Kontrola logu - nejde stahovat aktualizace antivirů

Zpráva

otevreljan · #1 Příspěvek od **otevreljan** » 13 led 2010 18:03

zdravím, nedaří se aktualizovat nod a ani přihlásit na jejich web.
Přiložil jsem HijackThis a ComboFix
předem děkuji za pomoc.

Logfile of random's system information tool 1.06 (written by random/random)
Run by honza at 2010-01-12 22:52:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (14%) free of 76 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:30, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
C:\WINXP\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Altap Salamander 2.5\SALAMAND.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\instal\avir\1232551869_sb_anti-downadup-en.exe
C:\Documents and Settings\honza\Local Settings\Temporary Internet Files\Content.IE5\86DDSQRR\RSIT[1].exe
C:\Program Files\trend micro\honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.novinky.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.novinky.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {203525A1-659F-48B1-B4D1-890CD3CCFA13} (FotoStarUploader Control) - http://sberna.fotofinishing.cz/snadno-v ... er-ILT.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5566016703
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://java.tatousek.cz/scripts/73/MSSurVid.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B013DC0-8304-4302-8022-96770268C930}: NameServer = 195.146.96.250,195.146.100.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D02FCC0-D098-4645-957C-679D4EEC98F1}: NameServer = 195.146.96.250,195.146.96.242
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2C937E-6155-4DD2-BE09-2E76029DC895}: NameServer = 195.146.96.250,195.146.100.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINXP\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINXP\system32\drivers\pclepci.sys
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINXP\System32\TuneUpDefragService.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe

--
End of file - 11468 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\1-Click Maintenance.job
C:\WINXP\tasks\20070912_221000_album přírustková.job
C:\WINXP\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"NvCplDaemon"=C:\WINXP\system32\NvCpl.dll [2004-11-15 4616192]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-11 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"ctfmon.exe"=C:\WINXP\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINXP\system32\LMIinit.dll [2008-10-21 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINXP\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoBandCustomize"=
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoFileAssociate"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"
"C:\Program Files\MYIE2\MyIE.exe"="C:\Program Files\MYIE2\MyIE.exe:*:Enabled:MyIE2 Web Browser"
"C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe"="C:\Program Files\EDS\License Servers\UGNXFLEXlm\uglmd.exe:*:Enabled:uglmd"
"C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe"="C:\Program Files\EDS\License Servers\UGNXFLEXlm\lmgrd.exe:*:Enabled:lmgrd"
"C:\UGNX4\UGII\ugraf.exe"="C:\UGNX4\UGII\ugraf.exe:*:Enabled:NX Component"
"C:\Program Files\Altap Salamander 2.5\SALAMAND.exe"="C:\Program Files\Altap Salamander 2.5\SALAMAND.exe:*:Enabled:Altap Salamander, File Manager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINXP\Network Diagnostic\xpnetdiag.exe"="C:\WINXP\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINXP\system32\sessmgr.exe"="C:\WINXP\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-12 22:52:16 ----D---- C:\Program Files\trend micro
2010-01-12 22:52:15 ----D---- C:\rsit
2010-01-08 17:46:23 ----A---- C:\WINXP\WINCMD.INI
2010-01-08 16:36:56 ----D---- C:\Documents and Settings\All Users.WINXP\Data aplikací\ESET
2010-01-08 14:55:58 ----A---- C:\ComboFix.txt
2010-01-08 14:36:32 ----A---- C:\WINXP\MBR.exe
2010-01-08 14:36:25 ----A---- C:\WINXP\PEV.exe
2010-01-08 14:36:24 ----A---- C:\WINXP\zip.exe
2010-01-08 14:36:24 ----A---- C:\WINXP\SWREG.exe
2010-01-08 14:36:23 ----A---- C:\WINXP\sed.exe
2010-01-08 14:36:23 ----A---- C:\WINXP\grep.exe
2010-01-08 14:36:22 ----A---- C:\WINXP\SWXCACLS.exe
2010-01-08 14:36:22 ----A---- C:\WINXP\SWSC.exe
2010-01-01 10:40:58 ----A---- C:\WINXP\ntbtlog.txt
2009-12-31 17:30:22 ----HDC---- C:\WINXP\$NtUninstallWudf01007$
2009-12-31 17:19:08 ----A---- C:\WINXP\ModemLog_Nokia 5800 XpressMusic USB Modem.txt
2009-12-31 17:11:53 ----N---- C:\WINXP\system32\spmsgXP_2k3.dll
2009-12-31 17:11:44 ----HDC---- C:\WINXP\$NtUninstallWdf01007$
2009-12-31 16:57:06 ----D---- C:\Documents and Settings\All Users.WINXP\Data aplikací\PC Suite
2009-12-31 14:21:18 ----D---- C:\Program Files\Common Files\PCSuite
2009-12-31 14:21:10 ----D---- C:\Program Files\Common Files\Nokia
2009-12-31 14:20:43 ----D---- C:\Program Files\PC Connectivity Solution
2009-12-31 14:20:25 ----A---- C:\WINXP\system32\wdfcoinstaller01007.dll
2009-12-31 14:20:25 ----A---- C:\WINXP\system32\nmwcdcocls.dll
2009-12-31 14:20:16 ----A---- C:\WINXP\system32\nmwcdcls.dll
2009-12-31 14:17:02 ----D---- C:\Documents and Settings\All Users.WINXP\Data aplikací\Installations
2009-12-31 10:33:40 ----D---- C:\Intel
2009-12-31 10:08:09 ----D---- C:\Documents and Settings\honza\Data aplikací\Download Manager
2009-12-31 10:03:58 ----D---- C:\Documents and Settings\All Users.WINXP\Data aplikací\DriverScanner
2009-12-31 09:58:12 ----A---- C:\WINXP\utility.INI
2009-12-31 09:58:07 ----A---- C:\WINXP\demo.INI

