Facebook vir

[longerski]

Ahoj.

Tak jsem se také nakazil virem, co mi přišel přes chat na FB. Naletěl jsem jako malej kluk a ted mi FB vůbec nejde a blokuje mi i antivir.
Zasílám výsledek z RSITu:


Logfile of random's system information tool 1.09 (written by random/random)
Run by reitmajer at 2011-07-19 10:01:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 126 GB (68%) free of 186 GB
Total RAM: 2038 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:41, on 19.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\update.tray-14-0-lnk\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AutoCAD LT 2008\acadlt.exe
C:\DOCUME~1\REITMA~1\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\reitmajer\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\reitmajer\Plocha\RSIT.exe
C:\Program Files\trend micro\reitmajer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64545
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [6178800.exe] "C:\DOCUME~1\REITMA~1\LOCALS~1\Temp\6178800.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2111172.exe] "C:\WINDOWS\TEMP\2111172.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [3796828.exe] "C:\WINDOWS\TEMP\3796828.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4434221861
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = khkinetic.kh-kinetic.cz
O17 - HKLM\Software\..\Telephony: DomainName = khkinetic.kh-kinetic.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = khkinetic.kh-kinetic.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = khkinetic.kh-kinetic.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = khkinetic.kh-kinetic.cz
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Flexlm Service 1 - Unknown owner - C:\Program Files\SCIA\Engineer2008\Flexlm\Lmgrd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\reitma~1\locals~1\temp\cdm\{e4cdec94-bfc0-4e2e-abbc-261f7392b0c4}\STacSV.exe (file missing)

