Rootkit

[Joskaboy]

Vzdy po spustení pc mi nabehne avast s nejakym rootkitem cleandisk.exe dam smazat restart a hned po spusteni dalsi den je to znovu??!

[Unlimited_Killer]

Prosím o RSIT log.

~~~

Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
(pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt).
Obsah tohoto logu vložte do svého příspěvku.

[Joskaboy]

Logfile of random's system information tool 1.06 (written by random/random)
Run by xxx at 2010-01-06 14:54:47
WIN_XP Service Pack 2
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:56, on 6.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sn\SN Update.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\sn\SN Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\games\valve2\steam\steam.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Games\Curse\CurseClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Games\icq\ICQ6.5\ICQ.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xxx\Plocha\RSIT.exe
C:\Program Files\trend micro\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 78.102.156.179 l2authd.lineage2.com
O1 - Hosts: 78.102.156.179 l2testauthd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Games\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\games\valve2\steam\steam.exe" -silent
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Games\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [SNUpdate] C:\WINDOWS\sn\SN Update.exe
O4 - HKCU\..\Policies\Explorer\Run: [SNUpdate] C:\WINDOWS\sn\SN Update.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [CurseClient] C:\Games\Curse\CurseClient.exe -silent (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-842925246-725345543-1003\..\Policies\Explorer\Run: [SNUpdate] C:\WINDOWS\sn\SN Update.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1004336348-842925246-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Games\icq\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Games\icq\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12837 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-25 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-25 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2005-03-02 278528]
"Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-18 45056]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-13 149280]
"QuickTime Task"=C:\Games\QuickTime\qttask.exe [2008-11-04 413696]
"hp 1000 firmware"=C:\Program Files\hp LaserJet 1000\fwdl.exe [2001-08-02 36864]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"SNUpdate"=C:\WINDOWS\sn\SN Update.exe [2006-06-30 544768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-22 94208]
"Steam"=c:\games\valve2\steam\steam.exe [2009-10-24 1217808]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-02-08 95800]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"CurseClient"=C:\Games\Curse\CurseClient.exe [2009-07-24 1935360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"SNUpdate"=C:\WINDOWS\sn\SN Update.exe [2006-06-30 544768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\xxx\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Games\Hamachi\hamachi.exe"="C:\Games\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Games\icq\ICQ.exe"="C:\Games\icq\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Games\icq\ICQ6\ICQ.exe"="C:\Games\icq\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\Valve2\Steam\SteamApps\joskaboy\counter-strike\hl.exe"="C:\Games\Valve2\Steam\SteamApps\joskaboy\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\Valve2\Steam\SteamApps\joskaboy\condition zero\hl.exe"="C:\Games\Valve2\Steam\SteamApps\joskaboy\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\America's Army\System\ArmyOps.exe"="C:\Games\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Games\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"="C:\Games\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Games\Electronic Arts\Red Alert 3\Data\ra3_1.4.game"="C:\Games\Electronic Arts\Red Alert 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Documents and Settings\xxx\Dokumenty\Pepa\Opera.exe"="C:\Documents and Settings\xxx\Dokumenty\Pepa\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Games\RoN\rise.exe"="C:\Games\RoN\rise.exe:*:Enabled:Rise of Nations"
"C:\Documents and Settings\xxx\Local Settings\Temp\Blizzard Launcher Temporary - a9178190\Launcher.exe"="C:\Documents and Settings\xxx\Local Settings\Temp\Blizzard Launcher Temporary - a9178190\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Games\Virgin Interactive\Original War\OwarFull.DLL"="C:\Games\Virgin Interactive\Original War\OwarFull.DLL:*:Enabled:OwarFull"