======List of files/folders modified in the last 1 months======

2010-01-12 22:52:16 ----D---- C:\Program Files
2010-01-12 22:45:30 ----D---- C:\WINXP\Temp
2010-01-12 22:45:22 ----AD---- C:\Temp
2010-01-12 22:44:23 ----D---- C:\instal
2010-01-12 22:32:06 ----D---- C:\Documents and Settings\honza\Data aplikací\Skype
2010-01-12 22:16:29 ----D---- C:\WINXP\Prefetch
2010-01-12 21:49:20 ----D---- C:\WINXP\system32
2010-01-12 21:33:40 ----A---- C:\WINXP\NeroDigital.ini
2010-01-12 21:30:39 ----SHD---- C:\RECYCLER
2010-01-12 21:21:26 ----A---- C:\WINXP\system32\PerfStringBackup.INI
2010-01-12 21:14:08 ----D---- C:\WINXP\security
2010-01-12 21:10:39 ----D---- C:\WINXP\system32\CatRoot2
2010-01-12 21:07:30 ----A---- C:\WINXP\SchedLgU.Txt
2010-01-12 20:25:12 ----D---- C:\Program Files\LogMeIn
2010-01-11 16:07:55 ----D---- C:\Documents and Settings\honza\Data aplikací\skypePM
2010-01-11 16:00:53 ----D---- C:\WINXP\system32\drivers
2010-01-11 16:00:07 ----AD---- C:\WINXP
2010-01-11 16:00:05 ----D---- C:\Zaloha
2010-01-08 16:41:49 ----D---- C:\Program Files\ESET
2010-01-08 16:38:03 ----SHD---- C:\WINXP\Installer
2010-01-08 16:38:01 ----D---- C:\Config.Msi
2010-01-08 16:37:52 ----HD---- C:\WINXP\inf
2010-01-08 16:25:20 ----D---- C:\WINXP\system32\Restore
2010-01-08 14:55:50 ----D---- C:\qoobox
2010-01-08 14:55:00 ----SD---- C:\WINXP\Tasks
2010-01-08 14:54:15 ----D---- C:\WINXP\erdnt
2010-01-08 14:51:14 ----A---- C:\WINXP\system.ini
2010-01-08 14:46:02 ----D---- C:\WINXP\AppPatch
2010-01-08 14:45:59 ----D---- C:\Program Files\Common Files
2010-01-08 14:36:18 ----SHD---- C:\System Volume Information
2010-01-08 13:51:36 ----D---- C:\zaloha_album_nero
2009-12-31 17:19:32 ----D---- C:\Documents and Settings\honza\Data aplikací\Nokia
2009-12-31 17:13:38 ----D---- C:\Lenka
2009-12-31 17:12:36 ----D---- C:\Documents and Settings\honza\Data aplikací\PC Suite
2009-12-31 17:12:21 ----RSHDC---- C:\WINXP\system32\dllcache
2009-12-31 17:12:12 ----SD---- C:\Documents and Settings\All Users.WINXP\Data aplikací\Microsoft
2009-12-31 17:12:02 ----A---- C:\WINXP\imsins.BAK
2009-12-31 14:21:11 ----D---- C:\Program Files\Nokia
2009-12-31 14:20:56 ----DC---- C:\WINXP\system32\DRVSTORE
2009-12-31 11:02:50 ----D---- C:\UGNX4
2009-12-31 10:42:20 ----D---- C:\Documents and Settings\honza\Data aplikací\Uniblue
2009-12-31 10:41:32 ----D---- C:\Program Files\Uniblue
2009-12-31 10:08:47 ----D---- C:\WINXP\system32\config
2009-12-31 10:08:08 ----SD---- C:\WINXP\Downloaded Program Files
2009-12-30 12:40:30 ----D---- C:\WINXP\Help
2009-12-28 15:24:39 ----D---- C:\WINXP\system32\wbem
2009-12-28 15:24:37 ----D---- C:\WINXP\Registration
2009-12-28 15:22:25 ----D---- C:\Program Files\AD Stahovač souborů
2009-12-21 23:51:31 ----D---- C:\vojta
2009-12-21 22:21:05 ----D---- C:\WINXP\network diagnostic
2009-12-16 17:55:32 ----D---- C:\Documents and Settings\honza\Data aplikací\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINXP\System32\drivers\aspi32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINXP\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdir;epfwtdir; C:\WINXP\system32\DRIVERS\epfwtdir.sys [2009-09-11 96408]
R1 InCDPass;InCDPass; C:\WINXP\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINXP\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 intelppm;Řadič procesoru Intel; C:\WINXP\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINXP\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 LStone;%Lime46%; C:\WINXP\system32\DRIVERS\lstone2k.sys [2002-09-12 255601]
R1 MemAlloc;MemAlloc; C:\WINXP\System32\DRIVERS\memalloc.sys [2002-06-21 5543]
R1 NetworkX;NetworkX; C:\WINXP\system32\ckldrv.sys [2000-02-03 24608]
R2 eamon;eamon; C:\WINXP\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINXP\system32\drivers\LMIRfsDriver.sys []
R2 Sentinel;Sentinel; C:\WINXP\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 V7;V7; \??\C:\WINXP\system32\Drivers\V7.SYS []
R3 aeaudio;aeaudio; C:\WINXP\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Aldebaran;RT DVOut; C:\WINXP\System32\Drivers\Aldebaran.sys [2002-08-08 35667]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINXP\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 btaudio;Bluetooth Audio Device; C:\WINXP\system32\drivers\btaudio.sys [2004-03-31 16640]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINXP\system32\DRIVERS\btport.sys [2004-03-31 30235]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINXP\system32\DRIVERS\EL2K_XP.sys [2003-07-17 147328]
R3 hidusb;Ovladač třídy standardu HID; C:\WINXP\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINXP\system32\DRIVERS\lmimirr.sys [2007-04-17 10144]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINXP\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINXP\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINXP\System32\DRIVERS\nv4_mini.sys [2004-11-15 2827008]
R3 pcouffin;VSO Software pcouffin; C:\WINXP\System32\Drivers\pcouffin.sys [2008-11-09 47360]
R3 pfc;Padus ASPI Shell; C:\WINXP\system32\drivers\pfc.sys [2003-09-25 14604]
R3 PinPro2k;PinPro2k; C:\WINXP\system32\DRIVERS\PinPro2v.sys [2002-09-11 63899]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINXP\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 smwdm;smwdm; C:\WINXP\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINXP\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINXP\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINXP\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINXP\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINXP\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 ZSMC211;USB PC Camera (ZS211); C:\WINXP\System32\Drivers\ZS211.sys [2006-07-25 391791]
R4 InCDfs;InCD File System; C:\WINXP\system32\drivers\InCDFs.sys [2007-06-25 119080]
S1 AEC671X;AEC671X; C:\WINXP\System32\drivers\AEC671X.SYS [1998-05-05 12128]
S1 DMX3191;DMX3191; C:\WINXP\System32\drivers\DMX3191.SYS [1999-02-23 17700]
S2 DS1410D;DS1410D; C:\WINXP\SYSTEM32\drivers\DS1410D.SYS []
S2 UDNT;UDNT; C:\WINXP\system32\drivers\UDNT.sys [1998-09-18 76260]
S3 61883;61883 Unit Device; C:\WINXP\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINXP\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;Most MAC; C:\WINXP\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINXP\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINXP\system32\DRIVERS\btwdndis.sys [2004-03-31 146684]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINXP\System32\Drivers\btwusb.sys [2004-03-31 52856]
S3 catchme;catchme; \??\C:\DOCUME~1\honza\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINXP\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINXP\System32\drivers\CDANT.SYS []
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver; C:\WINXP\system32\DRIVERS\EL556ND5.sys [2001-08-17 55999]
S3 el985nd5;3Com Gigabit Ethernet Server NIC (SX/TX); C:\WINXP\system32\DRIVERS\el985n51.sys [2001-10-24 455711]
S3 ENTECH;ENTECH; \??\C:\WINXP\System32\DRIVERS\ENTECH.SYS []
S3 HcPvrUSB;HcPvrUSB.sys Homecast PVR USB driver 2.0.2; C:\WINXP\System32\Drivers\HcPvrUSB.sys [2006-12-14 17664]
S3 MidiSyn;MidiSyn; C:\WINXP\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINXP\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINXP\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINXP\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINXP\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINXP\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv4;nv4; C:\WINXP\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINXP\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINXP\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINXP\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINXP\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINXP\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbprint;Třída USB Printer; C:\WINXP\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINXP\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINXP\system32\DRIVERS\vmnetadapter.sys []
S3 WLAN; Wireless LAN Driver; C:\WINXP\System32\DRIVERS\wlanNDS.sys [2002-01-18 52496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINXP\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINXP\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINXP\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINXP\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINXP\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168]
R2 C-DillaSrv;C-DillaSrv; C:\WINXP\System32\DRIVERS\CDANTSRV.EXE [2002-09-13 46080]
R2 Crypkey License;Crypkey License; C:\WINXP\system32\crypserv.exe [2000-06-29 52224]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 EpsonBidirectionalAgent;EpsonBidirectionalAgent; C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe [2004-06-30 188416]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2003-12-05 73728]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2003-11-30 73838]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-21 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2007-04-17 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MSSQL$IS_K2;MSSQL$IS_K2; C:\Program Files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINXP\system32\nvsvc32.exe [2004-11-15 127043]
S2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S2 UxTuneUp;TuneUp Theme Extension; C:\WINXP\System32\svchost.exe [2008-04-14 14336]
S3 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2004-03-25 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-11 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2003-10-04 68096]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PCLEPCI;PCLEPCI; C:\WINXP\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 SQLAgent$IS_K2;SQLAgent$IS_K2; C:\Program Files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINXP\System32\TuneUpDefragService.exe [2009-12-09 355584]
S3 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd); C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe [2005-10-27 962560]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

