Zdravím, mohli byste pomoct prosím? svchost.exe mi žere 50% výkonu CPU. Přikládám log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:26, on 20.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMF53.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Automaticky EPSON Stylus DX4400 Series v IVANA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SBC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Automaticky EPSON Stylus DX4400 Series v HERNI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Pavel\LOCALS~1\Temp\E_S1F17.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8108 bytes
svchost.exe 50%
Re: svchost.exe 50%
Nazdar, mas tam bordel...
Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: svchost.exe 50%
tak jsem stahnul, zavrel snad vse co bylo spusteno a tady je vysledek:
DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Pavel at 15:26:41,20 on ne 20.12.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1448 [GMT 1:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\utilman.exe
C:\Documents and Settings\Pavel\Plocha\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://start.icq.com/
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mWinlogon: UIHost=c:\documents and settings\all users\data aplikací\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Automaticky EPSON Stylus DX4400 Series v IVANA] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SBC.tmp" /EF "HKCU"
uRun: [Automaticky EPSON Stylus DX4400 Series v HERNI] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SBB.tmp" /EF "HKCU"
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\docume~1\pavel\locals~1\temp\E_S1F17.tmp" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [CHotkey] mHotkey.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SMail] "c:\program files\seznam\postak\Postak.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sysgif32] c:\windows\temp\~TMF53.tmp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\pavel\nabídka start\programy\po spuštění\siszyd32.exe
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pavel\dataap~1\mozilla\firefox\profiles\0hqa3q06.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-27 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-9-10 222968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-9-9 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2009-12-20 11:53:12 0 d-----w- c:\program files\Trend Micro
2009-12-19 19:48:41 734208 ----a-w- c:\windows\system32\drivers\hpmsfxs.sys
2009-12-19 19:48:11 4 ----a-w- c:\docume~1\pavel\dataap~1\avdrn.dat
2009-12-13 09:54:16 0 d-----w- c:\program files\ICQ6.5
2009-12-12 16:46:20 0 d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06:43 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06:41 0 d-----w- c:\program files\Bobabo
2009-12-09 20:31:19 77824 ----a-w- c:\windows\system32\xvid.ax
2009-12-09 20:31:19 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31:18 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:31:18 0 d-----w- c:\program files\Xvid
2009-12-09 20:30:37 0 d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30:07 0 d-----w- c:\program files\AVI ReComp
2009-12-08 20:38:59 0 d-----w- c:\docume~1\pavel\dataap~1\Apowersoft
2009-12-08 20:38:52 0 d-----w- c:\program files\Apowersoft
2009-12-06 13:43:08 0 d-----w- c:\docume~1\alluse~1\dataap~1\Codemasters
2009-12-06 13:41:47 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41:46 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41:46 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41:46 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41:46 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41:46 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41:46 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41:46 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41:46 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41:46 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41:44 0 d-----w- c:\program files\BRS
2009-12-06 13:40:51 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-12-06 13:40:51 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-12-06 13:40:51 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40:51 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40:51 0 d-----w- c:\program files\OpenAL
2009-12-06 13:40:45 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40:45 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40:44 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40:43 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40:43 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40:43 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40:42 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:07:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57:44 0 dc-h--w- c:\docume~1\alluse~1\dataap~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 16:57:32 0 d-----w- c:\program files\Lavasoft
2009-11-27 15:25:03 0 d-----w- c:\program files\ICQToolbar
2009-11-25 15:25:52 92187 ---h--w- C:\treeinfo.wc
2009-11-24 19:24:58 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-24 19:24:58 1409 ----a-w- c:\windows\QTFont.for
==================== Find3M ====================
2009-12-20 12:44:13 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44:13 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-11-06 09:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05:36 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05:34 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 15:34:26 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34:19 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01:34 22328 ----a-w- c:\docume~1\pavel\dataap~1\PnkBstrK.sys
2009-10-29 15:01:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01:08 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 07:43:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:39 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:34:22 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40:19 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40:19 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-06-23 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
============= FINISH: 15:26:46,12 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9.9.2009 22:51:12
System Uptime: 20.12.2009 13:41:54 (2 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2671/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 131,09 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 613,966 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standardní klávesnice)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
==== System Restore Points ===================
RP67: 21.9.2009 19:23:50 - Kontrolní bod systému
RP68: 23.9.2009 16:21:19 - Kontrolní bod systému
RP69: 24.9.2009 18:32:42 - Kontrolní bod systému
RP70: 26.9.2009 14:26:20 - Kontrolní bod systému
RP71: 27.9.2009 18:07:08 - Kontrolní bod systému
RP72: 28.9.2009 13:50:28 - Installed Driver Detective
RP73: 29.9.2009 18:35:25 - Kontrolní bod systému
RP74: 30.9.2009 19:48:26 - Kontrolní bod systému
RP75: 2.10.2009 13:10:45 - Kontrolní bod systému
RP76: 3.10.2009 13:28:45 - Kontrolní bod systému
RP77: 4.10.2009 19:18:48 - Kontrolní bod systému
RP78: 5.10.2009 19:44:04 - Kontrolní bod systému
RP79: 6.10.2009 20:24:46 - Kontrolní bod systému
RP80: 7.10.2009 16:37:24 - Installed Enterprise Architect 7.0
RP81: 8.10.2009 20:21:12 - Kontrolní bod systému
RP82: 9.10.2009 20:40:52 - Kontrolní bod systému
RP83: 10.10.2009 22:02:36 - Kontrolní bod systému
RP84: 11.10.2009 22:18:23 - Kontrolní bod systému
RP85: 13.10.2009 19:24:57 - Software Distribution Service 3.0
RP86: 16.10.2009 16:11:03 - Kontrolní bod systému
RP87: 17.10.2009 16:34:59 - Kontrolní bod systému
RP88: 18.10.2009 20:03:01 - Kontrolní bod systému
RP89: 20.10.2009 17:47:18 - Kontrolní bod systému
RP90: 22.10.2009 16:54:13 - Kontrolní bod systému
RP91: 23.10.2009 16:59:54 - Kontrolní bod systému
RP92: 25.10.2009 17:18:44 - Kontrolní bod systému
RP93: 26.10.2009 20:07:42 - Kontrolní bod systému
RP94: 27.10.2009 21:10:54 - Kontrolní bod systému
RP95: 29.10.2009 11:03:43 - Kontrolní bod systému
RP96: 29.10.2009 15:51:15 - Installed Tom Clancy's Rainbow Six Vegas 2
RP97: 29.10.2009 15:59:54 - Nainstalováno rozhraní DirectX
RP98: 29.10.2009 16:36:24 - Removed Tom Clancy's Rainbow Six Vegas 2
RP99: 30.10.2009 15:20:22 - Installed SweetIM for Messenger 2.7
RP100: 31.10.2009 15:49:23 - Kontrolní bod systému
RP101: 31.10.2009 20:53:47 - Installed GM Rally
RP102: 1.11.2009 20:59:25 - Kontrolní bod systému
RP103: 2.11.2009 21:41:37 - Removed Opera 10.00.