"C:\Games\Virgin Interactive\Original War\OwarDedicated.exe"="C:\Games\Virgin Interactive\Original War\OwarDedicated.exe:*:Enabled:OwarDedicated"
"C:\Documents and Settings\xxx\Plocha\JoskaPVY_Promis\Torrents\Heroes of Might and Magic III [Geedunk]\Heroes of Might and Magic III Complete\Heroes3.exe"="C:\Documents and Settings\xxx\Plocha\JoskaPVY_Promis\Torrents\Heroes of Might and Magic III [Geedunk]\Heroes of Might and Magic III Complete\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\Games\WOW\World of Warcraft\Launcher.exe"="C:\Games\WOW\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Games\Quake III Arena\quake3.exe"="C:\Games\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Games\icq\ICQ6.5\ICQ.exe"="C:\Games\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Games\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Games\EA GAMES\The Battle for Middle-earth (tm)\lotrbfme.exe"="C:\Games\EA GAMES\The Battle for Middle-earth (tm)\lotrbfme.exe:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Games\WOW\World of Warcraft\BackgroundDownloader.exe"="C:\Games\WOW\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\Curse\CurseClient.exe"="C:\Games\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Games\WOW\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Games\WOW\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\WOW\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Games\WOW\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\WOW\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Games\WOW\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\WOW\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Games\WOW\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\Valve2\Steam\SteamApps\joskaboy\deathmatch classic\hl.exe"="C:\Games\Valve2\Steam\SteamApps\joskaboy\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\Ventrilo\Ventrilo.exe"="C:\Games\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd8865d-79e4-11de-8db2-001617b7108e}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64fa5240-8eef-11dd-be28-001617b7108e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6681b27a-ee44-11de-8e60-001617b7108e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CleanDisk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0bf8e0-eb0c-11dd-8c89-001617b7108e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe


======List of files/folders created in the last 1 months======

2010-01-06 14:54:47 ----D---- C:\rsit
2010-01-06 14:54:47 ----D---- C:\Program Files\trend micro
2010-01-05 16:18:07 ----RSH---- C:\CleanDisk.exe
2009-12-16 12:21:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2009-12-16 12:17:04 ----D---- C:\WINDOWS\system32\AGEIA
2009-12-16 12:17:04 ----D---- C:\Program Files\AGEIA Technologies
2009-12-16 11:59:44 ----D---- C:\Program Files\Dragon Age
2009-12-16 11:59:43 ----D---- C:\Program Files\Common Files\BioWare

======List of files/folders modified in the last 1 months======

2010-01-06 14:54:56 ----D---- C:\WINDOWS\Prefetch
2010-01-06 14:54:47 ----RD---- C:\Program Files
2010-01-06 14:18:39 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 14:17:30 ----D---- C:\WINDOWS\Temp
2010-01-06 14:13:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 23:56:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 23:56:03 ----D---- C:\Documents and Settings\xxx\Data aplikací\ICQ
2009-12-21 17:36:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-21 16:31:53 ----A---- C:\WINDOWS\Ulead32.ini
2009-12-21 16:21:18 ----D---- C:\WINDOWS
2009-12-21 16:20:39 ----HD---- C:\WINDOWS\inf
2009-12-17 20:34:42 ----D---- C:\Games
2009-12-16 12:17:13 ----SHD---- C:\WINDOWS\Installer
2009-12-16 12:17:05 ----D---- C:\WINDOWS\system32
2009-12-16 12:16:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-16 11:59:43 ----D---- C:\Program Files\Common Files
2009-12-12 21:29:49 ----A---- C:\WINDOWS\pex.INI
2009-12-07 21:30:05 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-12-06 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-06 18048]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2005-03-03 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2005-03-03 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2005-03-03 34422]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-26 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-07-22 68864]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 an3030xd;an3030xd; C:\WINDOWS\system32\drivers\an3030xd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmudau32;C-Media USB UDA Sound Interface; C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-08-09 1419840]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-07-22 55040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 npkcrypt;npkcrypt; \??\C:\Games\Lineage II\system\npkcrypt.sys []