ComboFix 10-01-12.02 - honza 12.01.2010 23:20:52.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.426 [GMT 1:00]
Spuštěný z: c:\instal\avir\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 21:52 . 2010-01-12 21:52 -------- d-----w- c:\program files\trend micro
2010-01-12 21:52 . 2010-01-12 21:52 -------- d-----w- C:\rsit
2010-01-12 21:45 . 2010-01-12 21:45 -------- d-----w- c:\temp\av
2009-12-31 16:38 . 2009-12-31 16:38 -------- d-----w- c:\documents and settings\Lenka\Bluetooth Software
2009-12-31 16:12 . 2008-04-13 23:15 26112 -c--a-w- c:\winxp\system32\dllcache\usbser.sys
2009-12-31 16:12 . 2008-04-13 23:15 26112 ----a-w- c:\winxp\system32\drivers\usbser.sys
2009-12-31 16:11 . 2008-03-21 12:57 14640 ------w- c:\winxp\system32\spmsgXP_2k3.dll
2009-12-31 13:21 . 2009-12-31 13:21 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-31 13:21 . 2009-12-31 13:21 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-31 13:20 . 2008-08-26 08:26 18816 ----a-w- c:\winxp\system32\drivers\pccsmcfd.sys
2009-12-31 13:20 . 2009-12-31 13:20 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-31 13:20 . 2009-10-06 10:52 7936 ----a-w- c:\winxp\system32\drivers\usbser_lowerfltj.sys
2009-12-31 13:20 . 2009-10-06 10:52 7936 ----a-w- c:\winxp\system32\drivers\usbser_lowerflt.sys
2009-12-31 13:20 . 2009-10-06 10:52 22016 ----a-w- c:\winxp\system32\drivers\ccdcmbo.sys
2009-12-31 13:20 . 2009-10-06 10:55 1112288 ----a-w- c:\winxp\system32\wdfcoinstaller01007.dll
2009-12-31 13:20 . 2009-10-06 10:52 660480 ----a-w- c:\winxp\system32\nmwcdcocls.dll
2009-12-31 13:20 . 2009-10-06 10:52 17664 ----a-w- c:\winxp\system32\drivers\ccdcmb.sys
2009-12-31 13:20 . 2009-10-06 10:52 91136 ----a-w- c:\winxp\system32\nmwcdcls.dll
2009-12-31 09:33 . 2009-12-31 09:33 -------- d-----w- C:\Intel
2009-12-30 11:27 . 2009-12-30 11:32 284 ----a-w- c:\temp\WMI.vbs
2009-12-28 14:24 . 2009-12-28 14:24 -------- d-----w- c:\winxp\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 22:19 . 2001-10-25 13:00 419556 ----a-w- c:\winxp\system32\perfh005.dat
2010-01-12 22:19 . 2001-10-25 13:00 81838 ----a-w- c:\winxp\system32\perfc005.dat
2010-01-12 20:49 . 2004-08-14 17:22 1960 ----a-w- c:\winxp\system32\d3d9caps.dat
2010-01-12 19:25 . 2007-05-30 15:01 -------- d-----w- c:\program files\LogMeIn
2010-01-08 15:41 . 2004-11-06 17:06 -------- d-----w- c:\program files\ESET
2009-12-31 16:30 . 2009-12-31 16:30 0 ---ha-w- c:\winxp\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-31 16:30 . 2009-12-31 16:30 0 ---ha-w- c:\winxp\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-31 16:12 . 2009-12-31 16:12 0 ---ha-w- c:\winxp\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-31 16:12 . 2009-12-31 16:12 0 ---ha-w- c:\winxp\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-31 13:21 . 2005-01-21 19:47 -------- d-----w- c:\program files\Nokia
2009-12-31 09:41 . 2007-11-19 21:06 -------- d-----w- c:\program files\Uniblue
2009-12-28 14:22 . 2009-03-27 15:42 -------- d-----w- c:\program files\AD Stahovač souborů
2009-12-09 20:51 . 2009-12-09 20:51 -------- d-----w- c:\program files\Cymphonix
2009-12-09 20:49 . 2009-12-09 20:47 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-09 20:48 . 2009-12-09 20:48 355584 ----a-w- c:\winxp\system32\TuneUpDefragService.exe
2009-12-09 20:46 . 2003-12-15 18:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-09 20:41 . 2004-04-14 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 20:40 . 2007-11-28 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-09 20:32 . 2008-03-19 19:30 -------- d-----w- c:\program files\TuxPaint
2009-12-09 20:30 . 2009-05-31 08:05 -------- d-----w- c:\program files\PexesoMaker Professional Edition
2009-12-04 16:27 . 2009-12-04 16:27 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:27 . 2005-12-21 20:16 -------- d-----r- c:\program files\Skype
2009-12-03 19:01 . 2008-11-09 13:55 -------- d-----w- c:\program files\CloneDVD
2009-12-03 16:54 . 2009-11-29 17:01 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-29 17:16 . 2009-11-29 17:16 -------- d-----w- c:\program files\Media Player Classic
2009-11-29 16:59 . 2003-04-04 11:26 -------- d-----w- c:\program files\QuickTime
2009-10-29 07:43 . 2004-08-23 18:35 916480 ------w- c:\winxp\system32\wininet.dll
2009-10-21 05:40 . 2004-10-30 09:38 25088 ----a-w- c:\winxp\system32\httpapi.dll
2009-10-21 05:40 . 2004-10-30 09:38 75776 ----a-w- c:\winxp\system32\strmfilt.dll
2009-10-20 16:20 . 2004-10-30 09:38 265728 ------w- c:\winxp\system32\drivers\http.sys
2004-11-06 15:24 . 2004-11-06 15:24 220 --sh--w- c:\winxp\dwin.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-08_13.51.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-12 22:15 . 2010-01-12 22:15 16384 c:\winxp\Temp\Perflib_Perfdata_840.dat
+ 2010-01-12 22:15 . 2010-01-12 22:15 16384 c:\winxp\Temp\Perflib_Perfdata_1c4.dat
+ 2001-10-25 13:00 . 2010-01-12 22:19 70600 c:\winxp\system32\perfc009.dat
- 2001-10-25 13:00 . 2010-01-07 15:36 70600 c:\winxp\system32\perfc009.dat
+ 2009-09-11 06:26 . 2009-09-11 06:26 96408 c:\winxp\system32\drivers\epfwtdir.sys
+ 2010-01-08 15:38 . 2010-01-08 15:38 10134 c:\winxp\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
- 2001-10-25 13:00 . 2010-01-07 15:36 421798 c:\winxp\system32\perfh009.dat
+ 2001-10-25 13:00 . 2010-01-12 22:19 421798 c:\winxp\system32\perfh009.dat
+ 2009-09-11 06:23 . 2009-09-11 06:23 108792 c:\winxp\system32\drivers\ehdrv.sys
+ 2009-09-11 06:17 . 2009-09-11 06:17 116008 c:\winxp\system32\drivers\eamon.sys
+ 2010-01-08 15:38 . 2010-01-08 15:38 101480 c:\winxp\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
+ 2010-01-08 15:37 . 2010-01-08 15:37 1138176 c:\winxp\Installer\2b501.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2004-11-15 4616192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-21 10:19 87352 ----a-w- c:\winxp\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\winxp\system32\ctfmon.exe
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\MYIE2\\MyIE.exe"=
"c:\\Program Files\\EDS\\License Servers\\UGNXFLEXlm\\uglmd.exe"=
"c:\\Program Files\\EDS\\License Servers\\UGNXFLEXlm\\lmgrd.exe"=
"c:\\UGNX4\\UGII\\ugraf.exe"=
"c:\\Program Files\\Altap Salamander 2.5\\SALAMAND.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINXP\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINXP\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Hpt3xx2K;Hpt3xx2K;c:\winxp\system32\drivers\Hpt3xx2K.sys [20.2.2004 22:42 22490]
R1 ehdrv;ehdrv;c:\winxp\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\winxp\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R1 LStone;%Lime46%;c:\winxp\system32\drivers\LStone2k.sys [15.10.2007 19:25 255601]
R1 MemAlloc;MemAlloc;c:\winxp\system32\drivers\MemAlloc.sys [15.10.2007 19:25 5543]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.4.2007 13:00 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\winxp\system32\drivers\LMIRfsDriver.sys [30.5.2007 16:01 47640]
R2 MSSQL$IS_K2;MSSQL$IS_K2;c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe -sIS_K2 --> c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe -sIS_K2 [?]
R2 V7;V7;c:\winxp\system32\drivers\V7.SYS [6.11.2004 16:13 7196]
R3 Aldebaran;RT DVOut;c:\winxp\system32\drivers\Aldebaran.sys [15.10.2007 19:21 35667]
R3 PinPro2k;PinPro2k;c:\winxp\system32\drivers\PinPro2v.sys [15.10.2007 19:26 63899]
S0 hptpro;hptpro;c:\winxp\system32\drivers\hptpro.sys [4.4.2003 8:33 9490]
S1 AEC671X;AEC671X;c:\winxp\system32\drivers\aec671x.sys [16.10.2005 9:45 12128]
S1 DMX3191;DMX3191;c:\winxp\system32\drivers\dmx3191.sys [16.10.2005 9:45 17700]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S2 UDNT;UDNT;c:\winxp\system32\drivers\udnt.sys [16.10.2005 9:45 76260]
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\winxp\system32\drivers\EL556ND5.sys [26.5.2007 13:38 55999]
S3 el985nd5;3Com Gigabit Ethernet Server NIC (SX/TX);c:\winxp\system32\drivers\el985n51.sys [18.6.2007 17:42 455711]
S3 HcPvrUSB;HcPvrUSB.sys Homecast PVR USB driver 2.0.2;c:\winxp\system32\drivers\HcPvrUSB.sys [11.2.2008 20:48 17664]
S3 SQLAgent$IS_K2;SQLAgent$IS_K2;c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlagent.EXE -i IS_K2 --> c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlagent.EXE -i IS_K2 [?]
S3 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe [27.10.2005 11:34 962560]
S3 WLAN; Wireless LAN Driver;c:\winxp\system32\drivers\wlanNDS.sys [18.1.2002 2:01 52496]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-12 c:\winxp\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-01-12 c:\winxp\Tasks\20070912_221000_album přírustková.job
- c:\program files\Nero\Nero 7\Nero BackItUp\BackItUp.exe [2007-06-29 17:16]

