Prosím o kontrolu logu

[andy206]

Dobrý večer, prosím o kontrolu logu. Druhý den sem měl velmi zpomalené prohlížeče IE i Firefox, velmi pomalé, nedalo se téměř pracovat ( přitom měřič rychlosti ukazoval plnou sílu ) + spousta využité paměti na prohlížení internetu. Provedl jsem několik analýz, prosím o kontrolu.

Výpis z tdsskiller:

18:38:50.0062 4052 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:38:50.0234 4052 ============================================================
18:38:50.0234 4052 Current date / time: 2012/03/14 18:38:50.0234
18:38:50.0234 4052 SystemInfo:
18:38:50.0234 4052
18:38:50.0234 4052 OS Version: 5.1.2600 ServicePack: 3.0
18:38:50.0234 4052 Product type: Workstation
18:38:50.0234 4052 ComputerName: USER-CB5B223F2F
18:38:50.0234 4052 UserName: Tomáš
18:38:50.0234 4052 Windows directory: C:\WINDOWS
18:38:50.0234 4052 System windows directory: C:\WINDOWS
18:38:50.0234 4052 Processor architecture: Intel x86
18:38:50.0234 4052 Number of processors: 4
18:38:50.0234 4052 Page size: 0x1000
18:38:50.0234 4052 Boot type: Normal boot
18:38:50.0234 4052 ============================================================
18:38:51.0641 4052 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:38:51.0641 4052 \Device\Harddisk0\DR0:
18:38:51.0641 4052 MBR used
18:38:51.0641 4052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
18:38:51.0672 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x183A1856
18:38:51.0704 4052 Initialize success
18:38:51.0704 4052 ============================================================
18:39:03.0832 3048 ============================================================
18:39:03.0832 3048 Scan started
18:39:03.0832 3048 Mode: Manual; SigCheck; TDLFS;
18:39:03.0832 3048 ============================================================
18:39:04.0145 3048 Abiosdsk - ok
18:39:04.0160 3048 abp480n5 - ok
18:39:04.0192 3048 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:39:04.0395 3048 ACPI - ok
18:39:04.0426 3048 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:39:05.0051 3048 ACPIEC - ok
18:39:05.0051 3048 adpu160m - ok
18:39:05.0083 3048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:39:05.0161 3048 aec - ok
18:39:05.0192 3048 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:39:05.0223 3048 AFD - ok
18:39:05.0239 3048 Aha154x - ok
18:39:05.0239 3048 aic78u2 - ok
18:39:05.0255 3048 aic78xx - ok
18:39:05.0255 3048 AliIde - ok
18:39:05.0270 3048 amsint - ok
18:39:05.0286 3048 asc - ok
18:39:05.0286 3048 asc3350p - ok
18:39:05.0301 3048 asc3550 - ok
18:39:05.0333 3048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:39:05.0426 3048 AsyncMac - ok
18:39:05.0442 3048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:39:05.0536 3048 atapi - ok
18:39:05.0552 3048 AtcL001 (0907a12341e56dda7b22f8fd116a981d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
18:39:05.0583 3048 AtcL001 - ok
18:39:05.0583 3048 Atdisk - ok
18:39:05.0770 3048 ati2mtag (756a1320c96d2b4e74d22423959af431) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:39:05.0974 3048 ati2mtag - ok
18:39:06.0020 3048 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:39:06.0052 3048 AtiHdmiService - ok
18:39:06.0083 3048 atitray (a9a7409fff37ea152580c2b362a0003a) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
18:39:06.0114 3048 atitray ( UnsignedFile.Multi.Generic ) - warning
18:39:06.0114 3048 atitray - detected UnsignedFile.Multi.Generic (1)
18:39:06.0130 3048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:39:06.0224 3048 Atmarpc - ok
18:39:06.0239 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:39:06.0349 3048 audstub - ok
18:39:06.0364 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:39:06.0458 3048 Beep - ok
18:39:06.0489 3048 C-Dilla (894ffbfc41be336443bee9c33010419a) C:\WINDOWS\system32\drivers\CDANT.SYS
18:39:06.0521 3048 C-Dilla ( UnsignedFile.Multi.Generic ) - warning
18:39:06.0521 3048 C-Dilla - detected UnsignedFile.Multi.Generic (1)
18:39:06.0567 3048 catchme - ok
18:39:06.0583 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:39:06.0677 3048 cbidf2k - ok
18:39:06.0708 3048 cd20xrnt - ok
18:39:06.0739 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:39:06.0833 3048 Cdaudio - ok
18:39:06.0880 3048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:39:06.0974 3048 Cdfs - ok
18:39:07.0005 3048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:39:07.0099 3048 Cdrom - ok
18:39:07.0099 3048 Changer - ok
18:39:07.0114 3048 CmdIde - ok
18:39:07.0130 3048 Cpqarray - ok
18:39:07.0130 3048 cpuz134 - ok
18:39:07.0146 3048 dac2w2k - ok
18:39:07.0146 3048 dac960nt - ok
18:39:07.0161 3048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:39:07.0255 3048 Disk - ok
18:39:07.0286 3048 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
18:39:07.0396 3048 dmboot - ok
18:39:07.0411 3048 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
18:39:07.0505 3048 dmio - ok
18:39:07.0505 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:39:07.0599 3048 dmload - ok
18:39:07.0615 3048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:39:07.0693 3048 DMusic - ok
18:39:07.0708 3048 dpti2o - ok
18:39:07.0724 3048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:39:07.0802 3048 drmkaud - ok
