prosim o kontrolu, facebook vir

[zlatovlaska19]

neviem kam to dat, tak to dam sem, pomozte pls
log :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Oliver at 2011-07-27 18:43:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (20%) free of 20 GB
Total RAM: 383 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:39, on 27. 7. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\services32.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Oliver\My Documents\Preberanie\RSIT(2).exe
C:\Program Files\trend micro\Oliver.exe

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [2321900.exe] "C:\DOCUME~1\Oliver\LOCALS~1\Temp\2321900.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [779053.exe] "C:\WINDOWS\TEMP\779053.exe"
O4 - HKLM\..\Run: [6263982-loader2.exe] "C:\WINDOWS\TEMP\6263982-loader2.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [3253612.exe] "C:\WINDOWS\TEMP\3253612.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 4560 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Oliver\Application Data\Mozilla\Firefox\Profiles\cj8zlkis.default

prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.16"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-06-15 368640]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-21 1167872]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-21 1167872]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2321900.exe"=C:\DOCUME~1\Oliver\LOCALS~1\Temp\2321900.exe [2011-07-21 249344]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-23 247296]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-23 247296]
"779053.exe"=C:\WINDOWS\TEMP\779053.exe [2011-07-21 483328]
"6263982-loader2.exe"=C:\WINDOWS\TEMP\6263982-loader2.exe [2011-07-21 249344]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-21 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-21 110592]
"3253612.exe"=C:\WINDOWS\TEMP\3253612.exe [2011-07-23 247296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\TmNationsESWC.exe"="D:\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Oliver\My Documents\Flash-Player.exe"="C:\Documents and Settings\Oliver\My Documents\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Oliver\My Documents\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2011-07-27 18:42:16 ----D---- C:\Program Files\trend micro
2011-07-27 18:42:14 ----D---- C:\rsit
2011-07-23 10:44:48 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2011-07-23 10:44:16 ----D---- C:\WINDOWS\system32\PreInstall
2011-07-23 10:44:15 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-07-23 10:44:15 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-07-23 10:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-07-23 10:44:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-23 10:25:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-07-21 14:41:21 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-21 14:41:02 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-21 14:40:58 ----A---- C:\WINDOWS\systemup.exe
2011-07-21 14:40:40 ----D---- C:\WINDOWS\ufa
2011-07-21 14:40:40 ----D---- C:\WINDOWS\rpcminer
2011-07-21 14:40:40 ----D---- C:\WINDOWS\phoenix
2011-07-21 14:39:30 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 14:39:06 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-21 14:38:38 ----HD---- C:\WINDOWS\update.2
2011-07-21 14:38:32 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 14:38:00 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 14:37:18 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 14:36:27 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-21 14:36:13 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-21 14:36:00 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 14:35:40 ----ASH---- C:\hiberfil.sys
2011-07-21 14:33:07 ----HD---- C:\WINDOWS\update.1
2011-07-21 14:33:05 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-21 14:33:05 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-21 14:21:36 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 14:21:36 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 14:21:24 ----A---- C:\WINDOWS\services32.exe

======List of files/folders modified in the last 1 month======

2011-07-27 18:42:16 ----RD---- C:\Program Files
2011-07-27 18:35:57 ----D---- C:\Program Files\Mozilla Firefox
2011-07-27 17:51:21 ----D---- C:\WINDOWS\Temp
2011-07-27 12:10:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 11:51:50 ----D---- C:\WINDOWS
2011-07-25 11:48:14 ----HD---- C:\WINDOWS\inf
2011-07-25 11:48:13 ----D---- C:\WINDOWS\system32
2011-07-25 11:47:09 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-24 14:35:17 ----D---- C:\WINDOWS\Prefetch
2011-07-23 15:34:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-23 10:44:31 ----A---- C:\WINDOWS\imsins.BAK
2011-07-23 10:25:28 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-23 10:25:25 ----D---- C:\WINDOWS\Help
2011-07-21 15:33:37 ----D---- C:\Program Files\Opera
2011-07-21 14:34:40 ----A---- C:\boot.ini
2011-07-19 11:05:42 ----D---- C:\Documents and Settings\Oliver\Application Data\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sisagp;SiS AGP winXP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2011-01-30 35712]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2002-03-06 389135]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2011-01-30 19072]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-05-02 10222720]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-21 340992]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-21 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-23 247296]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-21 1167872]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []

-----------------EOF-----------------

[Danstahr]

Dobrý podvečer ,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

[zlatovlaska19]

tu je vypis
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7311

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28. 7. 2011 20:30:24
mbam-log-2011-07-28 (20-30-18).txt