2010-01-12 c:\winxp\Tasks\WGASetup.job
- c:\winxp\system32\KB905474\wgasetup.exe [2009-08-29 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.novinky.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz
TCP: {1B013DC0-8304-4302-8022-96770268C930} = 195.146.96.250,195.146.100.5
TCP: {9D02FCC0-D098-4645-957C-679D4EEC98F1} = 195.146.96.250,195.146.96.242
TCP: {CA2C937E-6155-4DD2-BE09-2E76029DC895} = 195.146.96.250,195.146.100.5
DPF: {203525A1-659F-48B1-B4D1-890CD3CCFA13} - hxxp://sberna.fotofinishing.cz/snadno-vlozit-fotografie/FotofinishingPhotoUploader-ILT.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 23:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F80627F-075B-BBA7-5271-7F3F1A19EE5C}*]
"pagfckemjkbmfkfcgfpopfkcfifjnpgo"=hex:61,62,64,64,6b,64,6c,70,70,61,63,62,6b,
6c,6e,65,70,70,64,70,6b,65,6b,6a,65,63,6d,6d,70,6e,6f,66,69,6f,00,00

[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA5471D9-5F48-ED1E-D29C-75D78A0941F2}*]
"paadoaakajpofmboogdlfeihkcpgeknf"=hex:61,62,6c,6e,6b,70,66,6a,62,6b,6b,67,61,
70,6a,65,6e,69,6c,64,6f,62,6b,65,67,63,6a,67,6b,6d,67,67,6d,65,00,00

[HKEY_LOCAL_MACHINE\software\Atelier Web\AWRC***]
"HD"="??????D"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\winxp\system32\LMIinit.dll
c:\winxp\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(592)
c:\winxp\system32\webcheck.dll
c:\winxp\system32\WPDShServiceObj.dll
c:\winxp\system32\PortableDeviceTypes.dll
c:\winxp\system32\PortableDeviceApi.dll
c:\winxp\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-01-12 23:33:51
ComboFix-quarantined-files.txt 2010-01-12 22:33
ComboFix2.txt 2010-01-08 13:55
ComboFix3.txt 2007-11-12 20:53

Před spuštěním: Volných bajtů: 11 490 684 928
Po spuštění: Volných bajtů: 11 438 202 880

- - End Of File - - A6111C13A8F008160CDCA251808AD361

#2 Příspěvek od **Rudy** » 13 led 2010 20:25

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F80627F-075B-BBA7-5271-7F3F1A19EE5C}*]
[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA5471D9-5F48-ED1E-D29C-75D78A0941F2}*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

otevreljan · #3 Příspěvek od **otevreljan** » 13 led 2010 21:38

provedl jsem to, restartoval jsem PC a nod nemůžu stále aktualizovat ani se nedostanu na jejich web.