18:39:07.0849 3048 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\WINDOWS\system32\DRIVERS\eamon.sys
18:39:07.0865 3048 eamon - ok
18:39:07.0896 3048 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
18:39:07.0912 3048 ehdrv - ok
18:39:07.0927 3048 epfw (39f48a0784be8465cd1ac80b36d61613) C:\WINDOWS\system32\DRIVERS\epfw.sys
18:39:07.0943 3048 epfw - ok
18:39:07.0958 3048 Epfwndis (3b47010b2425b69826004767e59045ba) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
18:39:07.0990 3048 Epfwndis - ok
18:39:08.0021 3048 epfwtdi (763c43360a541c92ef6c97452b312f3b) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
18:39:08.0021 3048 epfwtdi - ok
18:39:08.0037 3048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:39:08.0146 3048 Fastfat - ok
18:39:08.0162 3048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:39:08.0255 3048 Fdc - ok
18:39:08.0271 3048 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
18:39:08.0365 3048 Fips - ok
18:39:08.0380 3048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:39:08.0490 3048 Flpydisk - ok
18:39:08.0506 3048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:39:08.0599 3048 FltMgr - ok
18:39:08.0615 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:39:08.0709 3048 Fs_Rec - ok
18:39:08.0724 3048 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:39:08.0818 3048 Ftdisk - ok
18:39:08.0849 3048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:39:08.0928 3048 Gpc - ok
18:39:08.0943 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:39:09.0021 3048 HDAudBus - ok
18:39:09.0037 3048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:39:09.0131 3048 HidUsb - ok
18:39:09.0131 3048 hpn - ok
18:39:09.0162 3048 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:39:09.0178 3048 HPZid412 - ok
18:39:09.0193 3048 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:39:09.0209 3048 HPZipr12 - ok
18:39:09.0240 3048 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:39:09.0287 3048 HPZius12 - ok
18:39:09.0318 3048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:39:09.0350 3048 HTTP - ok
18:39:09.0365 3048 i2omgmt - ok
18:39:09.0365 3048 i2omp - ok
18:39:09.0381 3048 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:39:09.0475 3048 i8042prt - ok
18:39:09.0506 3048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:39:09.0600 3048 Imapi - ok
18:39:09.0600 3048 ini910u - ok
18:39:09.0725 3048 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:39:09.0865 3048 IntcAzAudAddService - ok
18:39:09.0928 3048 IntelIde - ok
18:39:09.0943 3048 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:39:10.0022 3048 intelppm - ok
18:39:10.0053 3048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:39:10.0131 3048 Ip6Fw - ok
18:39:10.0162 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:39:10.0240 3048 IpFilterDriver - ok
18:39:10.0272 3048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:39:10.0365 3048 IpInIp - ok
18:39:10.0381 3048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:39:10.0459 3048 IpNat - ok
18:39:10.0490 3048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:39:10.0584 3048 IPSec - ok
18:39:10.0616 3048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:39:10.0662 3048 IRENUM - ok
18:39:10.0694 3048 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:39:10.0787 3048 isapnp - ok
18:39:10.0787 3048 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:39:10.0881 3048 Kbdclass - ok
18:39:10.0897 3048 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:39:10.0975 3048 kbdhid - ok
18:39:11.0006 3048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:39:11.0100 3048 kmixer - ok
18:39:11.0147 3048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:39:11.0319 3048 KSecDD - ok
18:39:11.0319 3048 lbrtfdc - ok
18:39:11.0366 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:39:11.0444 3048 mnmdd - ok
18:39:11.0475 3048 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
18:39:11.0569 3048 Modem - ok
18:39:11.0585 3048 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:39:11.0678 3048 Mouclass - ok
18:39:11.0694 3048 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:39:11.0788 3048 mouhid - ok
18:39:11.0803 3048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:39:11.0897 3048 MountMgr - ok
18:39:11.0913 3048 mraid35x - ok
18:39:11.0928 3048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:39:12.0007 3048 MRxDAV - ok
18:39:12.0038 3048 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:39:12.0069 3048 MRxSmb - ok
18:39:12.0085 3048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:39:12.0194 3048 Msfs - ok
18:39:12.0225 3048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:39:12.0319 3048 MSKSSRV - ok
18:39:12.0335 3048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:39:12.0413 3048 MSPCLOCK - ok
18:39:12.0429 3048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:39:12.0538 3048 MSPQM - ok
18:39:12.0554 3048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:39:12.0632 3048 mssmbios - ok
18:39:12.0663 3048 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:39:12.0694 3048 MTsensor - ok
18:39:12.0710 3048 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:39:12.0726 3048 Mup - ok
18:39:12.0741 3048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:39:12.0835 3048 NDIS - ok
