Prosim o kontrolu logu Vyřešeno

[Massacre]

Je mi lito ale ten KernelFaultCheck se tam porad vraci...
Zitra teda zajdu pro tu soucastku pro procesor, namontuju a vyzkousim, co se bude dit.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:59, on 29.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hijackthis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6057 bytes

[Reklama]

[jaro3]

Určitě zajdi pro chladič, je divné , že nejde fixnout:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Máš vypnuté všechny aplikace -programy a okna ( i všechny prohlížeče) při fixu?

[Massacre]

Mam vyply vsechno zkousel sem to i pres Spustit -> MSConfig a i pres CCleaner. Ani to nepomaha, stejne se vrati.

[Massacre]

A tak napošesté se přecejenom nechal, omlouvám se asi sem přehlídl nejakej spustenej program. Ze same radosti sem si usekl kuzi z prstu vetrakem od procesoru (nebojte pc sem restartoval po fixu)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:32, on 29.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6063 bytes

[jaro3]

Zítra zkusíme ještě Combofix.

[Massacre]

Oukej, az budu mít pc i s chladicem v poradku dam vedet. Zatim diky moc za vse a predbezne dobrou noc.

[Massacre]

Nasintalovalo mi to tu konzoli pro znovu obnoveni, doufam ze to nedela nakej bordel v pc, jinak bych to rad smazal. Taky mi to sem dalo IE.
tady je log:

ComboFix 09-06-29.04 - Marek 30.06.2009 9:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1632 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: F-Secure Profi Antivirus 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 18:52 . 2009-06-29 18:52 -------- d-----w- C:\_OTM
2009-06-29 18:50 . 2009-06-10 05:42 389632 ----a-w- C:\OTM.exe
2009-06-29 12:36 . 2009-06-29 12:40 -------- d-----w- c:\program files\HD Tune Pro
2009-06-29 11:55 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-29 11:52 . 2009-06-29 11:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\documents and settings\Marek\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 11:46 . 2009-06-29 11:46 -------- d-----w- c:\program files\DIFX
2009-06-29 11:46 . 2009-06-29 11:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 11:46 . 2006-05-10 10:22 43008 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-06-29 11:36 . 2009-06-29 11:36 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-29 11:35 . 2006-06-01 13:39 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2009-06-29 11:35 . 2006-04-14 06:00 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-29 11:35 . 2006-04-14 06:01 35840 ----a-r- c:\windows\system32\NVCOI.DLL
2009-06-29 11:34 . 2006-05-16 11:23 205312 ----a-r- c:\windows\system32\fdco1.dll
2009-06-29 11:34 . 2006-05-16 11:25 52736 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-29 11:34 . 2006-06-01 13:36 208896 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-29 11:34 . 2006-05-16 11:24 109568 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2009-06-29 11:34 . 2009-06-29 11:34 -------- d-----w- c:\windows\NV38003808.TMP
2009-06-29 11:34 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-29 11:34 . 2006-05-16 11:24 261120 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-06-29 11:34 . 2006-05-16 11:22 10240 ----a-r- c:\windows\system32\bdco1.dll
2009-06-29 11:34 . 2006-05-16 11:24 1075328 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-29 11:34 . 2006-05-16 11:25 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-29 11:34 . 2006-05-12 07:26 208896 ----a-r- c:\windows\system32\nvusmb.exe
2009-06-29 11:34 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-29 08:39 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 08:39 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 08:39 . 2009-06-29 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 23:40 . 2009-06-29 16:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-28 23:40 . 2009-06-28 23:40 -------- d-----w- c:\windows\system32\AGEIA
2009-06-28 19:09 . 2009-06-28 19:09 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-28 19:09 . 2009-06-28 19:09 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-28 18:59 . 2009-06-28 19:09 -------- d-----w- c:\program files\Zaklínač
2009-06-27 17:18 . 2009-06-27 17:18 -------- d-----w- c:\program files\Uniblue
2009-06-25 06:34 . 2008-04-14 03:22 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 ----a-w- c:\windows\system32\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-25 06:34 . 2008-04-14 03:22 152064 ----a-w- c:\windows\system32\irftp.exe
2009-06-14 10:27 . 2009-06-14 10:27 -------- d-----w- c:\program files\TrekStor
2009-06-13 19:53 . 2009-06-13 19:55 -------- d-----w- c:\program files\The KMPlayer
2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-09 18:36 . 2009-06-09 18:36 -------- d-----w- c:\windows\Sun
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Ventrilo
2009-06-04 18:27 . 2009-06-04 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 18:26 . 2009-06-04 18:26 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 07:17 . 2009-04-13 07:39 -------- d-----w- c:\program files\F-Secure
2009-06-29 16:04 . 2009-04-12 20:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 18:59 . 2009-04-12 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 14:44 . 2009-05-20 18:20 -------- d-----w- c:\program files\Animation GIF Wizard
2009-06-25 06:38 . 2006-03-02 12:00 93704 ----a-w- c:\windows\system32\perfc005.dat
2009-06-25 06:38 . 2006-03-02 12:00 471764 ----a-w- c:\windows\system32\perfh005.dat
2009-06-10 16:33 . 2009-03-27 08:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 16:33 . 2009-03-27 08:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-31 12:19 . 2009-05-01 16:33 -------- d-----w- c:\program files\Free Easy Burner
2009-05-29 15:34 . 2009-05-29 15:34 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-05-23 18:30 . 2009-04-13 08:44 -------- d-----w- c:\program files\Game Cam V2
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 16:33 . 2009-05-01 16:33 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-01 16:33 . 2009-05-01 16:33 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 16:33 . 2009-05-01 16:33 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-01 16:33 . 2009-05-01 16:33 158192 ------w- c:\windows\system32\pxwma.dll
2009-04-30 17:39 . 2009-04-30 17:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-29 04:35 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:35 . 2006-03-02 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 08:07 . 2009-04-12 19:42 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 08:07 . 2009-04-12 19:42 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-18 07:28 . 2006-09-28 18:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 09:03 . 2009-04-12 19:42 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-13 12:21 . 2009-04-13 12:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-13 10:42 . 2009-04-13 10:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-13 10:14 . 2009-04-13 09:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-13 08:12 . 2009-04-13 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-13 08:08 . 2009-04-13 07:40 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-04-12 20:32 . 2009-04-12 20:32 0 ----a-w- c:\windows\nsreg.dat
2009-04-12 19:57 . 2009-04-12 19:40 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2006-10-26 09:44 . 2006-10-26 09:44 2838528 ----a-w- c:\program files\fraps.exe
2006-10-26 09:43 . 2006-10-26 09:43 110592 ----a-w- c:\program files\fraps.dll
2006-10-26 09:43 . 2006-10-26 09:43 122880 ----a-w- c:\program files\frapslcd.dll
2006-10-26 08:36 . 2006-10-26 08:36 11066 ----a-w- c:\program files\changes.txt
2006-10-26 02:44 . 2006-10-26 02:44 1859 ----a-w- c:\program files\README.HTM
2006-10-21 00:56 . 2006-10-21 00:56 56320 ----a-w- c:\program files\fraps64.dll
2006-10-21 00:56 . 2006-10-21 00:56 293376 ----a-w- c:\program files\fraps64.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [13.4.2009 9:40 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [13.4.2009 9:40 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [13.4.2009 9:40 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [13.4.2009 9:39 86648]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [13.4.2009 9:40 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [13.4.2009 9:39 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [13.4.2009 9:39 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\yr5v21ut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 09:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-838170752-682003330-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,97,63,9b,6a,df,8d,d3,6d,b9,60,d3,1e,95,c2,2f,d5,77,a0,25,41,da,e8,
76,23,b6,34,b7,72,cb,08,b8,15,96,66,f0,36,3f,8a,9d,bf,13,75,e1,c6,d5,ab,3a,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\nvappfilter.dll
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
.
Celkový čas: 2009-06-30 9:37
ComboFix-quarantined-files.txt 2009-06-30 07:37