ComboFix 10-01-13.06 - honza 13.01.2010 20:56:47.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.523 [GMT 1:00]
Spuštěný z: c:\documents and settings\honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\honza\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 17:53 . 2010-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2010-01-13 17:35 . 2010-01-07 15:07 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2010-01-13 17:35 . 2010-01-07 15:07 19160 ----a-w- c:\winxp\system32\drivers\mbam.sys
2010-01-13 17:35 . 2010-01-13 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:52 . 2010-01-12 21:52 -------- d-----w- c:\program files\trend micro
2010-01-12 21:52 . 2010-01-12 21:52 -------- d-----w- C:\rsit
2010-01-12 21:45 . 2010-01-12 21:45 -------- d-----w- c:\temp\av
2009-12-31 16:38 . 2009-12-31 16:38 -------- d-----w- c:\documents and settings\Lenka\Bluetooth Software
2009-12-31 16:12 . 2008-04-13 23:15 26112 -c--a-w- c:\winxp\system32\dllcache\usbser.sys
2009-12-31 16:12 . 2008-04-13 23:15 26112 ----a-w- c:\winxp\system32\drivers\usbser.sys
2009-12-31 16:11 . 2008-03-21 12:57 14640 ------w- c:\winxp\system32\spmsgXP_2k3.dll
2009-12-31 13:21 . 2009-12-31 13:21 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-31 13:21 . 2009-12-31 13:21 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-31 13:20 . 2008-08-26 08:26 18816 ----a-w- c:\winxp\system32\drivers\pccsmcfd.sys
2009-12-31 13:20 . 2009-12-31 13:20 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-31 13:20 . 2009-10-06 10:52 7936 ----a-w- c:\winxp\system32\drivers\usbser_lowerfltj.sys
2009-12-31 13:20 . 2009-10-06 10:52 7936 ----a-w- c:\winxp\system32\drivers\usbser_lowerflt.sys
2009-12-31 13:20 . 2009-10-06 10:52 22016 ----a-w- c:\winxp\system32\drivers\ccdcmbo.sys
2009-12-31 13:20 . 2009-10-06 10:55 1112288 ----a-w- c:\winxp\system32\wdfcoinstaller01007.dll
2009-12-31 13:20 . 2009-10-06 10:52 660480 ----a-w- c:\winxp\system32\nmwcdcocls.dll
2009-12-31 13:20 . 2009-10-06 10:52 17664 ----a-w- c:\winxp\system32\drivers\ccdcmb.sys
2009-12-31 13:20 . 2009-10-06 10:52 91136 ----a-w- c:\winxp\system32\nmwcdcls.dll
2009-12-31 09:33 . 2009-12-31 09:33 -------- d-----w- C:\Intel
2009-12-30 11:27 . 2009-12-30 11:32 284 ----a-w- c:\temp\WMI.vbs
2009-12-28 14:24 . 2009-12-28 14:24 -------- d-----w- c:\winxp\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 19:29 . 2004-08-14 17:22 1960 ----a-w- c:\winxp\system32\d3d9caps.dat
2010-01-13 16:34 . 2001-10-25 13:00 81838 ----a-w- c:\winxp\system32\perfc005.dat
2010-01-13 16:34 . 2001-10-25 13:00 419556 ----a-w- c:\winxp\system32\perfh005.dat
2010-01-13 16:30 . 2007-05-30 15:01 -------- d-----w- c:\program files\LogMeIn
2010-01-08 15:41 . 2004-11-06 17:06 -------- d-----w- c:\program files\ESET
2009-12-31 16:30 . 2009-12-31 16:30 0 ---ha-w- c:\winxp\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-31 16:30 . 2009-12-31 16:30 0 ---ha-w- c:\winxp\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-31 16:12 . 2009-12-31 16:12 0 ---ha-w- c:\winxp\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-31 16:12 . 2009-12-31 16:12 0 ---ha-w- c:\winxp\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-31 13:21 . 2005-01-21 19:47 -------- d-----w- c:\program files\Nokia
2009-12-31 09:41 . 2007-11-19 21:06 -------- d-----w- c:\program files\Uniblue
2009-12-28 14:22 . 2009-03-27 15:42 -------- d-----w- c:\program files\AD Stahovač souborů
2009-12-09 20:51 . 2009-12-09 20:51 -------- d-----w- c:\program files\Cymphonix
2009-12-09 20:49 . 2009-12-09 20:47 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-09 20:48 . 2009-12-09 20:48 355584 ----a-w- c:\winxp\system32\TuneUpDefragService.exe
2009-12-09 20:46 . 2003-12-15 18:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-09 20:41 . 2004-04-14 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 20:40 . 2007-11-28 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-09 20:32 . 2008-03-19 19:30 -------- d-----w- c:\program files\TuxPaint
2009-12-09 20:30 . 2009-05-31 08:05 -------- d-----w- c:\program files\PexesoMaker Professional Edition
2009-12-04 16:27 . 2009-12-04 16:27 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 16:27 . 2005-12-21 20:16 -------- d-----r- c:\program files\Skype
2009-12-03 19:01 . 2008-11-09 13:55 -------- d-----w- c:\program files\CloneDVD
2009-12-03 16:54 . 2009-11-29 17:01 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-29 17:16 . 2009-11-29 17:16 -------- d-----w- c:\program files\Media Player Classic
2009-11-29 16:59 . 2003-04-04 11:26 -------- d-----w- c:\program files\QuickTime