18:39:12.0897 3048 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:39:12.0897 3048 NdisTapi - ok
18:39:12.0929 3048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:39:13.0022 3048 Ndisuio - ok
18:39:13.0038 3048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:39:13.0132 3048 NdisWan - ok
18:39:13.0148 3048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:39:13.0163 3048 NDProxy - ok
18:39:13.0179 3048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:39:13.0273 3048 NetBIOS - ok
18:39:13.0304 3048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:39:13.0413 3048 NetBT - ok
18:39:13.0429 3048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:39:13.0538 3048 Npfs - ok
18:39:13.0554 3048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:39:13.0679 3048 Ntfs - ok
18:39:13.0695 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:39:13.0788 3048 Null - ok
18:39:13.0820 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:39:13.0898 3048 NwlnkFlt - ok
18:39:13.0913 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:39:13.0992 3048 NwlnkFwd - ok
18:39:14.0023 3048 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
18:39:14.0117 3048 Parport - ok
18:39:14.0132 3048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:39:14.0226 3048 PartMgr - ok
18:39:14.0242 3048 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
18:39:14.0351 3048 ParVdm - ok
18:39:14.0351 3048 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
18:39:14.0445 3048 PCI - ok
18:39:14.0460 3048 PCIDump - ok
18:39:14.0476 3048 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:39:14.0585 3048 PCIIde - ok
18:39:14.0601 3048 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:39:14.0711 3048 Pcmcia - ok
18:39:14.0726 3048 PDCOMP - ok
18:39:14.0726 3048 PDFRAME - ok
18:39:14.0742 3048 PDRELI - ok
18:39:14.0742 3048 PDRFRAME - ok
18:39:14.0757 3048 perc2 - ok
18:39:14.0757 3048 perc2hib - ok
18:39:14.0789 3048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:39:14.0898 3048 PptpMiniport - ok
18:39:14.0929 3048 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
18:39:14.0929 3048 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
18:39:14.0929 3048 prodrv06 - detected UnsignedFile.Multi.Generic (1)
18:39:14.0961 3048 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
18:39:14.0976 3048 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
18:39:14.0976 3048 prohlp02 - detected UnsignedFile.Multi.Generic (1)
18:39:14.0992 3048 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
18:39:14.0992 3048 prosync1 ( UnsignedFile.Multi.Generic ) - warning
18:39:14.0992 3048 prosync1 - detected UnsignedFile.Multi.Generic (1)
18:39:15.0007 3048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:39:15.0101 3048 PSched - ok
18:39:15.0101 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:39:15.0195 3048 Ptilink - ok
18:39:15.0195 3048 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:39:15.0226 3048 PxHelp20 - ok
18:39:15.0226 3048 ql1080 - ok
18:39:15.0242 3048 Ql10wnt - ok
18:39:15.0242 3048 ql12160 - ok
18:39:15.0258 3048 ql1240 - ok
18:39:15.0258 3048 ql1280 - ok
18:39:15.0289 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:39:15.0383 3048 RasAcd - ok
18:39:15.0398 3048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:39:15.0492 3048 Rasl2tp - ok
18:39:15.0508 3048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:39:15.0601 3048 RasPppoe - ok
18:39:15.0601 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:39:15.0695 3048 Raspti - ok
18:39:15.0726 3048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:39:15.0867 3048 Rdbss - ok
18:39:15.0883 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:39:15.0977 3048 RDPCDD - ok
18:39:16.0008 3048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:39:16.0102 3048 rdpdr - ok
18:39:16.0164 3048 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:39:16.0195 3048 RDPWD - ok
18:39:16.0211 3048 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:39:16.0305 3048 redbook - ok
18:39:16.0383 3048 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:39:16.0399 3048 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
18:39:16.0399 3048 SCDEmu - detected UnsignedFile.Multi.Generic (1)
18:39:16.0430 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:39:16.0477 3048 Secdrv - ok
18:39:16.0492 3048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:39:16.0570 3048 serenum - ok
18:39:16.0586 3048 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
18:39:16.0695 3048 Serial - ok
18:39:16.0727 3048 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
18:39:16.0727 3048 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
18:39:16.0727 3048 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
18:39:16.0758 3048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:39:16.0852 3048 Sfloppy - ok
18:39:16.0852 3048 Simbad - ok
18:39:16.0867 3048 Sparrow - ok
18:39:16.0883 3048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:39:16.0977 3048 splitter - ok
18:39:17.0024 3048 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
18:39:17.0024 3048 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:39:17.0024 3048 sptd ( LockedFile.Multi.Generic ) - warning
18:39:17.0024 3048 sptd - detected LockedFile.Multi.Generic (1)