RP104: 2.11.2009 21:41:48 - Installed Opera 10.01.
RP105: 4.11.2009 14:31:35 - Installed Java(TM) 6 Update 17
RP106: 4.11.2009 19:23:09 - Software Distribution Service 3.0
RP107: 6.11.2009 16:34:21 - Kontrolní bod systému
RP108: 7.11.2009 20:26:51 - Kontrolní bod systému
RP109: 8.11.2009 21:07:17 - Kontrolní bod systému
RP110: 9.11.2009 12:51:26 - Instalováno Corel Graphics Suite 11
RP111: 10.11.2009 13:04:17 - Kontrolní bod systému
RP112: 12.11.2009 19:40:05 - Software Distribution Service 3.0
RP113: 13.11.2009 21:58:20 - Kontrolní bod systému
RP114: 15.11.2009 12:29:21 - Kontrolní bod systému
RP115: 16.11.2009 13:22:42 - Kontrolní bod systému
RP116: 17.11.2009 14:36:59 - Kontrolní bod systému
RP117: 18.11.2009 16:41:08 - Kontrolní bod systému
RP118: 19.11.2009 21:55:11 - Kontrolní bod systému
RP119: 21.11.2009 18:28:27 - Kontrolní bod systému
RP120: 22.11.2009 20:02:40 - Kontrolní bod systému
RP121: 23.11.2009 20:24:55 - Kontrolní bod systému
RP122: 23.11.2009 22:16:43 - Removed SweetIM for Messenger 2.7
RP123: 23.11.2009 22:16:53 - Installed SweetIM for Messenger 2.8
RP124: 23.11.2009 22:38:50 - Removed Opera 10.01.
RP125: 23.11.2009 22:38:59 - Installed Opera 10.10.
RP126: 24.11.2009 20:28:52 - Installed QuickTime
RP127: 25.11.2009 15:59:20 - Software Distribution Service 3.0
RP128: 26.11.2009 17:54:48 - Kontrolní bod systému
RP129: 27.11.2009 20:01:46 - Kontrolní bod systému
RP130: 28.11.2009 20:33:13 - Kontrolní bod systému
RP131: 29.11.2009 20:59:21 - Kontrolní bod systému
RP132: 30.11.2009 21:39:43 - Kontrolní bod systému
RP133: 2.12.2009 15:48:50 - Kontrolní bod systému
RP134: 3.12.2009 20:40:19 - Kontrolní bod systému
RP135: 4.12.2009 22:07:09 - Kontrolní bod systému
RP136: 6.12.2009 14:24:05 - Installed DiRT2
RP137: 6.12.2009 14:39:53 - Nainstalováno rozhraní DirectX
RP138: 6.12.2009 14:41:09 - Nainstalováno rozhraní DirectX
RP139: 7.12.2009 16:55:38 - Kontrolní bod systému
RP140: 8.12.2009 19:07:28 - Kontrolní bod systému
RP141: 9.12.2009 15:10:57 - Software Distribution Service 3.0
RP142: 10.12.2009 18:56:34 - Kontrolní bod systému
RP143: 11.12.2009 19:05:36 - Kontrolní bod systému
RP144: 13.12.2009 13:38:20 - Kontrolní bod systému
RP145: 14.12.2009 16:39:45 - Kontrolní bod systému
RP146: 15.12.2009 17:59:39 - Kontrolní bod systému
RP147: 16.12.2009 18:06:02 - Kontrolní bod systému
RP148: 17.12.2009 18:55:49 - Kontrolní bod systému
RP149: 18.12.2009 21:42:31 - Kontrolní bod systému
RP150: 19.12.2009 21:39:53 - Removed Opera 10.10.
RP151: 19.12.2009 21:40:32 - Installed Opera 10.00.
RP152: 19.12.2009 21:41:54 - Removed Opera 10.00.
RP153: 19.12.2009 21:42:03 - Installed Opera 10.10.