Před spuštěním: Volných bajtů: 10 769 330 176
Po spuštění: Volných bajtů: 10 750 300 160

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

199 --- E O F --- 2009-06-14 17:28

[jaro3]

konzole pro obnovení nedělá bordel…

Jinak doporučuji odinstalovat FW: ActiveArmor Firewall
Hardwarový firewall
Co jsem četl dělá problémy ,
nesnáší vysoké zatížení, např. bit torrent -> časté tuhnutí a BSOD, obsahuje HW chybu(?), která způsobuje poškození stahovaných dat, údajně "opraveno" (ta oprava tu chybu jen obchází, proto ty uvozovky) v novějších ovladačích ,na některých základních deskách zpomaluje přenosy na SATA portech.
a máš tam FW Secure

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\d3d8caps.dat
c:\windows\nsreg.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Massacre]

Nemam vubec Paru kde se tam ten firewall vzal ani jak ho smazat.
To s tim Combofixem sem udelal, restartovalo se pc vybehl combofix a dokoncoval log, behem dokoncovani vypsal windows chybu odesilat neodesilat nejakyho programu nestihl sem precist ceho presne ale bylo to neco typu n***.nsexe nebo tak neco fakt si ted nejsem jistej nestihl sem to, protoze se hned po tom hodila modra. Tak sem to znova pustil a nasel log v slozce od CF ale zrejme nebude celej, kdyztak to muzu udelat znova tady je :
Jo a u toho HJT uz tam ten KernelFaultCheck je zase, tak fakt nevim uz jak to smazat.