2009-10-29 07:43 . 2004-08-23 18:35 916480 ------w- c:\winxp\system32\wininet.dll
2009-10-21 05:40 . 2004-10-30 09:38 25088 ----a-w- c:\winxp\system32\httpapi.dll
2009-10-21 05:40 . 2004-10-30 09:38 75776 ----a-w- c:\winxp\system32\strmfilt.dll
2009-10-20 16:20 . 2004-10-30 09:38 265728 ------w- c:\winxp\system32\drivers\http.sys
2004-11-06 15:24 . 2004-11-06 15:24 220 --sh--w- c:\winxp\dwin.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-08_13.51.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-13 16:30 . 2010-01-13 16:30 16384 c:\winxp\Temp\Perflib_Perfdata_6b8.dat
+ 2010-01-13 16:30 . 2010-01-13 16:30 16384 c:\winxp\Temp\Perflib_Perfdata_1c8.dat
+ 2001-10-25 13:00 . 2010-01-13 16:34 70600 c:\winxp\system32\perfc009.dat
- 2001-10-25 13:00 . 2010-01-07 15:36 70600 c:\winxp\system32\perfc009.dat
+ 2009-09-11 06:26 . 2009-09-11 06:26 96408 c:\winxp\system32\drivers\epfwtdir.sys
+ 2010-01-08 15:38 . 2010-01-08 15:38 10134 c:\winxp\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
- 2001-10-25 13:00 . 2010-01-07 15:36 421798 c:\winxp\system32\perfh009.dat
+ 2001-10-25 13:00 . 2010-01-13 16:34 421798 c:\winxp\system32\perfh009.dat
+ 2009-09-11 06:23 . 2009-09-11 06:23 108792 c:\winxp\system32\drivers\ehdrv.sys
+ 2009-09-11 06:17 . 2009-09-11 06:17 116008 c:\winxp\system32\drivers\eamon.sys
+ 2010-01-08 15:38 . 2010-01-08 15:38 101480 c:\winxp\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
+ 2010-01-08 15:37 . 2010-01-08 15:37 1138176 c:\winxp\Installer\2b501.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2004-11-15 4616192]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-21 10:19 87352 ----a-w- c:\winxp\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\winxp\system32\ctfmon.exe
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\MYIE2\\MyIE.exe"=
"c:\\Program Files\\EDS\\License Servers\\UGNXFLEXlm\\uglmd.exe"=
"c:\\Program Files\\EDS\\License Servers\\UGNXFLEXlm\\lmgrd.exe"=
"c:\\UGNX4\\UGII\\ugraf.exe"=
"c:\\Program Files\\Altap Salamander 2.5\\SALAMAND.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINXP\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINXP\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Hpt3xx2K;Hpt3xx2K;c:\winxp\system32\drivers\Hpt3xx2K.sys [20.2.2004 22:42 22490]
R1 ehdrv;ehdrv;c:\winxp\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\winxp\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R1 LStone;%Lime46%;c:\winxp\system32\drivers\LStone2k.sys [15.10.2007 19:25 255601]
R1 MemAlloc;MemAlloc;c:\winxp\system32\drivers\MemAlloc.sys [15.10.2007 19:25 5543]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.4.2007 13:00 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\winxp\system32\drivers\LMIRfsDriver.sys [30.5.2007 16:01 47640]
R2 MSSQL$IS_K2;MSSQL$IS_K2;c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe -sIS_K2 --> c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlservr.exe -sIS_K2 [?]
R2 V7;V7;c:\winxp\system32\drivers\V7.SYS [6.11.2004 16:13 7196]
R3 Aldebaran;RT DVOut;c:\winxp\system32\drivers\Aldebaran.sys [15.10.2007 19:21 35667]
R3 PinPro2k;PinPro2k;c:\winxp\system32\drivers\PinPro2v.sys [15.10.2007 19:26 63899]
S0 hptpro;hptpro;c:\winxp\system32\drivers\hptpro.sys [4.4.2003 8:33 9490]
S1 AEC671X;AEC671X;c:\winxp\system32\drivers\aec671x.sys [16.10.2005 9:45 12128]
S1 DMX3191;DMX3191;c:\winxp\system32\drivers\dmx3191.sys [16.10.2005 9:45 17700]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S2 UDNT;UDNT;c:\winxp\system32\drivers\udnt.sys [16.10.2005 9:45 76260]
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\winxp\system32\drivers\EL556ND5.sys [26.5.2007 13:38 55999]
S3 el985nd5;3Com Gigabit Ethernet Server NIC (SX/TX);c:\winxp\system32\drivers\el985n51.sys [18.6.2007 17:42 455711]
S3 HcPvrUSB;HcPvrUSB.sys Homecast PVR USB driver 2.0.2;c:\winxp\system32\drivers\HcPvrUSB.sys [11.2.2008 20:48 17664]
S3 SQLAgent$IS_K2;SQLAgent$IS_K2;c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlagent.EXE -i IS_K2 --> c:\program files\Microsoft SQL Server\MSSQL$IS_K2\Binn\sqlagent.EXE -i IS_K2 [?]
S3 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe [27.10.2005 11:34 962560]
S3 WLAN; Wireless LAN Driver;c:\winxp\system32\drivers\wlanNDS.sys [18.1.2002 2:01 52496]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-13 c:\winxp\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-01-13 c:\winxp\Tasks\20070912_221000_album přírustková.job
- c:\program files\Nero\Nero 7\Nero BackItUp\BackItUp.exe [2007-06-29 17:16]