Typ kontroly: Úplná kontrola (A:\|C:\|D:\|E:\|)
Objektov kontrolovaných: 163350
Uplynutý čas: 1 hod, 3 min, 44 sek

Infikované služby pamäte: 8
Infikované moduly pamäte: 0
Infikované registračné kľúče: 10
Infikované registračné hodnoty: 12
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 39

Infikované služby pamäte:
c:\WINDOWS\services32.exe (Trojan.Dropper) -> 1560 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 1624 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Backdoor.Delf) -> 1656 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 1708 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> 1104 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 1932 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1452 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1788 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2321900.exe (Trojan.Agent) -> Value: 2321900.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\779053.exe (Trojan.Downloader.H) -> Value: 779053.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6263982-loader2.exe (Trojan.Agent) -> Value: 6263982-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3253612.exe (Trojan.Agent) -> Value: 3253612.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované súbory:
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Backdoor.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Trojan.Downloader.H) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Oliver\local settings\Temp\2321900.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\779053.exe (Trojan.Downloader.H) -> No action taken.
c:\WINDOWS\Temp\6263982-loader2.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3253612.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Oliver\my documents\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1361652.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3592164.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\3919148.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\52340_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\5421991.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5719017.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9827655.exe (Backdoor.Delf) -> No action taken.
c:\WINDOWS\update.tray-2-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\5687509.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8061586.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\706881150.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> No action taken.

[zlatovlaska19]

možem dať mazať? alebo čo teraz?

[Danstahr]

Strpení, nesedím tu pořád ...

Infekci nalezenou MBAMem smažte.


Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.
Spusťte ComboFix s administrátorským oprávněním.
Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení
Během skenu nechte počítač naprosto v klidu.
Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému
Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem
ComboFixu si do dalšího pokynu nevšímejte

[zlatovlaska19]

zdravim, vcera som tu pisal co mam robit, no nerobim to na svojom pc ale u bratranca,a kedze uz bolo neskoro tak som to musel nechat na dnes, preto sa pytam ci treba opat spustit nanovo uplnu kontrolu , alebo sa daju nejako odstranit tie subory pomocou toho ulozeneho log-u. A ci plati postup ktory ste mi pisali,alebo to treba vsetko odznova, dakujem

[Danstahr]

Spusťte znovu MBAM s úplnou kontrolou, nalezenou infekci smažte a pokračujte ComboFixem.

[zlatovlaska19]

ok, potom dam vediet zatial vdaka

[zlatovlaska19]

tu je vypis, čo dalej
ComboFix 11-07-29.01 - Oliver . 07. 2011 12:59:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.383.73 [GMT 2:00]
Running from: C:\Documents and Settings\Oliver\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\ddh_iplist.txt
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\phoenix
C:\WINDOWS\phoenix.rar
C:\WINDOWS\phoenix\kernels\phatk\__init__.py
C:\WINDOWS\phoenix\kernels\phatk\BFIPatcher.py
C:\WINDOWS\phoenix\kernels\phatk\kernel.cl
C:\WINDOWS\phoenix\kernels\poclbm\__init__.py
C:\WINDOWS\phoenix\kernels\poclbm\BFIPatcher.py
C:\WINDOWS\phoenix\kernels\poclbm\kernel.cl
C:\WINDOWS\phoenix\phoenix.exe
C:\WINDOWS\proc_list1.log
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\ufa.rar
C:\WINDOWS\update.1
C:\WINDOWS\update.2
C:\WINDOWS\update.5.0
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS


((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))


