files\Garena\Skin\Flags\pf.gif
d:\program files\Garena\Skin\Flags\pg.gif
d:\program files\Garena\Skin\Flags\ph.gif
d:\program files\Garena\Skin\Flags\pk.gif
d:\program files\Garena\Skin\Flags\pl.gif
d:\program files\Garena\Skin\Flags\pm.gif
d:\program files\Garena\Skin\Flags\pr.gif
d:\program files\Garena\Skin\Flags\ps.gif
d:\program files\Garena\Skin\Flags\pt.gif
d:\program files\Garena\Skin\Flags\pw.gif
d:\program files\Garena\Skin\Flags\py.gif
d:\program files\Garena\Skin\Flags\qa.gif
d:\program files\Garena\Skin\Flags\re.gif
d:\program files\Garena\Skin\Flags\ro.gif
d:\program files\Garena\Skin\Flags\rs.gif
d:\program files\Garena\Skin\Flags\ru.gif
d:\program files\Garena\Skin\Flags\rw.gif
d:\program files\Garena\Skin\Flags\sa.gif
d:\program files\Garena\Skin\Flags\sb.gif
d:\program files\Garena\Skin\Flags\sc.gif
d:\program files\Garena\Skin\Flags\sd.gif
d:\program files\Garena\Skin\Flags\se.gif
d:\program files\Garena\Skin\Flags\sg.gif
d:\program files\Garena\Skin\Flags\si.gif
d:\program files\Garena\Skin\Flags\sk.gif
d:\program files\Garena\Skin\Flags\sl.gif
d:\program files\Garena\Skin\Flags\sm.gif
d:\program files\Garena\Skin\Flags\sn.gif
d:\program files\Garena\Skin\Flags\so.gif
d:\program files\Garena\Skin\Flags\sr.gif
d:\program files\Garena\Skin\Flags\st.gif
d:\program files\Garena\Skin\Flags\sv.gif
d:\program files\Garena\Skin\Flags\sy.gif
d:\program files\Garena\Skin\Flags\sz.gif
d:\program files\Garena\Skin\Flags\tc.gif
d:\program files\Garena\Skin\Flags\td.gif
d:\program files\Garena\Skin\Flags\tf.gif
d:\program files\Garena\Skin\Flags\tg.gif
d:\program files\Garena\Skin\Flags\th.gif
d:\program files\Garena\Skin\Flags\tj.gif
d:\program files\Garena\Skin\Flags\tm.gif
d:\program files\Garena\Skin\Flags\tn.gif
d:\program files\Garena\Skin\Flags\to.gif
d:\program files\Garena\Skin\Flags\tp.gif
d:\program files\Garena\Skin\Flags\tr.gif
d:\program files\Garena\Skin\Flags\tt.gif
d:\program files\Garena\Skin\Flags\tv.gif
d:\program files\Garena\Skin\Flags\tw.gif
d:\program files\Garena\Skin\Flags\tz.gif
d:\program files\Garena\Skin\Flags\ua.gif
d:\program files\Garena\Skin\Flags\ug.gif
d:\program files\Garena\Skin\Flags\uk.gif
d:\program files\Garena\Skin\Flags\um.gif
d:\program files\Garena\Skin\Flags\us.gif
d:\program files\Garena\Skin\Flags\uy.gif
d:\program files\Garena\Skin\Flags\uz.gif
d:\program files\Garena\Skin\Flags\va.gif
d:\program files\Garena\Skin\Flags\vc.gif
d:\program files\Garena\Skin\Flags\ve.gif
d:\program files\Garena\Skin\Flags\vg.gif
d:\program files\Garena\Skin\Flags\vi.gif
d:\program files\Garena\Skin\Flags\vn.gif
d:\program files\Garena\Skin\Flags\vu.gif
d:\program files\Garena\Skin\Flags\ws.gif
d:\program files\Garena\Skin\Flags\ye.gif
d:\program files\Garena\Skin\Flags\yu.gif
d:\program files\Garena\Skin\Flags\za.gif
d:\program files\Garena\Skin\Flags\zm.gif
d:\program files\Garena\Skin\Flags\zr.gif
d:\program files\Garena\Skin\Flags\zw.gif
d:\program files\Garena\Skin\Skin.ggz
d:\program files\Garena\Skins.xml
d:\program files\Garena\SocketHook.dll
d:\program files\Garena\sound\folder.wav
d:\program files\Garena\sound\game.wav
d:\program files\Garena\sound\msg.wav
d:\program files\Garena\sound\nudge.wav
d:\program files\Garena\sound\quit.wav
d:\program files\Garena\sound\ring.wav
d:\program files\Garena\sound\sysmsg.wav
d:\program files\Garena\sounds.xml
d:\program files\Garena\source.xml
d:\program files\Garena\sqlite3.dll
d:\program files\Garena\update.exe
d:\program files\Garena\update.xml
d:\program files\Garena\user.xml
d:\program files\Garena\user\2740249\ban.dat
d:\program files\Garena\user\2740249\data.dat
d:\program files\Garena\user\2740249\fps.dat
d:\program files\Garena\user\2740249\recent.txt
d:\program files\Garena\user\2740249\system.xml
d:\program files\Garena\viwawa.cn.xml
d:\program files\Garena\viwawa.en.xml
d:\program files\Garena\viwawa.tw.xml
d:\program files\Garena\War3Hook.dll
d:\program files\Garena\web\1.cn.html
d:\program files\Garena\web\1.en.html
d:\program files\Garena\web\1.tw.html
d:\program files\Garena\web\2.cn.html
d:\program files\Garena\web\2.en.html
d:\program files\Garena\web\2.tw.html
d:\program files\Garena\web\3.cn.html
d:\program files\Garena\web\3.en.html
d:\program files\Garena\web\3.tw.html
d:\program files\Garena\web\6.cn.html
d:\program files\Garena\web\6.en.html
d:\program files\Garena\web\6.tw.html
d:\program files\Garena\web\embed_game.jpg
d:\program files\Garena\web\embed_game_cn.jpg
d:\program files\Garena\web\embed_game_tw.jpg
d:\program files\Garena\web\embed_garenafire_ZH.jpg
d:\program files\Garena\web\embed_gfire.jpg
d:\program files\Garena\web\gfire.cn.html
d:\program files\Garena\web\gfire.en.html
d:\program files\Garena\web\gfire.tw.html
d:\program files\Garena\web\ggbackground.jpg
d:\program files\Garena\YYFileSystem.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-21 do 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-19 23:04 . 2010-03-19 23:05 -------- d-----w- d:\program files\trend micro
2010-03-19 23:04 . 2010-03-19 23:05 -------- d-----w- D:\rsit
2010-03-07 02:02 . 2004-08-03 21:59 34688 ----a-w- d:\windows\system32\drivers\lbrtfdc.sys
2010-03-07 02:02 . 2004-08-03 22:00 8192 ----a-w- d:\windows\system32\drivers\changer.sys
2010-03-07 02:02 . 2004-08-03 22:00 8192 ----a-w- d:\windows\system32\drivers\i2omgmt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-03-07_14.20.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-21 11:53 . 2010-03-21 11:53 16384 d:\windows\temp\Perflib_Perfdata_200.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2008-03-24 921600]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"nwiz"="nwiz.exe" [2005-02-24 1495040]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\QIP\\qip.exe"=