--
End of file - 9998 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-23 18077696]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-10 413696]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-06-24 534880]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"6178800.exe"=C:\DOCUME~1\REITMA~1\LOCALS~1\Temp\6178800.exe [2011-07-19 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-19 232960]
"2111172.exe"=C:\WINDOWS\TEMP\2111172.exe [2011-07-19 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-19 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-19 110592]
"3796828.exe"=C:\WINDOWS\TEMP\3796828.exe [2011-07-19 483328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-14-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-14-0-lnk\svchost.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe"="C:\Program Files\Jeyo\JMC_WindowsMobile\JMC_WM.exe:*:Enabled:Jeyo Mobile Companion"
"C:\Program Files\SCIA\Engineer2008\Flexlm\Scia.exe"="C:\Program Files\SCIA\Engineer2008\Flexlm\Scia.exe:*:Enabled:Scia"
"C:\Program Files\SCIA\Engineer2008\Flexlm\Lmgrd.exe"="C:\Program Files\SCIA\Engineer2008\Flexlm\Lmgrd.exe:*:Enabled:Lmgrd"
"C:\Program Files\Birsi Inc\MobileController Professional Edition\MobileController.exe"="C:\Program Files\Birsi Inc\MobileController Professional Edition\MobileController.exe:*:Enabled:Birsi MobileController"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Documents and Settings\reitmajer\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\reitmajer\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Documents and Settings\reitmajer\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\reitmajer\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Psi\Psi.exe"="C:\Program Files\Psi\Psi.exe:*:Enabled:Psi"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.mui:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-19 10:01:33 ----D---- C:\rsit
2011-07-19 10:01:33 ----D---- C:\Program Files\trend micro
2011-07-19 08:40:44 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-19 08:40:23 ----HD---- C:\WINDOWS\update.2
2011-07-19 08:29:12 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-19 08:29:03 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-19 08:29:00 ----A---- C:\WINDOWS\systemup.exe
2011-07-19 08:17:14 ----SHD---- C:\RECYCLER
2011-07-19 08:15:57 ----HD---- C:\WINDOWS\update.5.0
2011-07-19 08:15:22 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-19 08:15:13 ----A---- C:\WINDOWS\iplist.txt
2011-07-19 08:15:08 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-19 08:14:13 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-19 08:08:39 ----RA---- C:\WINDOWS\system32\igfxres.dll
2011-07-19 08:00:21 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-19 07:55:44 ----A---- C:\ComboFix.txt
2011-07-19 07:53:50 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-07-19 07:40:08 ----A---- C:\Boot.bak
2011-07-19 07:40:03 ----RASHD---- C:\cmdcons
2011-07-19 07:38:10 ----A---- C:\WINDOWS\zip.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\SWSC.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\SWREG.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\sed.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\PEV.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\MBR.exe
2011-07-19 07:38:10 ----A---- C:\WINDOWS\grep.exe
2011-07-19 07:38:02 ----D---- C:\ComboFix
2011-07-19 07:34:41 ----D---- C:\WINDOWS\ERDNT
2011-07-19 07:34:34 ----D---- C:\Qoobox
2011-07-19 07:31:48 ----D---- C:\WINDOWS\ufa
2011-07-19 07:31:48 ----D---- C:\WINDOWS\rpcminer
2011-07-19 07:31:48 ----D---- C:\WINDOWS\phoenix
2011-07-19 07:31:47 ----A---- C:\WINDOWS\unrar.exe
2011-07-19 07:28:45 ----D---- C:\WINDOWS\av_ico
2011-07-19 07:21:37 ----HD---- C:\WINDOWS\update.tray-14-0-lnk
2011-07-19 07:21:37 ----HD---- C:\WINDOWS\update.tray-14-0
2011-07-19 05:55:04 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-18 08:50:23 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\Callida
2011-07-18 08:47:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Callida
2011-07-14 06:00:31 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\Search Settings
2011-07-14 06:00:28 ----D---- C:\Program Files\pdfforge Toolbar
2011-07-14 06:00:28 ----D---- C:\Program Files\Common Files\Spigot
2011-07-14 06:00:28 ----D---- C:\Program Files\Application Updater
2011-07-13 10:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 10:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-04 12:34:21 ----D---- C:\Program Files\Firebird
2011-07-01 07:31:23 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\Mozilla
2011-07-01 07:31:17 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\Thunderbird
2011-07-01 07:30:09 ----D---- C:\Install
2011-06-29 09:57:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\xml_param
2011-06-29 09:54:38 ----A---- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
2011-06-29 09:54:23 ----A---- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
2011-06-29 09:54:10 ----A---- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
2011-06-29 09:53:57 ----A---- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
2011-06-29 09:53:35 ----A---- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2011-06-29 09:53:23 ----A---- C:\WINDOWS\system32\WS_ATLMovie.dll
2011-06-29 09:53:20 ----D---- C:\Program Files\Daniusoft
2011-06-29 05:56:24 ----A---- C:\WINDOWS\imsins.BAK
2011-06-29 05:56:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-19 10:01:33 ----RD---- C:\Program Files
2011-07-19 09:54:23 ----A---- C:\WINDOWS\WINCMD.INI
2011-07-19 08:42:02 ----D---- C:\WINDOWS\Temp
2011-07-19 08:40:45 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-19 08:40:44 ----D---- C:\WINDOWS
2011-07-19 08:30:10 ----SHD---- C:\System Volume Information
2011-07-19 08:08:39 ----D---- C:\WINDOWS\system32
2011-07-19 08:04:15 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-19 08:04:09 ----D---- C:\Program Files\Common Files\Akamai
2011-07-19 08:03:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 08:00:53 ----D---- C:\WINDOWS\Help
2011-07-19 08:00:50 ----SHD---- C:\WINDOWS\Installer
2011-07-19 08:00:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-19 08:00:17 ----D---- C:\WINDOWS\system32\drivers
2011-07-19 08:00:16 ----HD---- C:\WINDOWS\inf
2011-07-19 08:00:16 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-19 07:54:51 ----SD---- C:\WINDOWS\Tasks
2011-07-19 07:50:36 ----D---- C:\WINDOWS\Prefetch
2011-07-19 07:49:22 ----A---- C:\WINDOWS\system.ini
2011-07-19 07:47:04 ----D---- C:\WINDOWS\system32\config
2011-07-19 07:46:03 ----SD---- C:\Documents and Settings\reitmajer\Data aplikací\Microsoft
2011-07-19 07:44:05 ----D---- C:\WINDOWS\AppPatch
2011-07-19 07:44:02 ----D---- C:\Program Files\Common Files
2011-07-19 07:40:08 ----RASH---- C:\boot.ini
2011-07-19 07:34:34 ----D---- C:\WINDOWS\security
2011-07-19 07:30:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-19 07:21:56 ----D---- C:\Program Files\Microsoft Security Client
2011-07-15 14:30:12 ----A---- C:\global.ini
2011-07-14 06:00:28 ----D---- C:\WINDOWS\WinSxS
2011-07-13 10:06:01 ----D---- C:\WINDOWS\Debug
2011-07-13 10:05:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 10:01:00 ----SHD---- C:\WINDOWS\CSC
2011-07-13 10:00:58 ----D---- C:\WINDOWS\Minidump
2011-07-13 01:42:46 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 07:59:11 ----A---- C:\WINDOWS\ccolwiz.ini
2011-07-08 08:06:08 ----A---- C:\WINDOWS\hpqcopy.INI
2011-07-07 06:22:25 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\EssentialPIM Pro
2011-07-04 12:01:02 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\EssentialPIM
2011-07-04 09:31:18 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-04 09:31:18 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-06-29 08:11:37 ----D---- C:\Documents and Settings\reitmajer\Data aplikací\vlc
2011-06-29 05:56:29 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-22 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
R2 OkiPar;OkiPar; C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS [2007-11-14 43656]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-03-05 157696]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-04-02 27632]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [2010-04-13 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [2010-04-13 25704]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl2a48a596;MpKsl2a48a596; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{080A790A-699C-4C88-A1C3-D2FF38537166}\MpKsl2a48a596.sys []
S1 MpKslcd94de24;MpKslcd94de24; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3AA7007A-6D7F-4236-9230-5188F5F46ACB}\MpKslcd94de24.sys []
S3 aj6udfho;aj6udfho; C:\WINDOWS\system32\drivers\aj6udfho.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4967424]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pneteth;PdaNet Broadband; C:\WINDOWS\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
S3 RDPDISPM;RDPDISPM; C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2010-01-12 9040]
S3 RDPVDD;RDPVDD; C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2010-01-12 19408]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-08-10 41216]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinUSB;Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-19 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-12 85096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S2 STacSV;Audio Service; c:\docume~1\reitma~1\locals~1\temp\cdm\{e4cdec94-bfc0-4e2e-abbc-261f7392b0c4}\STacSV.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Flexlm Service 1;Flexlm Service 1; C:\Program Files\SCIA\Engineer2008\Flexlm\Lmgrd.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-06-16 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[JaRon]