ComboFix 09-06-29.04 - Marek 30.06.2009 12:45:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1630 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Marek\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Marek\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: F-Secure Profi Antivirus 8.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"c:\windows\nsreg.dat"
"c:\windows\system32\d3d8caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\nsreg.dat
c:\windows\system32\d3d8caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 18:52:24 . 2009-06-29 18:52:24 0 d-----w- C:\_OTM
2009-06-29 18:50:50 . 2009-06-10 05:42:14 389632 ----a-w- C:\OTM.exe
2009-06-29 12:36:56 . 2009-06-29 12:40:24 0 d-----w- C:\Program Files\HD Tune Pro
2009-06-29 11:55:16 . 2009-06-10 16:33:00 457248 ----a-w- C:\WINDOWS\system32\nvudisp.exe
2009-06-29 11:51:56 . 2009-06-29 11:52:42 0 d-----w- C:\Program Files\SystemRequirementsLab
2009-06-29 11:51:55 . 2009-06-29 11:52:41 0 d-----w- C:\Documents and Settings\Marek\SystemRequirementsLab
2009-06-29 11:51:33 . 2009-06-29 11:53:30 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-06-29 11:46:46 . 2009-06-29 11:46:46 0 d-----w- C:\Program Files\DIFX
2009-06-29 11:46:44 . 2009-06-29 11:46:44 0 dc----w- C:\WINDOWS\system32\DRVSTORE
2009-06-29 11:46:44 . 2006-05-10 10:22:00 43008 ----a-w- C:\WINDOWS\system32\drivers\AmdK8.sys
2009-06-29 11:36:21 . 2009-06-29 11:36:21 0 d-----w- C:\Program Files\NVIDIA Corporation
2009-06-29 11:35:17 . 2006-06-01 13:39:12 442368 ----a-w- C:\WINDOWS\system32\CapabilityTable.exe
2009-06-29 11:35:06 . 2006-04-14 06:00:54 208896 ------w- C:\WINDOWS\system32\nvuide.exe
2009-06-29 11:35:05 . 2006-04-14 06:01:20 35840 ----a-r- C:\WINDOWS\system32\NVCOI.DLL
2009-06-29 11:34:45 . 2006-05-16 11:23:02 205312 ----a-r- C:\WINDOWS\system32\fdco1.dll
2009-06-29 11:34:44 . 2006-05-16 11:25:00 52736 ----a-r- C:\WINDOWS\system32\drivers\NVENETFD.sys
2009-06-29 11:34:42 . 2006-06-01 13:36:28 208896 ----a-w- C:\WINDOWS\system32\nvunrm.exe
2009-06-29 11:34:42 . 2006-05-16 11:24:52 109568 ----a-r- C:\WINDOWS\system32\drivers\nvtcp.sys
2009-06-29 11:34:41 . 2009-06-29 11:34:42 0 d-----w- C:\WINDOWS\NV38003808.TMP
2009-06-29 11:34:41 . 2006-03-14 13:45:22 35840 ----a-r- C:\WINDOWS\system32\nvconrm.dll
2009-06-29 11:34:40 . 2006-05-16 11:24:20 261120 ----a-r- C:\WINDOWS\system32\drivers\nvsnpu.sys
2009-06-29 11:34:40 . 2006-05-16 11:22:46 10240 ----a-r- C:\WINDOWS\system32\bdco1.dll
2009-06-29 11:34:39 . 2006-05-16 11:24:42 1075328 ----a-r- C:\WINDOWS\system32\drivers\nvnrm.sys
2009-06-29 11:34:38 . 2006-05-16 11:25:02 18944 ----a-r- C:\WINDOWS\system32\drivers\nvnetbus.sys
2009-06-29 11:34:37 . 2006-05-12 07:26:52 208896 ----a-r- C:\WINDOWS\system32\nvusmb.exe
2009-06-29 11:34:23 . 2009-06-04 14:39:54 457248 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE
2009-06-29 08:39:24 . 2009-06-17 09:27:56 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-06-29 08:39:23 . 2009-06-17 09:27:44 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-06-29 08:39:22 . 2009-06-29 08:39:29 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-28 23:40:16 . 2009-06-29 16:03:48 0 d-----w- C:\Program Files\AGEIA Technologies
2009-06-28 23:40:16 . 2009-06-28 23:40:16 0 d-----w- C:\WINDOWS\system32\AGEIA
2009-06-28 19:09:30 . 2009-06-28 19:09:30 278984 ----a-w- C:\WINDOWS\system32\drivers\atksgt.sys
2009-06-28 19:09:29 . 2009-06-28 19:09:30 25416 ----a-w- C:\WINDOWS\system32\drivers\lirsgt.sys
2009-06-28 18:59:08 . 2009-06-28 19:09:32 0 d-----w- C:\Program Files\Zaklínač
2009-06-27 17:18:25 . 2009-06-27 17:18:25 0 d-----w- C:\Program Files\Uniblue
2009-06-25 06:34:14 . 2008-04-14 03:22:06 8192 -c--a-w- C:\WINDOWS\system32\dllcache\wshirda.dll