==== Installed Programs ======================
3GP Player 1.1.5
A4tech USB Mouse Quality Testing Program V5.0
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8 - Czech
Adobe Shockwave Player
AI Suite
Aktualizace systému Windows Internet Explorer 8 (KB973874)
Aktualizace systému Windows Internet Explorer 8 (KB976749)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB923789)
Aktualizace zabezpečení systému Windows XP (KB938464-v2)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371-v2)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972260)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Apple Application Support
Apple Software Update
ASUSUpdate
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
AVI ReComp 1.2.3
AVI/MPEG/RM/WMV Joiner 4.82
AviSynth 2.5
BS.Player PRO
Bus-Simulator 2009
CABAL Online
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Corel Graphics Suite 11
CorelDRAW Graphics Suite 11
CX4300_5500_DX4400 Manuál
Direct Show Ogg Vorbis Filter (remove only)
DiRT
DiRT2
DivX Codec
DivX Plus DirectShow Filters
DivX Web Player
DVD Shrink 3.2
Easy Video to Audio Converter 1.0.3
Enterprise Architect 7.0
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
ESET NOD32 Antivirus
Fraps (remove only)
FUEL
GM Rally
Heroes of Might and Magic® III Complete
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Chilkat Upload ActiveX
ICQ Toolbar
ICQ6.5
ImTOO 3GP Video Converter
IrfanView (remove only)
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Lineage II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Language Pack - CSY
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Czech Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Need for Speed™ SHIFT
Nero 9.0.9.4d Micro (sestavení 1)
NVIDIA Drivers
NVIDIA PhysX
OLYMPUS Master 2
OLYMPUS muvee theaterPack
OpenAL
Opera 10.10
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
PC Probe II
PDFCreator
PowerArchiver 2006 v9.60
Protege 3.3.1
PunkBuster Services
QuickTime
QuickTime Alternative 1.81
Rapture3D 2.3.22 Game
Real Alternative 1.52
Realtek High Definition Audio Driver
Seznam Pošťák
Skype™ 4.1
Smart-X7 7.80
Software tiskárny EPSON
SweetIM for Messenger 2.8
SweetIM Toolbar for Internet Explorer 3.6
TeamSpeak 2 RC2
Total Commander (Remove or Repair)
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Multimedia Keyboard Driver
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Communication Foundation Language Pack - CSY
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (CSY)
Windows Workflow Foundation CS Language Pack
Windows XP Service Pack 3
WinRAR
WinSCP 4.0.4
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
CENZURA Suite V2.2.6
==== End Of File ===========================
DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Pavel at 15:26:41,20 on ne 20.12.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1448 [GMT 1:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\utilman.exe
C:\Documents and Settings\Pavel\Plocha\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://start.icq.com/
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mWinlogon: UIHost=c:\documents and settings\all users\data aplikací\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Automaticky EPSON Stylus DX4400 Series v IVANA] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SBC.tmp" /EF "HKCU"
uRun: [Automaticky EPSON Stylus DX4400 Series v HERNI] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SBB.tmp" /EF "HKCU"
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\docume~1\pavel\locals~1\temp\E_S1F17.tmp" /EF "HKCU"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [CHotkey] mHotkey.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SMail] "c:\program files\seznam\postak\Postak.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sysgif32] c:\windows\temp\~TMF53.tmp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\pavel\nabídka start\programy\po spuštění\siszyd32.exe
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pavel\dataap~1\mozilla\firefox\profiles\0hqa3q06.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-27 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-9-10 222968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-9-9 38656]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2009-12-20 11:53:12 0 d-----w- c:\program files\Trend Micro
2009-12-19 19:48:41 734208 ----a-w- c:\windows\system32\drivers\hpmsfxs.sys
2009-12-19 19:48:11 4 ----a-w- c:\docume~1\pavel\dataap~1\avdrn.dat
2009-12-13 09:54:16 0 d-----w- c:\program files\ICQ6.5
2009-12-12 16:46:20 0 d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06:43 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06:41 0 d-----w- c:\program files\Bobabo
2009-12-09 20:31:19 77824 ----a-w- c:\windows\system32\xvid.ax
2009-12-09 20:31:19 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31:18 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:31:18 0 d-----w- c:\program files\Xvid
2009-12-09 20:30:37 0 d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30:07 0 d-----w- c:\program files\AVI ReComp
2009-12-08 20:38:59 0 d-----w- c:\docume~1\pavel\dataap~1\Apowersoft
2009-12-08 20:38:52 0 d-----w- c:\program files\Apowersoft
2009-12-06 13:43:08 0 d-----w- c:\docume~1\alluse~1\dataap~1\Codemasters
2009-12-06 13:41:47 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41:46 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41:46 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41:46 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41:46 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41:46 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41:46 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41:46 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41:46 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41:46 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41:44 0 d-----w- c:\program files\BRS
2009-12-06 13:40:51 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-12-06 13:40:51 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-12-06 13:40:51 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40:51 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40:51 0 d-----w- c:\program files\OpenAL
2009-12-06 13:40:45 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40:45 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40:44 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40:43 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40:43 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40:43 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40:42 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:07:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57:44 0 dc-h--w- c:\docume~1\alluse~1\dataap~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 16:57:32 0 d-----w- c:\program files\Lavasoft
