Vypínání klávesnice, psaní nesmyslných řad čísel a písmen

[calli]

V počítači se mi usadil nějaký prapodivný vir, který si hraje hlavně s klávesnicí . Někdy mi to začne psát velkými písmeny, jinde to píše jiná písmena, než mačkám, pak se klávesnice vypne úplně . Nebo napíšu jedno písmeno a začne vylítávat řada nesmyslných písmen a čísel . Někdy se u toho začnou otevírat i okna prohlížečů . Když počítač vypnu a zapnu, většinou je to v pořádku, někdy ale musím vypnout a zapnout třeba třikrát, než je to v pořádku . Některý den se ta mrcha neprojeví vůbec, jindy třeba dvakrát denně . Projela jsem comp Eset, která našla čtyři infikované soubory, Spyware Terminator našel dokonce šest souborů, ale problém stále trvá . Další infikace mi to už ale neukazuje . Tady jsem udělala log . To Bobo turbo bylo cosi ke spouštění videí nebo zvuku, je v počítači už hodně dlouho, ten by to dělat neměl .

Logfile of HijackThis v1.99.1
Scan saved at 12:12:47, on 5.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\boboturbo\boboturbo.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lapiduch.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {1310EB53-121A-4574-82B0-DA69E5DDD7A4} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {1C64568A-27F0-401C-8FF5-F8C1A4936EA7} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {4134ED76-4559-49BC-8F83-687A7C40500A} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {613B5A5E-58B4-4371-A65B-799CB6704BDE} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {78CE6E98-27C2-4431-A4F6-8FCC2AFC9DA9} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {852FB260-5CBF-44AA-9E68-4A515B8B8448} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Stahuj.cz - {9EE1DCDA-B097-44DE-82C1-A0A691ABEE2F} - http://www.stahuj.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {CF5E0167-873A-4B06-B9B0-C36FC06E7CF5} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {ECC9957D-4D72-4D50-BC09-A6AE942F94E4} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {FFE40017-0A7B-445D-A17D-2C908372B1E6} - http://www.xchat.cz (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} (PhotoUploader Control) - http://foto.droxi.cz/snadno-vlozit-foto ... loader.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.13.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.47.cab
O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBoControl Class) - http://59.39.59.78/software/BoBo_ActiveX_V3.ocx
O23 - Service: BoBoTurbo - ???????????? - C:\WINDOWS\system32\boboturbo\boboturbo.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

[calli]

Moc se omlouvám, nevšimla jsem si, že logy z hijakthisu už ne, tady tedy druhý log, snad už správně .