2009-06-25 06:34:14 . 2008-04-14 03:22:06 8192 ----a-w- C:\WINDOWS\system32\wshirda.dll
2009-06-25 06:34:14 . 2008-04-14 03:21:44 27648 -c--a-w- C:\WINDOWS\system32\dllcache\irmon.dll
2009-06-25 06:34:14 . 2008-04-14 03:21:44 27648 ----a-w- C:\WINDOWS\system32\irmon.dll
2009-06-25 06:34:13 . 2008-04-14 03:22:28 152064 -c--a-w- C:\WINDOWS\system32\dllcache\irftp.exe
2009-06-25 06:34:13 . 2008-04-14 03:22:28 152064 ----a-w- C:\WINDOWS\system32\irftp.exe
2009-06-14 10:27:00 . 2009-06-14 10:27:00 0 d-----w- C:\Program Files\TrekStor
2009-06-13 19:53:34 . 2009-06-13 19:55:08 0 d-----w- C:\Program Files\The KMPlayer
2009-06-10 16:33:00 . 2009-06-10 16:33:00 9998336 ----a-w- C:\WINDOWS\system32\nvoglnt.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 815104 ----a-w- C:\WINDOWS\system32\nvapi.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 671744 ----a-w- C:\WINDOWS\system32\nvcuvid.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1720320 ----a-w- C:\WINDOWS\system32\nvcuda.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1580550 ----a-w- C:\WINDOWS\system32\nvdata.bin
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\WINDOWS\system32\nvcodins.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 151552 ----a-w- C:\WINDOWS\system32\nvcod.dll
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1310720 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll
2009-06-10 06:28:58 . 2009-06-10 06:28:58 3510272 ----a-w- C:\WINDOWS\system32\nvgames.dll
2009-06-10 06:28:56 . 2009-06-10 06:28:56 5890048 ----a-w- C:\WINDOWS\system32\nvdispsr.dll
2009-06-10 06:28:52 . 2009-06-10 06:28:52 4022272 ----a-w- C:\WINDOWS\system32\nvdisps.dll
2009-06-10 06:28:50 . 2009-06-10 06:28:50 86016 ----a-w- C:\WINDOWS\system32\nvmctray.dll
2009-06-10 06:28:50 . 2009-06-10 06:28:50 168004 ----a-w- C:\WINDOWS\system32\nvsvc32.exe
2009-06-10 06:28:50 . 2009-06-10 06:28:50 143360 ----a-w- C:\WINDOWS\system32\nvcolor.exe
2009-06-10 06:28:50 . 2009-06-10 06:28:50 13758464 ----a-w- C:\WINDOWS\system32\nvcpl.dll
2009-06-10 06:28:48 . 2009-06-10 06:28:48 229376 ----a-w- C:\WINDOWS\system32\nvmccs.dll
2009-06-09 18:36:50 . 2009-06-09 18:36:50 0 d-----w- C:\WINDOWS\Sun
2009-06-06 11:18:38 . 2009-06-06 11:18:39 0 d-----w- C:\Program Files\Ventrilo
2009-06-04 18:27:11 . 2009-06-04 18:26:56 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-06-04 18:26:50 . 2009-06-04 18:26:50 0 d-----w- C:\Program Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 10:34:45 . 2009-04-13 07:39:52 0 d-----w- C:\Program Files\F-Secure
2009-06-29 16:04:13 . 2009-04-12 20:05:55 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-28 18:59:06 . 2009-04-12 20:23:29 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-27 14:44:48 . 2009-05-20 18:20:28 0 d-----w- C:\Program Files\Animation GIF Wizard
2009-06-25 06:38:37 . 2006-03-02 12:00:00 93704 ----a-w- C:\WINDOWS\system32\perfc005.dat
2009-06-25 06:38:37 . 2006-03-02 12:00:00 471764 ----a-w- C:\WINDOWS\system32\perfh005.dat
2009-06-10 16:33:00 . 2009-03-27 08:03:00 8087712 ----a-w- C:\WINDOWS\system32\drivers\nv4_mini.sys
2009-06-10 16:33:00 . 2009-03-27 08:03:00 5908608 ----a-w- C:\WINDOWS\system32\nv4_disp.dll
2009-05-31 12:19:06 . 2009-05-01 16:33:31 0 d-----w- C:\Program Files\Free Easy Burner
2009-05-29 15:34:00 . 2009-05-29 15:34:00 0 d-----w- C:\Program Files\Common Files\MAGIX Shared
2009-05-23 18:30:43 . 2009-04-13 08:44:02 0 d-----w- C:\Program Files\Game Cam V2
2009-05-07 15:33:45 . 2006-03-02 12:00:00 346624 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-05-01 16:33:13 . 2009-05-01 16:33:14 9200 ------w- C:\WINDOWS\system32\drivers\cdralw2k.sys
2009-05-01 16:33:13 . 2009-05-01 16:33:14 44944 ------w- C:\WINDOWS\system32\drivers\PxHelp20.sys