2009-11-27 15:25:03 0 d-----w- c:\program files\ICQToolbar
2009-11-25 15:25:52 92187 ---h--w- C:\treeinfo.wc
2009-11-24 19:24:58 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-24 19:24:58 1409 ----a-w- c:\windows\QTFont.for
==================== Find3M ====================
2009-12-20 12:44:13 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44:13 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-11-06 09:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 17:05:36 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05:34 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 15:34:26 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34:19 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01:34 22328 ----a-w- c:\docume~1\pavel\dataap~1\PnkBstrK.sys
2009-10-29 15:01:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01:08 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 07:43:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40:39 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40:39 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:34:22 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40:19 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40:19 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-06-23 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
============= FINISH: 15:26:46,12 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9.9.2009 22:51:12
System Uptime: 20.12.2009 13:41:54 (2 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2671/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 131,09 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 613,966 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standardní klávesnice)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
==== System Restore Points ===================
RP67: 21.9.2009 19:23:50 - Kontrolní bod systému
RP68: 23.9.2009 16:21:19 - Kontrolní bod systému
RP69: 24.9.2009 18:32:42 - Kontrolní bod systému
RP70: 26.9.2009 14:26:20 - Kontrolní bod systému
RP71: 27.9.2009 18:07:08 - Kontrolní bod systému
RP72: 28.9.2009 13:50:28 - Installed Driver Detective
RP73: 29.9.2009 18:35:25 - Kontrolní bod systému
RP74: 30.9.2009 19:48:26 - Kontrolní bod systému
RP75: 2.10.2009 13:10:45 - Kontrolní bod systému
RP76: 3.10.2009 13:28:45 - Kontrolní bod systému
RP77: 4.10.2009 19:18:48 - Kontrolní bod systému
RP78: 5.10.2009 19:44:04 - Kontrolní bod systému
RP79: 6.10.2009 20:24:46 - Kontrolní bod systému
RP80: 7.10.2009 16:37:24 - Installed Enterprise Architect 7.0
RP81: 8.10.2009 20:21:12 - Kontrolní bod systému
RP82: 9.10.2009 20:40:52 - Kontrolní bod systému
RP83: 10.10.2009 22:02:36 - Kontrolní bod systému
RP84: 11.10.2009 22:18:23 - Kontrolní bod systému
RP85: 13.10.2009 19:24:57 - Software Distribution Service 3.0
RP86: 16.10.2009 16:11:03 - Kontrolní bod systému
RP87: 17.10.2009 16:34:59 - Kontrolní bod systému
RP88: 18.10.2009 20:03:01 - Kontrolní bod systému
RP89: 20.10.2009 17:47:18 - Kontrolní bod systému
RP90: 22.10.2009 16:54:13 - Kontrolní bod systému
RP91: 23.10.2009 16:59:54 - Kontrolní bod systému
RP92: 25.10.2009 17:18:44 - Kontrolní bod systému
RP93: 26.10.2009 20:07:42 - Kontrolní bod systému
RP94: 27.10.2009 21:10:54 - Kontrolní bod systému
RP95: 29.10.2009 11:03:43 - Kontrolní bod systému
RP96: 29.10.2009 15:51:15 - Installed Tom Clancy's Rainbow Six Vegas 2
RP97: 29.10.2009 15:59:54 - Nainstalováno rozhraní DirectX
RP98: 29.10.2009 16:36:24 - Removed Tom Clancy's Rainbow Six Vegas 2
RP99: 30.10.2009 15:20:22 - Installed SweetIM for Messenger 2.7
RP100: 31.10.2009 15:49:23 - Kontrolní bod systému
RP101: 31.10.2009 20:53:47 - Installed GM Rally
RP102: 1.11.2009 20:59:25 - Kontrolní bod systému
RP103: 2.11.2009 21:41:37 - Removed Opera 10.00.
RP104: 2.11.2009 21:41:48 - Installed Opera 10.01.
RP105: 4.11.2009 14:31:35 - Installed Java(TM) 6 Update 17
RP106: 4.11.2009 19:23:09 - Software Distribution Service 3.0
RP107: 6.11.2009 16:34:21 - Kontrolní bod systému
RP108: 7.11.2009 20:26:51 - Kontrolní bod systému
RP109: 8.11.2009 21:07:17 - Kontrolní bod systému
RP110: 9.11.2009 12:51:26 - Instalováno Corel Graphics Suite 11
RP111: 10.11.2009 13:04:17 - Kontrolní bod systému
RP112: 12.11.2009 19:40:05 - Software Distribution Service 3.0
RP113: 13.11.2009 21:58:20 - Kontrolní bod systému
RP114: 15.11.2009 12:29:21 - Kontrolní bod systému
RP115: 16.11.2009 13:22:42 - Kontrolní bod systému
RP116: 17.11.2009 14:36:59 - Kontrolní bod systému
RP117: 18.11.2009 16:41:08 - Kontrolní bod systému
RP118: 19.11.2009 21:55:11 - Kontrolní bod systému
RP119: 21.11.2009 18:28:27 - Kontrolní bod systému
RP120: 22.11.2009 20:02:40 - Kontrolní bod systému
RP121: 23.11.2009 20:24:55 - Kontrolní bod systému
RP122: 23.11.2009 22:16:43 - Removed SweetIM for Messenger 2.7
RP123: 23.11.2009 22:16:53 - Installed SweetIM for Messenger 2.8
RP124: 23.11.2009 22:38:50 - Removed Opera 10.01.
RP125: 23.11.2009 22:38:59 - Installed Opera 10.10.
RP126: 24.11.2009 20:28:52 - Installed QuickTime
RP127: 25.11.2009 15:59:20 - Software Distribution Service 3.0
RP128: 26.11.2009 17:54:48 - Kontrolní bod systému
RP129: 27.11.2009 20:01:46 - Kontrolní bod systému
RP130: 28.11.2009 20:33:13 - Kontrolní bod systému
RP131: 29.11.2009 20:59:21 - Kontrolní bod systému
RP132: 30.11.2009 21:39:43 - Kontrolní bod systému
RP133: 2.12.2009 15:48:50 - Kontrolní bod systému
RP134: 3.12.2009 20:40:19 - Kontrolní bod systému
RP135: 4.12.2009 22:07:09 - Kontrolní bod systému
RP136: 6.12.2009 14:24:05 - Installed DiRT2
RP137: 6.12.2009 14:39:53 - Nainstalováno rozhraní DirectX
RP138: 6.12.2009 14:41:09 - Nainstalováno rozhraní DirectX
RP139: 7.12.2009 16:55:38 - Kontrolní bod systému
RP140: 8.12.2009 19:07:28 - Kontrolní bod systému
RP141: 9.12.2009 15:10:57 - Software Distribution Service 3.0
RP142: 10.12.2009 18:56:34 - Kontrolní bod systému
RP143: 11.12.2009 19:05:36 - Kontrolní bod systému
RP144: 13.12.2009 13:38:20 - Kontrolní bod systému
RP145: 14.12.2009 16:39:45 - Kontrolní bod systému
RP146: 15.12.2009 17:59:39 - Kontrolní bod systému
RP147: 16.12.2009 18:06:02 - Kontrolní bod systému
RP148: 17.12.2009 18:55:49 - Kontrolní bod systému
RP149: 18.12.2009 21:42:31 - Kontrolní bod systému
RP150: 19.12.2009 21:39:53 - Removed Opera 10.10.