18:39:17.0039 3048 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
18:39:17.0086 3048 sr - ok
18:39:17.0117 3048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:39:17.0133 3048 Srv - ok
18:39:17.0149 3048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:39:17.0243 3048 swenum - ok
18:39:17.0258 3048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:39:17.0383 3048 swmidi - ok
18:39:17.0383 3048 symc810 - ok
18:39:17.0399 3048 symc8xx - ok
18:39:17.0399 3048 sym_hi - ok
18:39:17.0414 3048 sym_u3 - ok
18:39:17.0430 3048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:39:17.0508 3048 sysaudio - ok
18:39:17.0555 3048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:39:17.0571 3048 Tcpip - ok
18:39:17.0602 3048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:39:17.0696 3048 TDPIPE - ok
18:39:17.0711 3048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:39:17.0805 3048 TDTCP - ok
18:39:17.0821 3048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:39:17.0899 3048 TermDD - ok
18:39:17.0915 3048 TosIde - ok
18:39:17.0946 3048 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:39:18.0024 3048 tunmp - ok
18:39:18.0040 3048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:39:18.0149 3048 Udfs - ok
18:39:18.0149 3048 ultra - ok
18:39:18.0180 3048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:39:18.0290 3048 Update - ok
18:39:18.0321 3048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:39:18.0399 3048 usbccgp - ok
18:39:18.0415 3048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:39:18.0509 3048 usbehci - ok
18:39:18.0524 3048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:39:18.0634 3048 usbhub - ok
18:39:18.0649 3048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:39:18.0759 3048 usbprint - ok
18:39:18.0774 3048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:39:18.0868 3048 usbscan - ok
18:39:18.0931 3048 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:39:19.0040 3048 usbstor - ok
18:39:19.0040 3048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:39:19.0134 3048 usbuhci - ok
18:39:19.0149 3048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:39:19.0259 3048 VgaSave - ok
18:39:19.0290 3048 ViaIde - ok
18:39:19.0290 3048 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
18:39:19.0415 3048 VolSnap - ok
18:39:19.0431 3048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:39:19.0509 3048 Wanarp - ok
18:39:19.0524 3048 WDICA - ok
18:39:19.0540 3048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:39:19.0618 3048 wdmaud - ok
18:39:19.0665 3048 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:39:19.0681 3048 WpdUsb - ok
18:39:19.0712 3048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:39:19.0806 3048 WS2IFSL - ok
18:39:19.0837 3048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:39:19.0853 3048 WudfPf - ok
18:39:19.0868 3048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:39:19.0884 3048 WudfRd - ok
18:39:19.0884 3048 xcpip - ok
18:39:19.0900 3048 xpsec - ok
18:39:19.0915 3048 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
18:39:19.0915 3048 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
18:39:19.0915 3048 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
18:39:19.0993 3048 Boot (0x1200) (1408f38903600f793494a0f5701dce0f) \Device\Harddisk0\DR0\Partition0
18:39:19.0993 3048 \Device\Harddisk0\DR0\Partition0 - ok
18:39:20.0025 3048 Boot (0x1200) (fe398c8841fd5f9dca0e6b0c147cd3cc) \Device\Harddisk0\DR0\Partition1
18:39:20.0025 3048 \Device\Harddisk0\DR0\Partition1 - ok
18:39:20.0025 3048 ============================================================
18:39:20.0025 3048 Scan finished
18:39:20.0025 3048 ============================================================
18:39:20.0150 1496 Detected object count: 9
18:39:20.0150 1496 Actual detected object count: 9
18:40:02.0006 1496 atitray ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0006 1496 atitray ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0006 1496 C-Dilla ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0006 1496 C-Dilla ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0006 1496 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0006 1496 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0022 1496 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0022 1496 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0022 1496 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0022 1496 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0022 1496 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0022 1496 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0022 1496 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:02.0022 1496 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:02.0022 1496 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:40:02.0022 1496 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:40:02.0272 1496 \Device\Harddisk0\DR0\# - copied to quarantine
18:40:02.0272 1496 \Device\Harddisk0\DR0 - copied to quarantine
18:40:02.0272 1496 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
18:40:02.0303 1496 \Device\Harddisk0\DR0 - ok
18:40:02.0303 1496 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
18:41:07.0432 1180 Deinitialize success