S3 PAC7311;VGA SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-02-16 144768]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-13 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 70968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-25 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

tak tady je ten log

[Unlimited_Killer]

Něco tam je, proženeme to ComboFixem, něco sám odstraní. A před skenem připojte k PC všechny flashky, mp3 přehrávače atp. Na nich je také nákaza.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

[Joskaboy]

ComboFix 10-01-04.01 - xxx 06.01.2010 16:50:41.2.1 - x86
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\xxx\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
C:\LOG.TXT

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 13:54 . 2010-01-06 13:54 -------- d-----w- C:\rsit
2010-01-06 13:54 . 2010-01-06 13:54 -------- d-----w- c:\program files\trend micro
2009-12-16 11:17 . 2009-12-16 11:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-16 11:17 . 2009-12-16 11:17 -------- d-----w- c:\windows\system32\AGEIA
2009-12-16 10:59 . 2009-12-16 11:10 -------- d-----w- c:\program files\Dragon Age
2009-12-16 10:59 . 2009-12-16 11:16 -------- d-----w- c:\program files\Common Files\BioWare

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 18:42 . 2006-12-08 20:31 10 ----a-w- c:\windows\popcinfo.dat
2009-12-16 11:16 . 2006-12-11 16:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 13:42 . 2006-11-30 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2006-06-30 19:57 . 2009-12-21 15:21 544768 --sh--r- c:\windows\sn\SN Update.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"Steam"="c:\games\valve2\steam\steam.exe" [2009-10-24 1217808]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"CurseClient"="c:\games\Curse\CurseClient.exe" [2009-07-24 1935360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 278528]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"QuickTime Task"="c:\games\QuickTime\qttask.exe" [2008-11-04 413696]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-08-02 36864]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SNUpdate"="c:\windows\sn\SN Update.exe" [2006-06-30 544768]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SNUpdate"="c:\windows\sn\SN Update.exe" [2006-06-30 544768]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-24 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Hamachi\\hamachi.exe"=
"c:\\Games\\icq\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\counter-strike\\hl.exe"=
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Games\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Documents and Settings\\xxx\\Dokumenty\\Pepa\\Opera.exe"=
"c:\\Games\\WOW\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Games\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\Curse\\CurseClient.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\deathmatch classic\\hl.exe"=
"c:\\Games\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-08 717296]
R3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2006-08-09 1419840]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-02-16 144768]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2005-03-03 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2005-03-03 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2005-03-03 34422]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{84EB4N42-4N04-7H4F-2TDJ-E4H8V730R177}]
2006-06-30 19:57 544768 --sh--r- c:\windows\sn\SN Update.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.03\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.03\MediaManager\grab.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Wdf01000.sys
AddRemove-EAGLE 4.09r2 - c:\games\EAGLE-4.09r2\DeIsL1.isu
AddRemove-Re-Volt - c:\games\Acclaim Entertainment\Re-Volt\Uninst.isu
AddRemove-{02B244A2-7F6A-42E8-A36F-8C385D7A1625} - c:\program files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 17:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Celkový čas: 2010-01-06 17:05:30
ComboFix-quarantined-files.txt 2010-01-06 16:05

Před spuštěním: Volných bajtů: 49 392 631 808
Po spuštění: Volných bajtů: 51 268 288 512

- - End Of File - - 593C594F30FDCAE287DFCFF8E59AAAC7

Log z combofixu

[Unlimited_Killer]

Protože si nejsem jist a Google mnoho nenašel, raději jeden soubor otestuji.