RP151: 19.12.2009 21:40:32 - Installed Opera 10.00.
RP152: 19.12.2009 21:41:54 - Removed Opera 10.00.
RP153: 19.12.2009 21:42:03 - Installed Opera 10.10.
==== Installed Programs ======================
3GP Player 1.1.5
A4tech USB Mouse Quality Testing Program V5.0
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8 - Czech
Adobe Shockwave Player
AI Suite
Aktualizace systému Windows Internet Explorer 8 (KB973874)
Aktualizace systému Windows Internet Explorer 8 (KB976749)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB974455)
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB976325)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB923789)
Aktualizace zabezpečení systému Windows XP (KB938464-v2)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371-v2)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972260)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Apple Application Support
Apple Software Update
ASUSUpdate
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
AVI ReComp 1.2.3
AVI/MPEG/RM/WMV Joiner 4.82
AviSynth 2.5
BS.Player PRO
Bus-Simulator 2009
CABAL Online
Combined Community Codec Pack 2007-07-22
Compatibility Pack for the 2007 Office system
Corel Graphics Suite 11
CorelDRAW Graphics Suite 11
CX4300_5500_DX4400 Manuál
Direct Show Ogg Vorbis Filter (remove only)
DiRT
DiRT2
DivX Codec
DivX Plus DirectShow Filters
DivX Web Player
DVD Shrink 3.2
Easy Video to Audio Converter 1.0.3
Enterprise Architect 7.0
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
ESET NOD32 Antivirus
Fraps (remove only)
FUEL
GM Rally
Heroes of Might and Magic® III Complete
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Chilkat Upload ActiveX
ICQ Toolbar
ICQ6.5
ImTOO 3GP Video Converter
IrfanView (remove only)
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Lineage II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Czech Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Language Pack - CSY
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Czech Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Need for Speed™ SHIFT
Nero 9.0.9.4d Micro (sestavení 1)
NVIDIA Drivers
NVIDIA PhysX
OLYMPUS Master 2
OLYMPUS muvee theaterPack
OpenAL
Opera 10.10
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB976098-v2)
PC Probe II
PDFCreator
PowerArchiver 2006 v9.60
Protege 3.3.1
PunkBuster Services
QuickTime
QuickTime Alternative 1.81
Rapture3D 2.3.22 Game
Real Alternative 1.52
Realtek High Definition Audio Driver
Seznam Pošťák
Skype™ 4.1
Smart-X7 7.80
Software tiskárny EPSON
SweetIM for Messenger 2.8
SweetIM Toolbar for Internet Explorer 3.6
TeamSpeak 2 RC2
Total Commander (Remove or Repair)
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Multimedia Keyboard Driver
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Communication Foundation Language Pack - CSY
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (CSY)
Windows Workflow Foundation CS Language Pack
Windows XP Service Pack 3
WinRAR
WinSCP 4.0.4
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
CENZURA Suite V2.2.6
==== End Of File ===========================
Re: svchost.exe 50%
Stiahni ComboFix - NESPUSTAT.
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
DDS::
uStart Page = hxxp://start.icq.com/
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mRun: [sysgif32] c:\windows\temp\~TMF53.tmp
StartupFolder: c:\documents and settings\pavel\nabídka start\programy\po spuštění\siszyd32.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/G ... meHost.cab
FireFox::
FF - ProfilePath - c:\docume~1\pavel\dataap~1\mozilla\firefox\profiles\0hqa3q06.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
Driver::
ICQ Service
hpmsfxs
Folder::
c:\program files\icq6toolbar
c:\program files\ICQToolbar
Rootkit::
c:\windows\system32\drivers\hpmsfxs.sys
File::
c:\docume~1\pavel\dataap~1\avdrn.datUloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: svchost.exe 50%
Provedeno, Windows se bez problému spustil, ale původní problém zůstává dál :( Jen pro upřesnění, tento problém, že mi svchost.exe žere 50% CPU nastal po navštívení stránky, kterou běžně navštěvuji, ale tentokrát mi NOD32 přerušil spojení této stránky z důvodu infiltrace a poté nastal tento problém. A když pustím NOD32, tak nic nenajde.
Re: svchost.exe 50%
To je sice mozne a pekne, ale bez dalsieho logu sa nepohneme 
CF vytvoril log, najdes ho na adrese "C:\ComboFix.txt". Vloz ho sem prosim.
CF vytvoril log, najdes ho na adrese "C:\ComboFix.txt". Vloz ho sem prosim.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: svchost.exe 50%
jej sry, jsem si nevsiml, jinak bych ho hned hodil. Tak tady je:
ComboFix 09-12-19.03 - Pavel 20.12.2009 16:20:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1438 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\icqtoo~1\toolbaru.dll
c:\program files\icq6toolbar\ICQToolBar.dll
c:\windows\temp\~TMF53.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HPMSFXS
-------\Legacy_ICQ_SERVICE
-------\Service_hpmsfxs
-------\Service_ICQ Service
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.