2009-05-01 16:33:12 . 2009-05-01 16:33:14 9072 ------w- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2009-05-01 16:33:07 . 2009-05-01 16:33:14 158192 ------w- C:\WINDOWS\system32\pxwma.dll
2009-04-30 17:39:24 . 2009-04-30 17:39:40 29480 ----a-w- C:\WINDOWS\system32\msxml3a.dll
2009-04-29 04:35:24 . 2006-03-02 12:00:00 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-04-29 04:35:24 . 2006-03-02 12:00:00 667648 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-04-28 07:55:06 . 2009-04-28 07:55:06 70936 ----a-w- C:\WINDOWS\system32\PhysXLoader.dll
2009-04-19 19:52:07 . 2006-03-02 12:00:00 1847168 ----a-w- C:\WINDOWS\system32\win32k.sys
2009-04-18 08:07:04 . 2009-04-12 19:42:09 76487 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 08:07:04 . 2009-04-12 19:42:08 2684 ----a-w- C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-18 07:28:52 . 2006-09-28 18:53:16 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2009-04-15 14:54:29 . 2006-03-02 12:00:00 585216 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2009-04-15 09:03:22 . 2009-04-12 19:42:14 8972 ----a-w- C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2009-04-13 12:21:28 . 2009-04-13 12:21:28 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
2009-04-13 10:42:55 . 2009-04-13 10:42:54 25280 ----a-w- C:\WINDOWS\system32\drivers\hamachi.sys
2009-04-13 10:14:06 . 2009-04-13 09:51:32 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-13 08:12:21 . 2009-04-13 08:12:21 717296 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2009-04-13 08:08:08 . 2009-04-13 07:40:31 33408 ----a-w- C:\WINDOWS\system32\drivers\fsbts.sys
2009-04-12 19:57:51 . 2009-04-12 19:40:40 21812 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2006-10-26 09:44:18 . 2006-10-26 09:44:18 2838528 ----a-w- C:\Program Files\fraps.exe
2006-10-26 09:43:44 . 2006-10-26 09:43:44 110592 ----a-w- C:\Program Files\fraps.dll
2006-10-26 09:43:38 . 2006-10-26 09:43:38 122880 ----a-w- C:\Program Files\frapslcd.dll
2006-10-26 08:36:10 . 2006-10-26 08:36:10 11066 ----a-w- C:\Program Files\changes.txt
2006-10-26 02:44:52 . 2006-10-26 02:44:52 1859 ----a-w- C:\Program Files\README.HTM
2006-10-21 00:56:54 . 2006-10-21 00:56:54 56320 ----a-w- C:\Program Files\fraps64.dll
2006-10-21 00:56:44 . 2006-10-21 00:56:44 293376 ----a-w- C:\Program Files\fraps64.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_07.37.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 10:50:13 . 2009-06-30 10:50:13 16384 C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:22:17 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2008-12-04 14:02:40 182936]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 13:59:20 957024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-06-10 06:28:50 13758464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-06-10 06:28:50 86016]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2009-06-10 06:29:34 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;C:\WINDOWS\system32\drivers\fsbts.sys [13.4.2009 9:40:31 33408]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [13.4.2009 9:40:25 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [13.4.2009 9:40:07 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [13.4.2009 9:39:54 86648]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [13.4.2009 9:40:08 55904]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys [13.4.2009 9:39:54 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys [13.4.2009 9:39:54 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:37, on 30.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Hijackthis\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6213 bytes