ahoj,
kedze ide o rovnaky virus, pouzi aj rovnaky postup - vid kolega:
http://www.viry.cz/forum/viewtopic.php? ... 4#p1005324

[longerski]

Použil jsem stejný postup, nevím, jestli mám také aplikovat Combofix...

Zde jsou logy z RKILLu a eXeHelperu:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 19.07.2011 at 10:33:13.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\MICROS~4\rapimgr.exe


Rkill completed on 19.07.2011 at 10:33:21.








exeHelper by Raktor
Build 20100414
Run at 10:35:18 on 07/19/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6178800.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2111172.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3796828.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[JaRon]

ano aj ComboFix - boli zmazani 3 smejdi, ale je ich tam este mensie stado

[longerski]

Děkuji.

Log z Combofixu:

ComboFix 11-07-19.01 - reitmajer 19.07.2011 10:52:19.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1482 [GMT 2:00]
Spuštěný z: c:\documents and settings\reitmajer\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-19 do 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 08:01 . 2011-07-19 08:01 -------- d-----w- C:\rsit
2011-07-19 08:01 . 2011-07-19 08:01 -------- d-----w- c:\program files\trend micro
2011-07-19 06:08 . 2005-07-19 18:10 139264 ----a-r- c:\windows\system32\igfxres.dll
2011-07-19 06:00 . 2011-07-19 06:00 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-19 05:53 . 2009-11-21 02:34 6282752 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2011-07-19 05:53 . 2009-11-21 02:34 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2011-07-19 05:31 . 2011-07-19 05:31 -------- d-----w- c:\windows\ufa
2011-07-19 05:31 . 2011-07-19 05:31 -------- d-----w- c:\windows\rpcminer
2011-07-19 05:31 . 2011-07-19 05:31 -------- d-----w- c:\windows\phoenix
2011-07-19 05:31 . 2011-07-19 05:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-19 05:28 . 2011-07-19 05:28 -------- d-----w- c:\windows\av_ico
2011-07-19 05:21 . 2011-07-19 05:46 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-19 05:21 . 2011-07-19 05:21 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-18 11:55 . 2011-07-18 11:55 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-18 06:50 . 2011-07-18 06:50 -------- d-----w- c:\documents and settings\reitmajer\Data aplikací\Callida
2011-07-18 06:47 . 2011-07-18 06:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Callida
2011-07-18 04:26 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{455D665E-EBCB-431D-A7E7-3FB70984E36B}\mpengine.dll
2011-07-14 04:00 . 2011-07-14 04:00 -------- d-----w- c:\documents and settings\reitmajer\Data aplikací\Search Settings
2011-07-14 04:00 . 2011-07-14 04:00 -------- d-----w- c:\program files\pdfforge Toolbar
2011-07-14 04:00 . 2011-07-14 04:00 -------- d-----w- c:\program files\Common Files\Spigot
2011-07-14 04:00 . 2011-07-14 04:00 -------- d-----w- c:\program files\Application Updater
2011-07-04 10:34 . 2011-02-01 06:30 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2011-07-04 10:34 . 2011-07-04 10:34 -------- d-----w- c:\program files\Firebird
2011-07-01 05:31 . 2011-07-01 05:31 -------- d-----w- c:\documents and settings\reitmajer\Local Settings\Data aplikací\Thunderbird
2011-07-01 05:31 . 2011-07-01 05:31 -------- d-----w- c:\documents and settings\reitmajer\Data aplikací\Thunderbird
2011-07-01 05:30 . 2011-07-01 05:30 -------- d-----w- C:\Install
2011-06-29 07:57 . 2011-06-29 09:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\xml_param
2011-06-29 07:54 . 2010-04-13 16:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-06-29 07:54 . 2010-04-13 16:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-06-29 07:54 . 2010-04-13 16:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-06-29 07:53 . 2010-04-13 16:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-06-29 07:53 . 2010-04-13 16:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-06-29 07:53 . 2010-07-30 07:24 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2011-06-29 07:53 . 2011-06-29 07:53 -------- d-----w- c:\program files\Daniusoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 03:53 . 2011-05-20 03:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-05-20 04:04 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 10:35 . 2011-05-24 10:35 2208 ----a-w- c:\windows\system32\drivers\nxsIO32.sys
2011-05-04 02:52 . 2010-04-15 06:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-04-03 08:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2009-02-11 12:11 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-19_05.49.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-19 08:59 . 2011-07-19 08:59 16384 c:\windows\Temp\Perflib_Perfdata_8c.dat
+ 2011-07-19 08:59 . 2011-07-19 08:59 16384 c:\windows\Temp\Perflib_Perfdata_734.dat
+ 2010-01-12 05:15 . 2009-11-21 02:34 69632 c:\windows\system32\OpenCL.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 81920 c:\windows\system32\nvwddi.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 154216 c:\windows\system32\nvsvc32.exe