2009-12-20 11:53 . 2009-12-20 11:53 -------- d-----w- c:\program files\Trend Micro
2009-12-13 09:54 . 2009-12-13 10:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-12 16:46 . 2009-12-12 16:47 -------- d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06 . 2008-07-03 13:26 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06 . 2008-07-03 13:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06 . 2009-12-10 21:06 -------- d-----w- c:\program files\Bobabo
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Gabest
2009-12-09 20:31 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Xvid
2009-12-09 20:31 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:30 . 2009-12-09 20:30 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30 . 2009-12-09 20:31 -------- d-----w- c:\program files\AVI ReComp
2009-12-08 20:38 . 2009-12-08 20:38 -------- d-----w- c:\program files\Apowersoft
2009-12-06 13:41 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41 . 2009-12-06 13:41 -------- d-----w- c:\program files\BRS
2009-12-06 13:40 . 2009-12-06 13:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40 . 2009-12-06 13:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40 . 2009-12-06 13:40 -------- d-----w- c:\program files\OpenAL
2009-12-06 13:40 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:12 . 2009-11-27 17:12 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-11-27 17:07 . 2009-11-27 17:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00 . 2009-11-27 17:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Lavasoft
2009-11-27 15:25 . 2009-12-20 15:24 -------- d-----w- c:\program files\ICQToolbar
2009-11-24 19:29 . 2009-11-24 19:30 -------- d-----w- c:\program files\QuickTime
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 15:24 . 2009-09-10 08:39 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-20 12:44 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-19 20:42 . 2009-09-10 15:23 -------- d-----w- c:\program files\Opera
2009-12-11 16:36 . 2009-09-17 07:17 -------- d-----w- c:\program files\Lineage II
2009-12-10 21:26 . 2009-09-13 13:28 -------- d-----w- c:\program files\Fraps
2009-12-09 20:17 . 2009-09-10 09:08 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-12-06 13:24 . 2009-09-10 13:59 -------- d-----w- c:\program files\Codemasters
2009-12-06 13:24 . 2009-09-09 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 16:53 . 2009-09-28 18:05 -------- d-----w- c:\program files\Protege_3.3.1
2009-11-17 17:13 . 2009-11-17 17:13 -------- d-----w- c:\program files\Total Commander
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Corel
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Common Files\Corel
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-04 13:32 . 2009-09-10 08:56 -------- d-----w- c:\program files\Java
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-----w- c:\program files\Webteh
2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\1C Company
2009-10-29 15:36 . 2009-10-29 14:40 -------- d-----w- c:\program files\Rainbow Six Vegas 2
2009-10-29 15:34 . 2009-10-29 15:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34 . 2009-10-29 15:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01 . 2009-10-29 15:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01 . 2009-10-29 15:01 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 09:02 . 2009-09-11 10:33 -------- d-----w- c:\program files\Bus-Simulator 2009
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-09-10 09:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\UC.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\RAR.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\LHA.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\ARJ.PIF
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"NvMediaCenter"="NvMCTray.dll" [2009-03-27 86016]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2009 18:00 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1184912]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.9.2009 22:02 38656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\0hqa3q06.default\
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 16:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\siszyd32.exe 33792 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Amhooker.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-12-20 16:31:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-20 15:31
Před spuštěním: Volných bajtů: 140 732 379 136
Po spuštění: Volných bajtů: 141 533 163 520
- - End Of File - - 9A58346E3C5B697A81CB8C97B338EFA5
ComboFix 09-12-19.03 - Pavel 20.12.2009 16:20:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1438 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\icqtoo~1\toolbaru.dll
c:\program files\icq6toolbar\ICQToolBar.dll
c:\windows\temp\~TMF53.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HPMSFXS
-------\Legacy_ICQ_SERVICE
-------\Service_hpmsfxs
-------\Service_ICQ Service
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.
2009-12-20 11:53 . 2009-12-20 11:53 -------- d-----w- c:\program files\Trend Micro
2009-12-13 09:54 . 2009-12-13 10:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-12 16:46 . 2009-12-12 16:47 -------- d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06 . 2008-07-03 13:26 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06 . 2008-07-03 13:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06 . 2009-12-10 21:06 -------- d-----w- c:\program files\Bobabo
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Gabest
2009-12-09 20:31 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Xvid
2009-12-09 20:31 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:30 . 2009-12-09 20:30 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30 . 2009-12-09 20:31 -------- d-----w- c:\program files\AVI ReComp
2009-12-08 20:38 . 2009-12-08 20:38 -------- d-----w- c:\program files\Apowersoft
2009-12-06 13:41 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41 . 2009-12-06 13:41 -------- d-----w- c:\program files\BRS
2009-12-06 13:40 . 2009-12-06 13:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40 . 2009-12-06 13:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40 . 2009-12-06 13:40 -------- d-----w- c:\program files\OpenAL
2009-12-06 13:40 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:12 . 2009-11-27 17:12 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-11-27 17:07 . 2009-11-27 17:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00 . 2009-11-27 17:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Lavasoft
2009-11-27 15:25 . 2009-12-20 15:24 -------- d-----w- c:\program files\ICQToolbar
2009-11-24 19:29 . 2009-11-24 19:30 -------- d-----w- c:\program files\QuickTime
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 15:24 . 2009-09-10 08:39 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-20 12:44 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-19 20:42 . 2009-09-10 15:23 -------- d-----w- c:\program files\Opera
2009-12-11 16:36 . 2009-09-17 07:17 -------- d-----w- c:\program files\Lineage II
2009-12-10 21:26 . 2009-09-13 13:28 -------- d-----w- c:\program files\Fraps
2009-12-09 20:17 . 2009-09-10 09:08 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-12-06 13:24 . 2009-09-10 13:59 -------- d-----w- c:\program files\Codemasters
2009-12-06 13:24 . 2009-09-09 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 16:53 . 2009-09-28 18:05 -------- d-----w- c:\program files\Protege_3.3.1
2009-11-17 17:13 . 2009-11-17 17:13 -------- d-----w- c:\program files\Total Commander
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Corel