[Massacre]

Tak ten FW se mi podarilo odinstalovat, bylo potreba odinstalovat cast driveru od nvidie, tady jeste jeden Combofix..

ComboFix 09-06-29.04 - Marek 30.06.2009 13:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1546 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\nsreg.dat
c:\windows\system32\d3d8caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 18:52 . 2009-06-29 18:52 -------- d-----w- C:\_OTM
2009-06-29 18:50 . 2009-06-10 05:42 389632 ----a-w- C:\OTM.exe
2009-06-29 12:36 . 2009-06-29 12:40 -------- d-----w- c:\program files\HD Tune Pro
2009-06-29 11:55 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\documents and settings\Marek\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 11:46 . 2009-06-29 11:46 -------- d-----w- c:\program files\DIFX
2009-06-29 11:46 . 2009-06-29 11:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 11:46 . 2006-05-10 10:22 43008 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-06-29 11:35 . 2006-06-01 13:39 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2009-06-29 11:35 . 2006-04-14 06:00 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-29 11:35 . 2006-04-14 06:01 35840 ----a-r- c:\windows\system32\NVCOI.DLL
2009-06-29 11:34 . 2006-05-16 11:23 205312 ----a-r- c:\windows\system32\fdco1.dll
2009-06-29 11:34 . 2006-05-16 11:25 52736 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-29 11:34 . 2006-06-01 13:36 208896 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-29 11:34 . 2006-05-16 11:24 109568 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2009-06-29 11:34 . 2009-06-29 11:34 -------- d-----w- c:\windows\NV38003808.TMP
2009-06-29 11:34 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-29 11:34 . 2006-05-16 11:24 261120 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-06-29 11:34 . 2006-05-16 11:22 10240 ----a-r- c:\windows\system32\bdco1.dll
2009-06-29 11:34 . 2006-05-16 11:24 1075328 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-29 11:34 . 2006-05-16 11:25 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-29 11:34 . 2006-05-12 07:26 208896 ----a-r- c:\windows\system32\nvusmb.exe
2009-06-29 11:34 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-29 08:39 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 08:39 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 08:39 . 2009-06-29 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 23:40 . 2009-06-29 16:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-28 23:40 . 2009-06-28 23:40 -------- d-----w- c:\windows\system32\AGEIA
2009-06-28 19:09 . 2009-06-28 19:09 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-28 19:09 . 2009-06-28 19:09 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-28 18:59 . 2009-06-28 19:09 -------- d-----w- c:\program files\Zaklínač
2009-06-27 17:18 . 2009-06-27 17:18 -------- d-----w- c:\program files\Uniblue
2009-06-25 06:34 . 2008-04-14 03:22 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 ----a-w- c:\windows\system32\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-25 06:34 . 2008-04-14 03:22 152064 ----a-w- c:\windows\system32\irftp.exe
2009-06-14 10:27 . 2009-06-14 10:27 -------- d-----w- c:\program files\TrekStor
2009-06-13 19:53 . 2009-06-13 19:55 -------- d-----w- c:\program files\The KMPlayer
2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-09 18:36 . 2009-06-09 18:36 -------- d-----w- c:\windows\Sun
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Ventrilo
2009-06-04 18:27 . 2009-06-04 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 18:26 . 2009-06-04 18:26 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 10:34 . 2009-04-13 07:39 -------- d-----w- c:\program files\F-Secure
2009-06-29 16:04 . 2009-04-12 20:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 18:59 . 2009-04-12 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 14:44 . 2009-05-20 18:20 -------- d-----w- c:\program files\Animation GIF Wizard
2009-06-25 06:38 . 2006-03-02 12:00 93704 ----a-w- c:\windows\system32\perfc005.dat
2009-06-25 06:38 . 2006-03-02 12:00 471764 ----a-w- c:\windows\system32\perfh005.dat
2009-06-10 16:33 . 2009-03-27 08:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 16:33 . 2009-03-27 08:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-31 12:19 . 2009-05-01 16:33 -------- d-----w- c:\program files\Free Easy Burner
2009-05-29 15:34 . 2009-05-29 15:34 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-05-23 18:30 . 2009-04-13 08:44 -------- d-----w- c:\program files\Game Cam V2
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 16:33 . 2009-05-01 16:33 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-01 16:33 . 2009-05-01 16:33 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 16:33 . 2009-05-01 16:33 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-01 16:33 . 2009-05-01 16:33 158192 ------w- c:\windows\system32\pxwma.dll
2009-04-30 17:39 . 2009-04-30 17:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-29 04:35 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:35 . 2006-03-02 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 08:07 . 2009-04-12 19:42 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 08:07 . 2009-04-12 19:42 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-18 07:28 . 2006-09-28 18:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 09:03 . 2009-04-12 19:42 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-13 12:21 . 2009-04-13 12:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-13 10:42 . 2009-04-13 10:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-13 10:14 . 2009-04-13 09:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-13 08:12 . 2009-04-13 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-13 08:08 . 2009-04-13 07:40 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-04-12 19:57 . 2009-04-12 19:40 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2006-10-26 09:44 . 2006-10-26 09:44 2838528 ----a-w- c:\program files\fraps.exe
2006-10-26 09:43 . 2006-10-26 09:43 110592 ----a-w- c:\program files\fraps.dll
2006-10-26 09:43 . 2006-10-26 09:43 122880 ----a-w- c:\program files\frapslcd.dll
2006-10-26 08:36 . 2006-10-26 08:36 11066 ----a-w- c:\program files\changes.txt
2006-10-26 02:44 . 2006-10-26 02:44 1859 ----a-w- c:\program files\README.HTM
2006-10-21 00:56 . 2006-10-21 00:56 56320 ----a-w- c:\program files\fraps64.dll
2006-10-21 00:56 . 2006-10-21 00:56 293376 ----a-w- c:\program files\fraps64.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_07.37.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 11:28 . 2009-06-30 11:28 16384 c:\windows\temp\Perflib_Perfdata_4c4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [13.4.2009 9:40 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [13.4.2009 9:40 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [13.4.2009 9:40 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [13.4.2009 9:39 86648]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [13.4.2009 9:40 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [13.4.2009 9:39 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [13.4.2009 9:39 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\yr5v21ut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 13:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-838170752-682003330-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,97,63,9b,6a,df,8d,d3,6d,b9,60,d3,1e,95,c2,2f,d5,77,a0,25,41,da,e8,
76,23,b6,34,b7,72,cb,08,b8,15,96,66,f0,36,3f,8a,9d,bf,13,75,e1,c6,d5,ab,3a,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
Celkový čas: 2009-06-30 13:32
ComboFix-quarantined-files.txt 2009-06-30 11:32
ComboFix2.txt 2009-06-30 07:37