2011-07-28 19:43:21 . 2011-07-28 19:43:21 -------- d-----w- C:\WINDOWS\system32\KB905474
2011-07-28 19:35:10 . 2011-07-28 19:35:10 -------- d-----w- C:\WINDOWS\ServicePackFiles
2011-07-28 17:45:37 . 2011-07-28 18:40:55 -------- d-----w- C:\WINDOWS\system32\CatRoot_bak
2011-07-28 17:26:54 . 2008-06-13 13:10:50 272128 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys
2011-07-28 17:26:54 . 2008-06-13 13:10:50 272128 ------w- C:\WINDOWS\system32\drivers\bthport.sys
2011-07-28 17:23:40 . 2011-07-28 17:23:40 -------- d-----w- C:\Documents and Settings\Oliver\Application Data\Malwarebytes
2011-07-28 17:23:16 . 2011-07-06 17:52:42 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-28 17:23:14 . 2011-07-28 17:23:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-28 17:23:10 . 2011-07-28 17:23:19 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 17:23:10 . 2011-07-06 17:52:42 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 17:01:37 . 2010-02-24 12:31:30 454016 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2011-07-27 17:01:24 . 2010-02-16 13:17:38 2137088 -c----w- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2011-07-27 17:01:23 . 2010-02-16 13:19:55 2181376 -c----w- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2011-07-27 17:01:21 . 2010-02-16 12:39:04 2016768 -c----w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2011-07-27 17:01:20 . 2010-02-16 12:39:04 2058368 -c----w- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2011-07-27 16:42:16 . 2011-07-27 16:43:38 -------- d-----w- C:\Program Files\trend micro
2011-07-27 16:42:14 . 2011-07-27 16:42:53 -------- d-----w- C:\rsit
2011-07-24 12:30:26 . 2010-02-12 10:03:03 293376 ------w- C:\WINDOWS\system32\browserchoice.exe
2011-07-23 08:44:15 . 2008-07-09 07:38:27 26488 ----a-w- C:\WINDOWS\system32\spupdsvc.exe
2011-07-23 08:44:14 . 2011-07-28 19:45:43 -------- d--h--w- C:\WINDOWS\$hf_mig$
2011-07-21 12:40:40 . 2011-07-21 12:40:41 -------- d-----w- C:\WINDOWS\ufa
2011-07-21 12:38:00 . 2011-07-21 12:40:39 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-07-21 12:33:05 . 2011-07-29 10:47:57 -------- d--h--w- C:\WINDOWS\update.tray-2-0
2011-07-21 12:33:05 . 2011-07-29 10:47:56 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

[zlatovlaska19]

oprava, tu je ta sprava
ComboFix 11-07-29.01 - Oliver . 07. 2011 12:59:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.383.73 [GMT 2:00]
Running from: c:\documents and settings\Oliver\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-28 19:43 . 2011-07-28 19:43 -------- d-----w- c:\windows\system32\KB905474
2011-07-28 19:35 . 2011-07-28 19:35 -------- d-----w- c:\windows\ServicePackFiles
2011-07-28 17:45 . 2011-07-28 18:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-28 17:26 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-07-28 17:26 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-07-28 17:23 . 2011-07-28 17:23 -------- d-----w- c:\documents and settings\Oliver\Application Data\Malwarebytes
2011-07-28 17:23 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 17:23 . 2011-07-28 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-28 17:23 . 2011-07-28 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 17:23 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 17:01 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-27 17:01 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-27 17:01 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-27 17:01 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-27 17:01 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-07-27 16:42 . 2011-07-27 16:43 -------- d-----w- c:\program files\trend micro
2011-07-27 16:42 . 2011-07-27 16:42 -------- d-----w- C:\rsit
2011-07-24 12:30 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-07-23 08:44 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-23 08:44 . 2011-07-28 19:45 -------- d--h--w- c:\windows\$hf_mig$
2011-07-21 12:40 . 2011-07-21 12:40 -------- d-----w- c:\windows\ufa
2011-07-21 12:38 . 2011-07-21 12:40 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 12:33 . 2011-07-29 10:47 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-21 12:33 . 2011-07-29 10:47 -------- d--h--w- c:\windows\update.tray-2-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-06-15 368640]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21. 12. 2010 16:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21. 12. 2010 14:47 94872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28. 7. 2011 19:23 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28. 7. 2011 19:23 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-28 20:18]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Oliver\Application Data\Mozilla\Firefox\Profiles\cj8zlkis.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 13:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2011-07-29 13:16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-29 11:15
.
Pre-Run: 2 533 638 144 bytes free
Post-Run: 7 431 643 136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 82E8528D9A4B16A2352922384C627932

[Danstahr]

...čo dalej

No teď si dáme Deli . Tak si dejte i za mě, já jdu napsat dočišťovací skript (skripty si vzájemně kontrolujeme, takže to může chvilku trvat, díky za strpení).

[zlatovlaska19]

rad počkám ak je to pre moje dobro, resp. pre dobro pc
btw ešte som sa chcel opýtať, či nie je problém, že riešim cez moj profil bratrancov pc, konkretne, ak by som aj ja chcel aby ste mi spravili kontrolu, či nie je problem robiť dva pc cez jeden profil (bratranec moc do pc neni, šak asi ste si aj všimli podľa hardveru pc, má starou šunku len na internet)

[Danstahr]

Podezřelé začne být, když sem jeden uživatel chrlí jeden log za druhým, každé PC s jinou konfigurací. Za dva různé počítače vám rozhodně hlavu neutrhneme .

[zlatovlaska19]

vdaka za odpoved, a inak tento pc je uz v poriadku? či mi treba ešte čakať alebo možem opustiť tento priestor

[Danstahr]

Ještě budeme mazat, strpení...