2010-01-13 c:\winxp\Tasks\WGASetup.job
- c:\winxp\system32\KB905474\wgasetup.exe [2009-08-29 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.novinky.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz
TCP: {1B013DC0-8304-4302-8022-96770268C930} = 195.146.96.250,195.146.100.5
TCP: {9D02FCC0-D098-4645-957C-679D4EEC98F1} = 195.146.96.250,195.146.96.242
TCP: {CA2C937E-6155-4DD2-BE09-2E76029DC895} = 195.146.96.250,195.146.100.5
DPF: {203525A1-659F-48B1-B4D1-890CD3CCFA13} - hxxp://sberna.fotofinishing.cz/snadno-vlozit-fotografie/FotofinishingPhotoUploader-ILT.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 21:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2052111302-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Atelier Web\AWRC***]
"HD"="??????D"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\winxp\system32\LMIinit.dll
c:\winxp\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2228)
c:\winxp\system32\webcheck.dll
c:\winxp\system32\WPDShServiceObj.dll
c:\winxp\system32\PortableDeviceTypes.dll
c:\winxp\system32\PortableDeviceApi.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\Zoner\Media Explorer 5\Program\ShellExt5.dll
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Nero\Nero 7\InCD\InCDshx.dll
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\winxp\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-01-13 21:09:36
ComboFix-quarantined-files.txt 2010-01-13 20:09
ComboFix2.txt 2010-01-12 22:33
ComboFix3.txt 2010-01-08 13:55
ComboFix4.txt 2007-11-12 20:53

Před spuštěním: Volných bajtů: 11 478 687 744
Po spuštění: Volných bajtů: 11 431 297 024

- - End Of File - - 78E10C94CC7A75556DAF8A972029D23C

#4 Příspěvek od **Rudy** » 13 led 2010 22:54

Stáhněte a spusťte IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte log z Process a KernelModule.

otevreljan · #5 Příspěvek od **otevreljan** » 14 led 2010 19:01

Zdravím, IceSword se nepodařilo spustit. Po spuštění se neděje nic ani žádná chyba.

#6 Příspěvek od **Rudy** » 14 led 2010 19:27

Zkuste AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

otevreljan · #7 Příspěvek od **otevreljan** » 14 led 2010 23:41

už se to podařilo, nešlo to ani stáhnout, musel jsem z jiného compu.