Před spuštěním: Volných bajtů: 10 719 531 008
Po spuštění: Volných bajtů: 10 707 845 120

191 --- E O F --- 2009-06-14 17:28

a jeste jeden HJT (ten KernelFaultCheck tam ted neni protoze kdyz ho vypnu tak po prvnim restartu se neobjevi, az po druhym):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:52, on 30.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4732 bytes

[jaro3]

ActiveArmor Firewall
Byl nejspíše nainstalován s ovladači nVidia(ASUS) z instalačního CD.
NVIDIA Network Access Manager is part of the NVIDIA Firewall used on certain Asus motherboards. This process should not be removed to ensure that your system is secure.\r
http://www.nvidia.com/object/security.html

http://www.processlibrary.com/directory ... svcappflt/

open nvidia firewall control panel or preferences page and disable it. Or enable windows firewall from windows control pnel then it asks for disabling nvidia one nd do so. After that either u can keep using windows fw or disable it too

You should be able to uninstall it from add/remove programs. Just find the NVIDIA drivers entry then click change remove. You won't change anything until the next step so don't worry. It will ask you what to remove, first click the radio button - Remove only the following then select [Active armor] then click Remove.
Tak ho zkus najít v přidat/odebrat pod nVidií, přesný návod jsem nenašel..

Procesor je v pořádku ( chladič)?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\english\PhysX_9.09.0203_SystemSoftware.exe"


Pak nový log z HJT.

[Massacre]

Chladic bohuzel zatim v poradku neni, mam ho tam podeprenej zatim, ale moc spolehlivy to neni. Obchod kterej to u nas dodava ma zavreno do ctvrtka takze to bohuzel musi chvili pockat.
Combofix: Znova mi naskocila stejna chyba pri ukoncovani Combofixu, tentokrat vsak nastesti bez modre obrazovky: http://www.thegame.xf.cz/grepcf.jpg
HJT: Ty dva procesy tam najednou uz nejsou, takze je nebylo ani jak fixnout.