v tomto prográmku mi to našlo jednu havěť a vyléčilo, nyní oba prohlíčeče frčí původní rychlostí. Může mi někdo z Vás prosím říct, co to bylo za vir/problém...? Log z ComboFix přidám za pár minut. Děkuji!

[Rudy]

Zdravím!
V prvé řadě dejte log RSIT. Pokud spustíte CF, zahladíte všechny případné stopy. Po jeho kontrole můžeme dát CF, poku bude třeba. Ano, měl jste MBR rootkit, který byl vyléčen.

[andy206]

Děkuji za rychlou odpověď. Zde je log z RSIT, jak vypadá? Případně nějaké dopručení na úpravu?

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2012-03-14 19:10:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (12%) free of 40 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:52, on 14.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Tomáš.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inext.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.111.2.158/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://188.116.65.34:11101/activex/AMC.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file:///C:/Program%20Files/AutoCAD%202002%20Cz/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS3\Services\Tcpip\..\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS4\Services\Tcpip\..\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7680 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C6996D96-D49E-486F-8CFB-98458C9904A4}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\f26mcvm4.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@macromedia.com/FlashPlayer10]
"Description"=Adobe Flash Player 10.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIBitCometAgent.xpt

C:\Program Files\Mozilla Firefox\plugins\
npBitCometAgent.dll
npdeploytk.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
npvsharetvplg.dll