.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\lama\Data aplikací\Mozilla\Firefox\Profiles\miqofcyt.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 12:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(736)
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2712)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\SOUNDMAN.EXE
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-21 12:56:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-21 11:56
ComboFix2.txt 2010-03-21 11:23
ComboFix3.txt 2010-03-07 14:45
ComboFix4.txt 2010-03-07 14:25

Před spuštěním: 345 427 968
Po spuštění: 307 445 760

- - End Of File - - A56BD8211474F5A70DD5E829EE2262A4

[Caroprd111]

Jak to vypadá s PC

[Doil]

Vypada to OK,

tady jeste pro zajimavost RSit Log.

Jinak moc moc diky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by lama at 2010-03-21 14:50:23
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 302 MB (4%) free of 7 GB
Total RAM: 255 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:40, on 21.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\lama\Plocha\RSIT.exe
D:\Program Files\trend micro\lama.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3288 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2008-03-24 921600]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016]
"VirtualCloneDrive"=D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\Vuze\Azureus.exe"="D:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-21 12:56:56 ----A---- D:\ComboFix.txt
2010-03-20 00:04:51 ----D---- D:\Program Files\trend micro
2010-03-20 00:04:46 ----D---- D:\rsit
2010-03-07 15:45:43 ----D---- D:\WINDOWS\temp
2010-03-07 15:35:38 ----D---- D:\WINDOWS\CSC
2010-03-07 15:35:31 ----A---- D:\WINDOWS\ntbtlog.txt
2010-03-07 14:57:11 ----A---- D:\WINDOWS\MBR.exe
2010-03-07 14:57:09 ----A---- D:\WINDOWS\NIRCMD.exe
2010-03-07 14:57:00 ----A---- D:\WINDOWS\PEV.exe
2010-03-07 14:56:58 ----A---- D:\WINDOWS\SWREG.exe
2010-03-07 14:56:57 ----A---- D:\WINDOWS\zip.exe
2010-03-07 14:56:56 ----A---- D:\WINDOWS\grep.exe
2010-03-07 14:56:55 ----A---- D:\WINDOWS\sed.exe
2010-03-07 14:56:53 ----A---- D:\WINDOWS\SWSC.exe
2010-03-07 14:56:52 ----A---- D:\WINDOWS\SWXCACLS.exe
2010-03-07 14:45:55 ----D---- D:\WINDOWS\ERDNT
2010-03-07 14:41:43 ----D---- D:\Qoobox

======List of files/folders modified in the last 1 months======

2010-03-21 14:50:28 ----D---- D:\Program Files\Mozilla Firefox
2010-03-21 14:27:51 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-03-21 14:26:56 ----D---- D:\WINDOWS\Prefetch
2010-03-21 12:57:01 ----D---- D:\WINDOWS\system32\drivers
2010-03-21 12:55:19 ----D---- D:\WINDOWS\system32\CatRoot2
2010-03-21 12:53:35 ----D---- D:\WINDOWS
2010-03-21 12:53:35 ----A---- D:\WINDOWS\system.ini
2010-03-21 12:50:58 ----RD---- D:\Program Files
2010-03-21 12:47:25 ----D---- D:\WINDOWS\system32
2010-03-21 12:47:25 ----D---- D:\WINDOWS\AppPatch
2010-03-21 12:47:21 ----D---- D:\Program Files\Common Files
2010-03-07 15:35:43 ----D---- D:\Documents and Settings
2010-03-07 03:03:14 ----RSHDC---- D:\WINDOWS\system32\dllcache
2010-03-06 19:21:29 ----A---- D:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 DumaNT;NVIDIA Stereo Helper Service; D:\WINDOWS\system32\DRIVERS\dumant.sys [2002-03-09 393784]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\D:\WINDOWS\system32\drivers\amon.sys []
R2 ElbyCDIO;ElbyCDIO Driver; D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-10-13 4022528]
R3 ElbyDelay;ElbyDelay; D:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2008-03-24 507904]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2005-02-24 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\wmpnetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Caroprd111]

Doporučuji odinstalovat:
D:\Program Files\Vuze\Azureus.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.



Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100


V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523