+ 2009-11-20 18:32 . 2009-11-20 18:32 122880 c:\windows\system32\nvrszht.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 229376 c:\windows\system32\nvrszhc.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrstr.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrsth.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrssv.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 258048 c:\windows\system32\nvrssl.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 258048 c:\windows\system32\nvrssk.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 266240 c:\windows\system32\nvrsru.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 266240 c:\windows\system32\nvrsptb.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 270336 c:\windows\system32\nvrspt.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrspl.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrsno.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 274432 c:\windows\system32\nvrsnl.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 262144 c:\windows\system32\nvrsko.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 270336 c:\windows\system32\nvrsja.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 278528 c:\windows\system32\nvrsit.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 258048 c:\windows\system32\nvrshu.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 331776 c:\windows\system32\nvrshe.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 282624 c:\windows\system32\nvrsfr.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 249856 c:\windows\system32\nvrsfi.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 274432 c:\windows\system32\nvrsesm.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 282624 c:\windows\system32\nvrses.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 245760 c:\windows\system32\nvrseng.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 282624 c:\windows\system32\nvrsel.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 278528 c:\windows\system32\nvrsde.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 253952 c:\windows\system32\nvrsda.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 245760 c:\windows\system32\nvrscs.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 331776 c:\windows\system32\nvrsar.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 110184 c:\windows\system32\nvmctray.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 278120 c:\windows\system32\nvmccs.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 145000 c:\windows\system32\nvcolor.exe
+ 2010-01-12 05:15 . 2009-11-21 02:34 182888 c:\windows\system32\nvcodins.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 182888 c:\windows\system32\nvcod.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 2293286 c:\windows\system32\nvdata.bin
+ 2010-01-12 05:15 . 2009-11-21 02:34 2259560 c:\windows\system32\nvcuvid.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 1989224 c:\windows\system32\nvcuvenc.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 4038656 c:\windows\system32\nvcuda.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 1056768 c:\windows\system32\nvapi.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 13602816 c:\windows\system32\nvoglnt.dll
+ 2009-11-20 18:32 . 2009-11-20 18:32 12669544 c:\windows\system32\nvcpl.dll
+ 2010-01-12 05:15 . 2009-11-21 02:34 11374592 c:\windows\system32\nvcompiler.dll
+ 2006-03-09 07:29 . 2009-11-21 02:34 10235968 c:\windows\system32\drivers\nv4_mini.sys
+ 2006-03-09 07:29 . 2009-11-21 02:34 10235968 c:\windows\system32\dllcache\nv4_mini.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"SkyTel"="SkyTel.EXE" [2007-11-20 1826816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-10 413696]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [BU]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\WINDOWS\\update.tray-14-0-lnk\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.5.2009 13:32 721904]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 14:00 14336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24.6.2011 17:30 393112]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [24.5.2011 12:35 2208]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [29.5.2009 10:00 43656]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16.9.2010 14:06 80896]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2.4.2010 6:19 27632]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [29.6.2011 9:53 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [29.6.2011 9:53 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [29.6.2011 9:54 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [29.6.2011 9:54 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [29.6.2011 9:54 25704]
S1 MpKsl2a48a596;MpKsl2a48a596;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{080A790A-699C-4C88-A1C3-D2FF38537166}\MpKsl2a48a596.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{080A790A-699C-4C88-A1C3-D2FF38537166}\MpKsl2a48a596.sys [?]
S1 MpKslcd94de24;MpKslcd94de24;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3AA7007A-6D7F-4236-9230-5188F5F46ACB}\MpKslcd94de24.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3AA7007A-6D7F-4236-9230-5188F5F46ACB}\MpKslcd94de24.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Flexlm Service 1;Flexlm Service 1;c:\program files\SCIA\Engineer2008\Flexlm\Lmgrd.exe --> c:\program files\SCIA\Engineer2008\Flexlm\Lmgrd.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [5.2.2010 9:48 36608]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [14.4.2011 13:55 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 18:01 21248]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [18.3.2011 12:19 13312]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [12.2.2009 11:15 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [12.2.2009 11:15 19408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:64545
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
------- Asociace souborů -------
.
.scr=AutoCADLTScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 10:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2011-07-19 11:04:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-19 09:04
ComboFix2.txt 2011-07-19 05:55
.
Před spuštěním: Volných bajtů: 132 390 531 072
Po spuštění: Volných bajtů: 132 372 860 928