C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\f26mcvm4.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{6cbc25b0-0a52-11df-8a39-0800200c9a66}(2)
{7b13ec3e-999a-4b70-b9cb-2617b8323822}(2)
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
C:\WINDOWS\system32\browserchoice.exe [2010-02-12 293376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2011-07-27 434080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe [2006-07-11 3144800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-11-18 602360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-07-12 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-28 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 5.0.lnk]
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2009-12-02 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^FIFA 10 Registration.lnk]
D:\FIFA 10\Support\EAregister.exe /remind /language=ENB /PRID=ODS:15691.110.Base Product /WHPR=FIFA 10 /PRNM=Electronic Arts Product []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-12 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Warcraft 3\Warcraft III\Warcraft III.exe"="D:\Warcraft 3\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Far Cry 2\bin\FarCry2.exe"="D:\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry® 2"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-03-14 19:10:38 ----D---- C:\rsit
2012-03-14 19:10:38 ----D---- C:\Program Files\trend micro
2012-03-14 19:07:27 ----D---- C:\WINDOWS\temp
2012-03-14 19:07:25 ----A---- C:\ComboFix.txt
2012-03-14 18:40:02 ----D---- C:\TDSSKiller_Quarantine
2012-03-14 18:38:50 ----A---- C:\TDSSKiller.2.7.20.0_14.03.2012_18.38.50_log.txt
2012-03-14 18:22:22 ----D---- C:\WINDOWS\$regcmp$
2012-03-13 23:00:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2012-03-13 23:00:53 ----D---- C:\Program Files\Common Files\Java
2012-03-13 23:00:38 ----A---- C:\WINDOWS\system32\javaws.exe
2012-03-13 23:00:38 ----A---- C:\WINDOWS\system32\javaw.exe
2012-03-13 23:00:38 ----A---- C:\WINDOWS\system32\java.exe
2012-03-13 22:34:13 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Malwarebytes
2012-03-13 22:34:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-03-13 19:53:41 ----DC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-13 19:51:56 ----DC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-13 19:51:48 ----DC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-13 19:24:06 ----D---- C:\RECYCLER(2)
2012-02-15 18:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 18:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 18:13:20 ----N---- C:\WINDOWS\system32\iacenc.dll

======List of files/folders modified in the last 1 month======

2012-03-14 19:10:38 ----RD---- C:\Program Files
2012-03-14 19:07:28 ----D---- C:\WINDOWS\system32\drivers
2012-03-14 19:07:27 ----D---- C:\WINDOWS
2012-03-14 19:07:27 ----D---- C:\Qoobox
2012-03-14 19:06:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-14 19:03:45 ----A---- C:\WINDOWS\system.ini
2012-03-14 19:03:35 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-14 19:02:20 ----D---- C:\WINDOWS\system32\config
2012-03-14 19:02:11 ----D---- C:\WINDOWS\ERDNT
2012-03-14 19:01:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-14 19:01:50 ----D---- C:\Program Files\vShare.tv plugin
2012-03-14 19:00:28 ----D---- C:\WINDOWS\system32
2012-03-14 19:00:28 ----D---- C:\WINDOWS\AppPatch
2012-03-14 19:00:25 ----D---- C:\Program Files\Common Files
2012-03-14 18:56:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-14 18:56:51 ----D---- C:\WINDOWS\Prefetch
2012-03-14 18:25:40 ----D---- C:\WINDOWS\system32\wbem
2012-03-14 18:25:40 ----D---- C:\WINDOWS\Registration
2012-03-14 18:21:06 ----D---- C:\Downloads
2012-03-14 18:21:05 ----D---- C:\Config.Msi
2012-03-14 18:21:04 ----HD---- C:\WINDOWS\inf
2012-03-14 18:20:10 ----SHD---- C:\WINDOWS\Installer
2012-03-14 18:20:08 ----D---- C:\Program Files\Mozilla Firefox
2012-03-14 18:20:02 ----D---- C:\Program Files\Registry Clean Expert
2012-03-14 06:51:58 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-13 23:00:20 ----D---- C:\Program Files\Java
2012-03-13 22:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2012-03-13 19:53:41 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-13 19:51:59 ----A---- C:\WINDOWS\imsins.BAK
2012-03-13 19:50:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-03-13 18:57:14 ----D---- C:\Program Files\BitComet
2012-03-13 17:44:23 ----D---- C:\Documents and Settings\Tomáš\Data aplikací\Image Zone Express
2012-02-17 16:02:27 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-02-15 19:12:23 ----RSD---- C:\WINDOWS\assembly
2012-02-15 19:12:23 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-15 18:43:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-15 18:43:23 ----D---- C:\WINDOWS\WinSxS
2012-02-15 18:40:33 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 18:40:06 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-12 7206400]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ajh6m3ag;ajh6m3ag; C:\WINDOWS\system32\drivers\ajh6m3ag.sys []
S3 az3g47sq;az3g47sq; C:\WINDOWS\system32\drivers\az3g47sq.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 cpuz134;cpuz134; \??\C:\DOCUME~1\TOM~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mbr;mbr; \??\C:\DOCUME~1\TOM~1\LOCALS~1\Temp\mbr.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-12 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-07-09 32256]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Vy jste te sken CF provedl, že? Dejte log, najdete ho v C:\combofix.txt.