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Common Files\Corel
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-04 13:32 . 2009-09-10 08:56 -------- d-----w- c:\program files\Java
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-----w- c:\program files\Webteh
2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\1C Company
2009-10-29 15:36 . 2009-10-29 14:40 -------- d-----w- c:\program files\Rainbow Six Vegas 2
2009-10-29 15:34 . 2009-10-29 15:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34 . 2009-10-29 15:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01 . 2009-10-29 15:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01 . 2009-10-29 15:01 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 09:02 . 2009-09-11 10:33 -------- d-----w- c:\program files\Bus-Simulator 2009
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-09-10 09:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\UC.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\RAR.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\LHA.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\ARJ.PIF
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"NvMediaCenter"="NvMCTray.dll" [2009-03-27 86016]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2009 18:00 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1184912]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.9.2009 22:02 38656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\0hqa3q06.default\
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 16:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\siszyd32.exe 33792 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Amhooker.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\mHotkey.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-12-20 16:31:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-20 15:31
Před spuštěním: Volných bajtů: 140 732 379 136
Po spuštění: Volných bajtů: 141 533 163 520
- - End Of File - - 9A58346E3C5B697A81CB8C97B338EFA5
Re: svchost.exe 50%
Zjavne to nebolo spravene cele, takze este raz:
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
File::
c:\documents and settings\Pavel\Nabíka Start\Programy\Po spuštění\siszyd32.exe
Folder::
c:\program files\ICQToolbar
c:\program files\ICQ6Toolbar
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: svchost.exe 50%
Takze opet provedeno, zatim teda bez vysledku. Pridavam log z ComboFixu.
ComboFix 09-12-20.08 - Pavel 21.12.2009 20:19:02.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Prográmky\ComboFix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\documents and settings\Pavel\Nabíka Start\Programy\Po spuštění\siszyd32.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.
2009-12-20 11:53 . 2009-12-20 11:53 -------- d-----w- c:\program files\Trend Micro
2009-12-13 09:54 . 2009-12-13 10:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-12 16:46 . 2009-12-12 16:47 -------- d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06 . 2008-07-03 13:26 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06 . 2008-07-03 13:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06 . 2009-12-10 21:06 -------- d-----w- c:\program files\Bobabo
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Gabest
2009-12-09 20:31 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Xvid
2009-12-09 20:31 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:30 . 2009-12-09 20:30 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30 . 2009-12-09 20:31 -------- d-----w- c:\program files\AVI ReComp
2009-12-08 20:38 . 2009-12-08 20:38 -------- d-----w- c:\program files\Apowersoft
2009-12-06 13:41 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41 . 2009-12-06 13:41 -------- d-----w- c:\program files\BRS
2009-12-06 13:40 . 2009-12-06 13:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40 . 2009-12-06 13:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40 . 2009-12-06 13:40 -------- d-----w- c:\program files\OpenAL
2009-12-06 13:40 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:12 . 2009-11-27 17:12 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-11-27 17:07 . 2009-11-27 17:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00 . 2009-11-27 17:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Lavasoft
2009-11-24 19:29 . 2009-11-24 19:30 -------- d-----w- c:\program files\QuickTime
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 12:44 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-19 20:42 . 2009-09-10 15:23 -------- d-----w- c:\program files\Opera
2009-12-11 16:36 . 2009-09-17 07:17 -------- d-----w- c:\program files\Lineage II
2009-12-10 21:26 . 2009-09-13 13:28 -------- d-----w- c:\program files\Fraps
2009-12-09 20:17 . 2009-09-10 09:08 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-12-06 13:24 . 2009-09-10 13:59 -------- d-----w- c:\program files\Codemasters
2009-12-06 13:24 . 2009-09-09 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 16:53 . 2009-09-28 18:05 -------- d-----w- c:\program files\Protege_3.3.1
2009-11-17 17:13 . 2009-11-17 17:13 -------- d-----w- c:\program files\Total Commander
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Corel
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Common Files\Corel
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-04 13:32 . 2009-09-10 08:56 -------- d-----w- c:\program files\Java
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-----w- c:\program files\Webteh
2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\1C Company
2009-10-29 15:36 . 2009-10-29 14:40 -------- d-----w- c:\program files\Rainbow Six Vegas 2
2009-10-29 15:34 . 2009-10-29 15:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34 . 2009-10-29 15:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01 . 2009-10-29 15:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01 . 2009-10-29 15:01 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 09:02 . 2009-09-11 10:33 -------- d-----w- c:\program files\Bus-Simulator 2009
2009-10-29 07:43 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-09-10 09:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\UC.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\RAR.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\LHA.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\ARJ.PIF
.
((((((((((((((((((((((((((((( SnapShot@2009-12-20_15.26.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 19:23 . 2009-12-21 19:23 16384 c:\windows\temp\Perflib_Perfdata_4e8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CHotkey"=mHotkey.exe
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2009 18:00 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.9.2009 22:02 38656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\0hqa3q06.default\
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 20:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\siszyd32.exe 33792 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-12-21 20:27:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-21 19:27
ComboFix2.txt 2009-12-20 15:31
Před spuštěním: Volných bajtů: 143 284 355 072
Po spuštění: Volných bajtů: 143 252 086 784
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - EF7EB9C229D1D9975A48BEA96BE13AE7
ComboFix 09-12-20.08 - Pavel 21.12.2009 20:19:02.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Prográmky\ComboFix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FILE ::
"c:\documents and settings\Pavel\Nabíka Start\Programy\Po spuštění\siszyd32.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-21 do 2009-12-21 )))))))))))))))))))))))))))))))
.