Logfile of random's system information tool 1.06 (written by random/random)
Run by Calli at 2010-01-05 12:17:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (12%) free of 38 GB
Total RAM: 223 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:47, on 5.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\boboturbo\boboturbo.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Calli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lapiduch.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Centrum.cz - {1310EB53-121A-4574-82B0-DA69E5DDD7A4} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {1C64568A-27F0-401C-8FF5-F8C1A4936EA7} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {4134ED76-4559-49BC-8F83-687A7C40500A} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {613B5A5E-58B4-4371-A65B-799CB6704BDE} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {78CE6E98-27C2-4431-A4F6-8FCC2AFC9DA9} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {852FB260-5CBF-44AA-9E68-4A515B8B8448} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Stahuj.cz - {9EE1DCDA-B097-44DE-82C1-A0A691ABEE2F} - http://www.stahuj.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {CF5E0167-873A-4B06-B9B0-C36FC06E7CF5} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {ECC9957D-4D72-4D50-BC09-A6AE942F94E4} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {FFE40017-0A7B-445D-A17D-2C908372B1E6} - http://www.xchat.cz (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} (PhotoUploader Control) - http://foto.droxi.cz/snadno-vlozit-foto ... loader.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.13.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1 ... oader4.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free- ... 0.0.47.cab
O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} (BoBoControl Class) - http://59.39.59.78/software/BoBo_ActiveX_V3.ocx
O23 - Service: BoBoTurbo - ???????????? - C:\WINDOWS\system32\boboturbo\boboturbo.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7704 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
Flashget Catch Url Class - C:\Program Files\FlashGet\jccatch.dll [2006-12-07 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet - C:\Program Files\FlashGet\fgiebar.dll [2006-11-19 98304]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2002-09-19 110592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-04-20 457728]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2001-12-23 4608]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-04-23 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-28 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\msupdte.exe [2008-11-13 3702]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-18 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\Strong DC\StrongDC.exe"="C:\Program Files\Strong DC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-05 12:17:20 ----D---- C:\Program Files\trend micro
2010-01-05 12:17:14 ----D---- C:\rsit
2009-12-28 12:17:33 ----D---- C:\Documents and Settings\Calli\Data aplikací\Spyware Terminator
2009-12-28 12:16:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2009-12-28 12:16:15 ----D---- C:\Program Files\Spyware Terminator
2009-12-28 11:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-09 11:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 11:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 10:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 10:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 10:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-05 12:17:36 ----D---- C:\Program Files\FlashGet
2010-01-05 12:17:24 ----D---- C:\WINDOWS\Temp
2010-01-05 12:17:20 ----D---- C:\Program Files
2010-01-05 12:17:14 ----D---- C:\WINDOWS\Prefetch
2010-01-05 12:16:23 ----D---- C:\Downloads
2010-01-05 11:50:42 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 11:47:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 20:26:43 ----D---- C:\WINDOWS
2010-01-02 20:59:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-30 20:25:55 ----D---- C:\Program Files\Strong DC
2009-12-28 12:52:59 ----D---- C:\Program Files\ICQ
2009-12-28 12:17:53 ----D---- C:\WINDOWS\system32\drivers
2009-12-28 11:39:07 ----D---- C:\WINDOWS\AppPatch
2009-12-28 11:31:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-28 11:31:32 ----HD---- C:\WINDOWS\inf
2009-12-28 11:30:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-28 11:29:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-28 11:26:58 ----D---- C:\WINDOWS\system32
2009-12-27 18:36:09 ----A---- C:\WINDOWS\WTRDICT.INI
2009-12-27 18:36:01 ----A---- C:\WINDOWS\STXKBDSC.INI
2009-12-20 10:09:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-19 22:53:02 ----HD---- C:\BJPrinter
2009-12-10 20:51:29 ----D---- C:\WINDOWS\Debug
2009-12-10 10:14:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-04-23 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-04-23 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-06-25 12416]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-04-23 40456]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-04-23 71176]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2001-12-23 33548]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-11-16 19200]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-04-23 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2001-12-23 1171488]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2001-12-23 160083]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-06-25 218112]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-18 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-12-23 591536]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 BoBoTurbo;BoBoTurbo; C:\WINDOWS\system32\boboturbo\boboturbo.exe [2008-09-12 210504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-04-23 472320]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2006-11-21 32768]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-28 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-04-23 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-17 8704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\msupdte.exe 

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[calli]

Provedeno, spustil se scan a cosi to našlo a smazalo, tady je log :

ComboFix 10-01-04.01 - Calli 05.01.2010 18:56:08.2.1 - x86
Spuštěný z: c:\documents and settings\Calli\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Calli\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\sazicuwew.vbs
c:\documents and settings\All Users\Dokumenty\yfykubed.inf
c:\documents and settings\Calli\delself.bat
c:\windows\exivugob._sy
c:\windows\system32\msupdte.exe
c:\windows\tydidim.bat
c:\windows\yqofoto._sy