[JaRon]

celkom fajn
1. docisti PC s CCleanerom - hlavne registre
2. preventivne prescanuj s MBAM - staci rychla kontrola

[longerski]

Scanuji MBAMem, zatím 22 infikovaných objektů. Něco tam ještě bude.......

[JaRon]

vloz log uvidime - mozno nejake stare hriechy

[longerski]

MBAM:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7197

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.7.2011 11:56:02
mbam-log-2011-07-19 (11-56-02).txt

Typ kontroly: Rychlý test
Testované objekty: 194782
Uplynulý čas: 10 minut, 55 sekund

Infikované procesy v paměti: 4
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 7
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 10

Infikované procesy v paměti:
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 1252 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 3124 -> Unloaded process successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> 180 -> Unloaded process successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 3968 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent.H) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent.H) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9122909.exe (Trojan.Agent.H) -> Value: 9122909.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3952779.exe (Trojan.Agent.H) -> Value: 3952779.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4872777.exe (Trojan.Downloader.H) -> Value: 4872777.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\reitmajer\local settings\temp\9122909.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3952779.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4872777.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1695317.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3032815.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3755565.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[JaRon]

takze vsetko je to zo sucasnej infiltracie - nechaj zmazat v MBAM - restart - a spust uplmu kontrolu - ak bude cisto, tak hotovo

[longerski]

Ok, děkuji za pomoc

[JaRon]

rado sa stalo