2009-12-20 11:53 . 2009-12-20 11:53 -------- d-----w- c:\program files\Trend Micro
2009-12-13 09:54 . 2009-12-13 10:00 -------- d-----w- c:\program files\ICQ6.5
2009-12-12 16:46 . 2009-12-12 16:47 -------- d-----w- c:\program files\OpenOfficePortable
2009-12-10 21:06 . 2008-07-03 13:26 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2009-12-10 21:06 . 2008-07-03 13:42 9974784 ----a-w- c:\windows\system32\MioPlayer2.dll
2009-12-10 21:06 . 2009-12-10 21:06 -------- d-----w- c:\program files\Bobabo
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Gabest
2009-12-09 20:31 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-09 20:31 . 2009-12-09 20:31 -------- d-----w- c:\program files\Xvid
2009-12-09 20:31 . 2006-11-01 13:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-09 20:30 . 2009-12-09 20:30 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-09 20:30 . 2009-12-09 20:31 -------- d-----w- c:\program files\AVI ReComp
2009-12-08 20:38 . 2009-12-08 20:38 -------- d-----w- c:\program files\Apowersoft
2009-12-06 13:41 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-12-06 13:41 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-12-06 13:41 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-12-06 13:41 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-12-06 13:41 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-12-06 13:41 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-12-06 13:41 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-12-06 13:41 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-12-06 13:41 . 2009-12-06 13:41 -------- d-----w- c:\program files\BRS
2009-12-06 13:40 . 2009-12-06 13:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-06 13:40 . 2009-12-06 13:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-06 13:40 . 2009-12-06 13:40 -------- d-----w- c:\program files\OpenAL
2009-12-06 13:40 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-06 13:40 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-06 13:40 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-06 13:40 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-27 17:12 . 2009-11-27 17:12 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-11-27 17:07 . 2009-11-27 17:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 17:00 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-27 17:00 . 2009-11-27 17:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Lavasoft
2009-11-24 19:29 . 2009-11-24 19:30 -------- d-----w- c:\program files\QuickTime
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Common Files\Apple
2009-11-24 19:27 . 2009-11-24 19:27 -------- d-----w- c:\program files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 12:44 . 2006-03-02 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-20 12:44 . 2006-03-02 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-19 20:42 . 2009-09-10 15:23 -------- d-----w- c:\program files\Opera
2009-12-11 16:36 . 2009-09-17 07:17 -------- d-----w- c:\program files\Lineage II
2009-12-10 21:26 . 2009-09-13 13:28 -------- d-----w- c:\program files\Fraps
2009-12-09 20:17 . 2009-09-10 09:08 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-12-06 13:24 . 2009-09-10 13:59 -------- d-----w- c:\program files\Codemasters
2009-12-06 13:24 . 2009-09-09 21:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 16:53 . 2009-09-28 18:05 -------- d-----w- c:\program files\Protege_3.3.1
2009-11-17 17:13 . 2009-11-17 17:13 -------- d-----w- c:\program files\Total Commander
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Corel
2009-11-09 11:52 . 2009-11-09 11:52 -------- d-----w- c:\program files\Common Files\Corel
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-04 13:32 . 2009-09-10 08:56 -------- d-----w- c:\program files\Java
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-02 12:20 . 2009-11-02 12:20 -------- d-----w- c:\program files\Webteh
2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\1C Company
2009-10-29 15:36 . 2009-10-29 14:40 -------- d-----w- c:\program files\Rainbow Six Vegas 2
2009-10-29 15:34 . 2009-10-29 15:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-29 15:34 . 2009-10-29 15:01 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 15:01 . 2009-10-29 15:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-29 15:01 . 2009-10-29 15:01 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-29 09:02 . 2009-09-11 10:33 -------- d-----w- c:\program files\Bus-Simulator 2009
2009-10-29 07:43 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4F.tmp
2009-10-15 11:44 . 2009-12-06 13:40 809560 ----a-r- c:\windows\system32\tmp2E4E.tmp
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-09-10 09:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\UC.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\RAR.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\LHA.PIF
2009-09-24 06:50 . 2009-11-17 17:13 545 ----a-w- c:\windows\ARJ.PIF
.
((((((((((((((((((((((((((((( SnapShot@2009-12-20_15.26.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 19:23 . 2009-12-21 19:23 16384 c:\windows\temp\Perflib_Perfdata_4e8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 33792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CHotkey"=mHotkey.exe
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.11.2009 18:00 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.9.2009 22:02 38656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\0hqa3q06.default\
FF - prefs.js: browser.startup.homepage - hxxp://speed.travian.cz/dorf1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 20:23
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\siszyd32.exe 33792 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1400)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2009-12-21 20:27:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-21 19:27
ComboFix2.txt 2009-12-20 15:31
Před spuštěním: Volných bajtů: 143 284 355 072
Po spuštění: Volných bajtů: 143 252 086 784
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - EF7EB9C229D1D9975A48BEA96BE13AE7
Re: svchost.exe 50%
Smejd tam ostal...
Novy CFScript.txt, presne podla horeuvedeneho navodu. Tentokrat ale v tomto zneni:
Novy CFScript.txt, presne podla horeuvedeneho navodu. Tentokrat ale v tomto zneni:
Kód: Vybrat vše
KillAll::
File::
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\siszyd32.exeNemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: svchost.exe 50%
Díky moc, problém vyřešen a díky tobě jsem se zbavil dalších asi 10 procesů, které běžely zbytečně.
Takže ještě jednou díky za pomoc
Takže ještě jednou díky za pomoc
Re: svchost.exe 50%
Este vydrz :)
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
1) Docistime to:
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Zpět na “Windows 11, 10, 8...”
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 7 hostů