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 11:17 . 2010-01-05 11:17 -------- d-----w- c:\program files\trend micro
2010-01-05 11:17 . 2010-01-05 11:17 -------- d-----w- C:\rsit
2010-01-04 19:26 . 2008-03-03 17:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-12-28 11:17 . 2009-12-28 11:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-28 11:16 . 2009-12-28 11:39 -------- d-----w- c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 17:54 . 2007-04-20 12:38 -------- d-----w- c:\program files\FlashGet
2010-01-05 11:12 . 2009-12-30 19:24 7260 ----a-w- c:\program files\hijackthis.log
2009-12-30 19:25 . 2007-05-01 17:18 -------- d-----w- c:\program files\Strong DC
2009-12-28 11:52 . 2008-02-25 15:54 -------- d-----w- c:\program files\ICQ
2009-12-10 09:14 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 09:14 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2004-08-18 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-21 06:03 . 2004-08-18 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-18 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-18 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-18 12:00 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-18 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-18 12:00 112640 ----a-w- c:\windows\system32\rastls.dll
2009-04-06 06:58 . 2009-04-06 06:58 16794184 ----a-w- c:\program files\59.exe
2009-02-17 11:05 . 2009-02-17 11:05 896 ----a-w- c:\program files\Zástupce - mplayerc.exe.lnk
2008-11-09 15:16 . 2008-11-09 15:16 13404 ----a-w- c:\program files\Common Files\fodujija._sy
2008-11-09 15:16 . 2008-11-09 15:16 11532 ----a-w- c:\program files\Common Files\rijupavore.lib
2008-04-24 15:41 . 2008-04-24 14:27 682 ----a-w- c:\program files\BS.Player FREE.lnk
2008-02-14 13:28 . 2008-02-14 13:28 1392 ----a-w- c:\program files\DivX Movies.lnk
2007-10-11 12:58 . 2007-10-11 12:58 829 ----a-w- c:\program files\ImTOO WMA MP3 Converter.lnk
2007-10-04 21:06 . 2007-10-04 21:06 786 ----a-w- c:\program files\Movie Maker.lnk
2007-09-26 14:02 . 2007-09-26 14:02 428569 ------w- c:\program files\Acquario.zip
2007-08-20 13:43 . 2007-08-20 13:43 1528 ----a-w- c:\program files\Záznam zvuku.lnk
2007-05-08 12:31 . 2007-05-08 12:31 760 ----a-w- c:\program files\VDownloader.lnk
2007-05-01 17:20 . 2007-05-01 17:20 689 ----a-w- c:\program files\StrongDC.lnk
2007-04-22 11:47 . 2007-04-22 11:47 148 ----a-w- c:\program files\options.ini
2007-04-20 15:29 . 2007-04-20 15:29 706 ----a-w- c:\program files\VirtualDub.exe.lnk
2007-04-20 15:11 . 2007-04-20 15:11 709 ----a-w- c:\program files\WMR.exe.lnk
2007-04-20 15:10 . 2007-04-20 15:10 709 ----a-w- c:\program files\RMR.exe.lnk
2007-04-20 14:31 . 2007-04-20 14:31 1533 ----a-w- c:\program files\Macromedia HomeSite+.lnk
2007-04-20 14:29 . 2007-04-20 14:29 1519 ----a-w- c:\program files\Poznámkový blok.lnk
2007-04-20 13:50 . 2007-04-20 13:50 1684 ----a-w- c:\program files\PowerDVD.lnk
2007-04-20 13:49 . 2007-04-20 13:49 1674 ----a-w- c:\program files\Easy-PhotoPrint.lnk
2007-04-20 13:39 . 2007-04-20 13:39 666 ----a-w- c:\program files\Slovník.lnk
2007-04-20 12:48 . 2007-04-20 12:48 846 ----a-w- c:\program files\Downloader.lnk
2007-04-20 11:47 . 2007-04-20 11:47 708 ----a-w- c:\program files\Total Commander.lnk
2007-04-20 11:29 . 2007-04-20 11:29 654 ----a-w- c:\program files\Winamp.lnk
2007-03-26 15:59 . 2007-04-20 11:25 218112 ------w- c:\program files\hijackthis.exe
2008-07-15 12:18 . 2008-07-15 12:18 326 --sh--w- c:\windows\DavicoRmfix.reg
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-28 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-04-20 457728]
"CARPService"="carpserv.exe" [2001-12-23 4608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-04-23 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Strong DC\\StrongDC.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33898:TCP"= 33898:TCP:PORT_33898
"37723:TCP"= 37723:TCP:PORT_37723
"65020:TCP"= 65020:TCP:PORT_65020
"64770:TCP"= 64770:TCP:PORT_64770
"19297:TCP"= 19297:TCP:PORT_19297
"63801:TCP"= 63801:TCP:PORT_63801
"61535:TCP"= 61535:TCP:PORT_61535
"49613:TCP"= 49613:TCP:PORT_49613
"57703:TCP"= 57703:TCP:PORT_57703
"63883:TCP"= 63883:TCP:PORT_63883
"10297:TCP"= 10297:TCP:PORT_10297
"49531:TCP"= 49531:TCP:PORT_49531
"20363:TCP"= 20363:TCP:PORT_20363
"6250:TCP"= 6250:TCP:PORT_6250
"27691:TCP"= 27691:TCP:PORT_27691

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.12.2009 12:17 142592]
R2 BoBoTurbo;BoBoTurbo;c:\windows\system32\BoBoTurbo\BoBoTurbo.exe [12.9.2008 12:03 210504]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [23.4.2008 13:58 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - BootScreen

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lapiduch.cz/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\program files\FlashGet\jc_all.htm
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.droxi.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader.dll
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} - hxxp://59.39.59.78/software/BoBo_ActiveX_V3.ocx
FF - ProfilePath - c:\documents and settings\Calli\Data aplikací\Mozilla\Firefox\Profiles\0na4icf9.calli\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://google.cz
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Microsoft WinUpdate - c:\windows\system32\msupdte.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 19:12
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\carpserv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 19:22:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 18:22
ComboFix2.txt 2008-11-10 14:32

Před spuštěním: 4 779 032 576
Po spuštění: 5 179 121 664

- - End Of File - - 71DDFF1B58BC406883CE548E66913469

[JaRon]

prescanuj/vycisti PC s CureIT - uplna kontrola, potom doinstaluj ServicePack3 a malo by byt hotovo

[calli]

Ok, a hrozně moc díky, zachránil jsi mě !

[JaRon]

rado sa stalo