~~~

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

c:\windows\sn\SN Update.exe
c:\windows\popcinfo.dat

Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

[Joskaboy]

1)http://www.virustotal.com/cs/analisis/4 ... 1262800644
2)http://www.virustotal.com/cs/analisis/2 ... 1262800809

[Unlimited_Killer]

Je to vir. Jdu napsat skript. Před vykonáním skriptu zapojte všechny flashky a mp3 přehrávače!

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\sn\SN Update.exe
C:\CleanDisk.exe

File::
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
L:\Autorun.inf

Folder::
C:\Program Files\Yahoo!
C:\Program Files\ICQ6Toolbar
c:\windows\sn
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
I:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
I:\resycled
c:\$recycle.bin
d:\$recycle.bin
e:\$recycle.bin
f:\$recycle.bin
g:\$recycle.bin
h:\$recycle.bin
I:\$recycle.bin

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"SNUpdate"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"SNUpdate"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b0bf8e0-eb0c-11dd-8c89-001617b7108e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6681b27a-ee44-11de-8e60-001617b7108e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64fa5240-8eef-11dd-be28-001617b7108e}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{84EB4N42-4N04-7H4F-2TDJ-E4H8V730R177}]

Driver::
JavaQuickStarterService
ICQ Service

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

[Joskaboy]

ComboFix 10-01-04.01 - xxx 06.01.2010 19:36:46.3.1 - x86
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt

FILE ::
"c:\Autorun.inf"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"
"D:\Autorun.inf"
"E:\Autorun.inf"
"F:\Autorun.inf"
"G:\Autorun.inf"
"H:\Autorun.inf"
"I:\Autorun.inf"
"K:\Autorun.inf"
"L:\Autorun.inf"

file zipped: C:\CleanDisk.exe
file zipped: c:\windows\sn\SN Update.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\CleanDisk.exe
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Yahoo!
c:\program files\Yahoo!\Common\unyt.exe
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_map.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\dlg_upg.html
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ypubc.dll
c:\program files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ytinst.log
c:\program files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
C:\recycler
c:\windows\sn
c:\windows\sn\SN Update.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Service_ICQ Service
-------\Service_JavaQuickStarterService


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 13:54 . 2010-01-06 13:54 -------- d-----w- C:\rsit
2010-01-06 13:54 . 2010-01-06 13:54 -------- d-----w- c:\program files\trend micro
2009-12-16 11:17 . 2009-12-16 11:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-16 11:17 . 2009-12-16 11:17 -------- d-----w- c:\windows\system32\AGEIA
2009-12-16 10:59 . 2009-12-16 11:10 -------- d-----w- c:\program files\Dragon Age
2009-12-16 10:59 . 2009-12-16 11:16 -------- d-----w- c:\program files\Common Files\BioWare

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 18:42 . 2006-12-08 20:31 10 ----a-w- c:\windows\popcinfo.dat
2009-12-16 11:16 . 2006-12-11 16:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 13:42 . 2006-11-30 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"Steam"="c:\games\valve2\steam\steam.exe" [2009-10-24 1217808]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"CurseClient"="c:\games\Curse\CurseClient.exe" [2009-07-24 1935360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 278528]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-08-02 36864]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\xxx\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-24 528384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\Hamachi\\hamachi.exe"=
"c:\\Games\\icq\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\counter-strike\\hl.exe"=
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\condition zero\\hl.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Games\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Documents and Settings\\xxx\\Dokumenty\\Pepa\\Opera.exe"=
"c:\\Games\\WOW\\World of Warcraft\\Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Games\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Games\\Curse\\CurseClient.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Games\\WOW\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Games\\Valve2\\Steam\\SteamApps\\joskaboy\\deathmatch classic\\hl.exe"=
"c:\\Games\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2006-08-09 1419840]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-02-16 144768]
R3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-08 717296]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2005-03-03 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2005-03-03 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2005-03-03 34422]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.03\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.03\MediaManager\grab.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 19:42
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E541F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> 0x89de81f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4dbba0
PacketIndicateHandler -> NDIS.sys @ 0xba4e8b21
SendHandler -> NDIS.sys @ 0xba4c687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1004336348-842925246-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2456)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\winscp\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RunDLL32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\zstatus.exe
c:\windows\system32\wscntfy.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 19:51:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 18:51
ComboFix2.txt 2010-01-06 16:05

Před spuštěním: Volných bajtů: 51 258 654 720
Po spuštění: Volných bajtů: 51 151 368 192

- - End Of File - - A95C06338952E97304A298DBF0F4A5CE

PO sckriptu

[Unlimited_Killer]

Pořád Vám avast! hází tu hlášku?
Jinak zkusíme ještě MBAM.

~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.

[Joskaboy]

Avast už to po resetu nehodil asi už je vse OK děkuji kdyžtak se ozvu!!

[Unlimited_Killer]

No, ten MBAM log. Poté ještě doklidím.

[Joskaboy]

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3458
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6.1.2010 20:41:03
mbam-log-2010-01-06 (20-41-03).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111330
Uplynulý čas: 4 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\xxx\Data aplikací\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

[Unlimited_Killer]

Soubor můžete nechat smazat.
Jak se chová PC? Poté to jen doklidíme.