Autoscan: completed 4 minutes ago (events: 5, objects: 2877, time: 00:00:15)
14.1.2010 20:40:40 Task started
14.1.2010 20:46:42 Detected: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:16:10 Task stopped
14.1.2010 23:34:47 Task started
14.1.2010 23:35:02 Task completed
Disinfect active threats: completed 10 minutes ago (events: 7, objects: 3317, time: 00:12:56)
14.1.2010 23:16:10 Task started
14.1.2010 23:16:11 Detected: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:17:55 Deleted: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:21:34 Detected: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:23:43 Deleted: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:23:43 Deleted: Trojan-PSW.Win32.Kates.ar C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak
14.1.2010 23:29:07 Task completed

otevreljan · #8 Příspěvek od **otevreljan** » 15 led 2010 17:38

aktualizace stále nejdou, soubor který našel AVPTool jsem dal otestovat na http://www.virustotal.com
Zde je výsledek. Jak se toho zbavit?

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.15 Trojan-PWS.Win32.Kates!IK
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 TR/Spy.Gen2
Antiy-AVL 2.0.3.7 2010.01.12 Trojan/Win32.Kates.gen
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 Win32:Trojan-gen
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 TrojanPSW.Kates.ar
ClamAV 0.94.1 2010.01.15 -
Comodo 3592 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 Win32/Kates!generic
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Daonol.gen!J
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.01.15 Trojan-PWS.Win32.Kates
Jiangmin 13.0.900 2010.01.15 Trojan/PSW.Kates.fr
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 Trojan-PSW.Win32.Kates.ar
McAfee 5861 2010.01.14 Lando
McAfee+Artemis 5861 2010.01.14 Lando
McAfee-GW-Edition 6.8.5 2010.01.15 Heuristic.LooksLike.Trojan.PSW.Kates.H
Microsoft 1.5302 2010.01.15 Trojan:Win32/Daonol.H
NOD32 4775 2010.01.15 a variant of Win32/Daonol.AO
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 Trojan-PWS/W32.Daonol.29184.I
Panda 10.0.2.2 2010.01.15 Trj/Kates.G
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 Medium Risk Malware
Rising 22.30.04.04 2010.01.15 Trojan.Clicker.Win32.Delf.bks
Sophos 4.49.0 2010.01.15 Mal/Kates-A
Sunbelt 3.2.1858.2 2010.01.15 Trojan.Win32.Daonol.Gen.1 (v)
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 Trojan/PSW.Kates.ar
TrendMicro 9.120.0.1004 2010.01.15 TSPY_KATES.SMOD
VBA32 3.12.12.1 2010.01.15 Trojan-PSW.Win32.Kates.ar
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Rozšiřující informace
File size: 29184 bytes
MD5...: 76bee8d2a425893099c444fc9ba61eb4
SHA1..: 10782e8ac3b06ee4d5814b6bc3fd464e64cc0cf8
SHA256: 8119aa6aecb886381ec48011334757c1c098912274e3e687c6e0e98861538874
ssdeep: 768:pljP4cuMnNFoaGtnx4lA+Jz3inKnNzsn6S2PWJ:pljP4croau4PNinKnlsf2
uJ

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x71d0
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x62a4 0x6400 7.06 89e5c25287a9d85e9961562f01133255
DATA 0x8000 0x4 0x200 0.07 1d7d80e8b5ce8c86e7c833467964b6ae
BSS 0x9000 0xd 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xa000 0x316 0x400 3.86 3764476279dfe9d729bc3949b598e3cf
.reloc 0xb000 0xb4 0x200 2.45 8c8ed32d6f470afd9f46b6f2a6c6cd7e
.rsrc 0xc000 0x180 0x200 2.67 2848da0bbca052220104d14a2a9848c9

( 2 imports )
> kernel32.dll: GetPrivateProfileStructW, VerLanguageNameW, VerLanguageNameA, ReleaseMutex, IsDBCSLeadByteEx, HeapFree, HeapCompact, GlobalHandle, GlobalLock, GetUserDefaultLangID, GetStringTypeW, GetFileAttributesExW, GetConsoleTitleW, GetConsoleScreenBufferInfo, GetComputerNameA, GetAtomNameA, InterlockedIncrement, InterlockedExchange, FillConsoleOutputCharacterW, CreateDirectoryA, CloseHandle, BeginUpdateResourceA
> user32.dll: ShowOwnedPopups, SetWindowsHookW, SetMessageExtraInfo, SendNotifyMessageW, RegisterClipboardFormatA, GetMenu, GetCursorPos

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (55.4%)
Win16/32 Executable Delphi generic (15.1%)
Generic Win/DOS Executable (14.6%)
DOS Executable Generic (14.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: ________________
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext. ... 003BA2B3BA' target='_blank'>http://info.prevx.com/aboutprogramtext. ... BA2B3BA</a>

#9 Příspěvek od **Rudy** » 15 led 2010 20:03

Podle logu ho AVPTool smazal.

otevreljan · #10 Příspěvek od **otevreljan** » 15 led 2010 20:14

zdravím, bohužel asi ne, ten soubor tam je fyzicky pořád a když ho dam smazat ručně tak se tam zase sám vytvoří. A připojit se na aktualizaci antiviru nejde...

#11 Příspěvek od **Rudy** » 15 led 2010 20:55

Spusťte CF v nouz. režimu tímto skriptem:

Collect::
C:\Program Files\Adobe\Acrobat 7.0\mkbnf.bak

otevreljan · #12 Příspěvek od **otevreljan** » 15 led 2010 22:01

Už je to snad všechno v pořádku. Soubor je smazán a aktualizace fungují!
Moc děkuji za pomoc.

#13 Příspěvek od **Rudy** » 15 led 2010 22:50

Ještě bych vám doporučil přeinstalovat AdobeAcrobat poslední verzí, tj. v.9. Nemáte zač!

VIRY.CZ

Kontrola logu - nejde stahovat aktualizace antivirů

Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů

Re: Kontrola logu - nejde stahovat aktualizace antivirů