Combofix:
ComboFix 09-06-29.04 - Marek 30.06.2009 15:10.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1668 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 18:52 . 2009-06-29 18:52 -------- d-----w- C:\_OTM
2009-06-29 18:50 . 2009-06-10 05:42 389632 ----a-w- C:\OTM.exe
2009-06-29 12:36 . 2009-06-29 12:40 -------- d-----w- c:\program files\HD Tune Pro
2009-06-29 11:55 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:52 -------- d-----w- c:\documents and settings\Marek\SystemRequirementsLab
2009-06-29 11:51 . 2009-06-29 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-29 11:46 . 2009-06-29 11:46 -------- d-----w- c:\program files\DIFX
2009-06-29 11:46 . 2009-06-29 11:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 11:46 . 2006-05-10 10:22 43008 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-06-29 11:35 . 2006-06-01 13:39 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2009-06-29 11:35 . 2006-04-14 06:00 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-29 11:35 . 2006-04-14 06:01 35840 ----a-r- c:\windows\system32\NVCOI.DLL
2009-06-29 11:34 . 2006-05-16 11:23 205312 ----a-r- c:\windows\system32\fdco1.dll
2009-06-29 11:34 . 2006-05-16 11:25 52736 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-29 11:34 . 2006-06-01 13:36 208896 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-29 11:34 . 2006-05-16 11:24 109568 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2009-06-29 11:34 . 2009-06-29 11:34 -------- d-----w- c:\windows\NV38003808.TMP
2009-06-29 11:34 . 2006-03-14 13:45 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-29 11:34 . 2006-05-16 11:24 261120 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-06-29 11:34 . 2006-05-16 11:22 10240 ----a-r- c:\windows\system32\bdco1.dll
2009-06-29 11:34 . 2006-05-16 11:24 1075328 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-29 11:34 . 2006-05-16 11:25 18944 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-29 11:34 . 2006-05-12 07:26 208896 ----a-r- c:\windows\system32\nvusmb.exe
2009-06-29 11:34 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-29 08:39 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 08:39 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 08:39 . 2009-06-29 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 23:40 . 2009-06-29 16:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-28 23:40 . 2009-06-28 23:40 -------- d-----w- c:\windows\system32\AGEIA
2009-06-28 19:09 . 2009-06-28 19:09 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-28 19:09 . 2009-06-28 19:09 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-28 18:59 . 2009-06-28 19:09 -------- d-----w- c:\program files\Zaklínač
2009-06-27 17:18 . 2009-06-27 17:18 -------- d-----w- c:\program files\Uniblue
2009-06-25 06:34 . 2008-04-14 03:22 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:21 27648 ----a-w- c:\windows\system32\irmon.dll
2009-06-25 06:34 . 2008-04-14 03:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-06-25 06:34 . 2008-04-14 03:22 152064 ----a-w- c:\windows\system32\irftp.exe
2009-06-14 10:27 . 2009-06-14 10:27 -------- d-----w- c:\program files\TrekStor
2009-06-13 19:53 . 2009-06-13 19:55 -------- d-----w- c:\program files\The KMPlayer
2009-06-10 16:33 . 2009-06-10 16:33 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 16:33 . 2009-06-10 16:33 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-09 18:36 . 2009-06-09 18:36 -------- d-----w- c:\windows\Sun
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Ventrilo
2009-06-04 18:27 . 2009-06-04 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 18:26 . 2009-06-04 18:26 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 10:34 . 2009-04-13 07:39 -------- d-----w- c:\program files\F-Secure
2009-06-29 16:04 . 2009-04-12 20:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-28 18:59 . 2009-04-12 20:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 14:44 . 2009-05-20 18:20 -------- d-----w- c:\program files\Animation GIF Wizard
2009-06-25 06:38 . 2006-03-02 12:00 93704 ----a-w- c:\windows\system32\perfc005.dat
2009-06-25 06:38 . 2006-03-02 12:00 471764 ----a-w- c:\windows\system32\perfh005.dat
2009-06-10 16:33 . 2009-03-27 08:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 16:33 . 2009-03-27 08:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-31 12:19 . 2009-05-01 16:33 -------- d-----w- c:\program files\Free Easy Burner
2009-05-29 15:34 . 2009-05-29 15:34 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-05-23 18:30 . 2009-04-13 08:44 -------- d-----w- c:\program files\Game Cam V2
2009-05-07 15:33 . 2006-03-02 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 16:33 . 2009-05-01 16:33 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-01 16:33 . 2009-05-01 16:33 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 16:33 . 2009-05-01 16:33 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-01 16:33 . 2009-05-01 16:33 158192 ------w- c:\windows\system32\pxwma.dll
2009-04-30 17:39 . 2009-04-30 17:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-29 04:35 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:35 . 2006-03-02 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-19 19:52 . 2006-03-02 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 08:07 . 2009-04-12 19:42 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 08:07 . 2009-04-12 19:42 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-04-18 07:28 . 2006-09-28 18:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-15 14:54 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 09:03 . 2009-04-12 19:42 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-04-13 12:21 . 2009-04-13 12:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-13 10:42 . 2009-04-13 10:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-13 10:14 . 2009-04-13 09:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-13 08:12 . 2009-04-13 08:12 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-13 08:08 . 2009-04-13 07:40 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-04-12 19:57 . 2009-04-12 19:40 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2006-10-26 09:44 . 2006-10-26 09:44 2838528 ----a-w- c:\program files\fraps.exe
2006-10-26 09:43 . 2006-10-26 09:43 110592 ----a-w- c:\program files\fraps.dll
2006-10-26 09:43 . 2006-10-26 09:43 122880 ----a-w- c:\program files\frapslcd.dll
2006-10-26 08:36 . 2006-10-26 08:36 11066 ----a-w- c:\program files\changes.txt
2006-10-26 02:44 . 2006-10-26 02:44 1859 ----a-w- c:\program files\README.HTM
2006-10-21 00:56 . 2006-10-21 00:56 56320 ----a-w- c:\program files\fraps64.dll
2006-10-21 00:56 . 2006-10-21 00:56 293376 ----a-w- c:\program files\fraps64.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_07.37.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 13:01 . 2009-06-30 13:01 16384 c:\windows\temp\Perflib_Perfdata_4ec.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [13.4.2009 9:40 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [13.4.2009 9:40 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [13.4.2009 9:40 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [13.4.2009 9:39 86648]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [13.4.2009 9:40 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [13.4.2009 9:39 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [13.4.2009 9:39 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\yr5v21ut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 15:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1202660629-838170752-682003330-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,97,63,9b,6a,df,8d,d3,6d,b9,60,d3,1e,95,c2,2f,d5,77,a0,25,41,da,e8,
76,23,b6,34,b7,72,cb,08,b8,15,96,66,f0,36,3f,8a,9d,bf,13,75,e1,c6,d5,ab,3a,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
Celkový čas: 2009-06-30 15:12
ComboFix-quarantined-files.txt 2009-06-30 13:12
ComboFix2.txt 2009-06-30 11:32
ComboFix3.txt 2009-06-30 07:37

Před spuštěním: Volných bajtů: 10 712 137 728
Po spuštění: Volných bajtů: 10 700 267 520

183 --- E O F --- 2009-06-14 17:28


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:28, on 30.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4302 bytes