[andy206]

moc se omlouvám, máte pravdu, CF jsem udělal před tím. Výpis je bohužel velmi dlouhý - Vaše zpráva obsahuje 239453 znaků. Maximální povolený počet znaků je 80000. Mám to rozepsat několikrát a nebo Vám postačí jen určitá část?

[andy206]

80% logu tvoří info z
((((((((((((((((((((((((((((( SnapShot_2011-11-13_17.09.35 )))))))))))))))))))))))))))))))))))))))))

[Rudy]

80% logu tvoří info z
((((((((((((((((((((((((((((( SnapShot_2011-11-13_17.09.35 )))))))))))))))))))))))))))))))))))))))))

Toto vynechte a zbytek sem vložte.

[andy206]

ComboFix 12-03-14.01 - Tomáš 14.03.2012 18:57:33.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1409 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\vShare.tv plugin\BaRLcher.dll
c:\windows\msmqinst.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 17:40 . 2012-03-14 17:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 17:25 . 2012-03-14 17:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-14 17:22 . 2012-03-14 17:22 -------- d-----w- c:\windows\$regcmp$
2012-03-13 22:00 . 2012-03-13 22:00 -------- d-----w- c:\program files\Common Files\Java
2012-03-13 18:24 . 2012-03-14 17:24 -------- d-----w- C:\RECYCLER(2)
2012-02-15 17:13 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:13 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 21:59 . 2011-10-24 18:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-17 15:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-02-17 16:41 . 2011-05-07 17:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

dále následuje výpis Snapshot

-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 5.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO 5.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^FIFA 10 Registration.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 04:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- c:\program files\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-05-18 10:29 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-11-18 19:46 602360 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-07-12 21:01 29696 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 -c----r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 13:13 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Warcraft 3\\Warcraft III\\Warcraft III.exe"=
"d:\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19541:TCP"= 19541:TCP:BitComet 19541 TCP
"19541:UDP"= 19541:UDP:BitComet 19541 UDP
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.10.2009 18:49 691696]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [30.10.2010 17:10 19360]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [30.10.2009 16:04 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.11.2011 12:37 136176]
S3 cpuz134;cpuz134;\??\c:\docume~1\TOM~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\TOM~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.11.2011 12:37 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 11:37]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 11:37]
.
2012-03-14 c:\windows\Tasks\User_Feed_Synchronization-{C6996D96-D49E-486F-8CFB-98458C9904A4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inext.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://188.116.65.34:11101/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\f26mcvm4.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 19:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-2025429265-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b5,a9,d4,0a,6a,e9,ad,e9,17,19,85,b7,5c,5f,08,34,c9,a1,bd,1b,76,
db,4d,94,9d,39,e2,95,a8,d1,70,ff,e9,c7,b3,28,4e,93,49,27,37,b2,e6,39,6b,32,\
"rkeysecu"=hex:f8,ac,e7,e0,e7,30,a8,f1,f3,89,67,a1,65,ec,4c,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-14 19:07:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-14 18:07
ComboFix2.txt 2012-03-13 18:20
ComboFix3.txt 2011-11-13 17:11
ComboFix4.txt 2011-03-13 18:30
ComboFix5.txt 2012-03-14 17:56
.
Před spuštěním: 4 905 959 424
Po spuštění: 4 823 777 280
.
- - End Of File - - B9C87D8E8593E0CA4BE64E7698002631


jak to vypadá? Děkuji mnohokrát

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Driver::
gupdate

Regnull::
[HKEY_USERS\S-1-5-21-1957994488-2025429265-839522115-1003\Software\SecuROM\License information*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[andy206]

jak vypadá nyní log?

ComboFix 12-03-14.01 - Tomáš 14.03.2012 22:24:25.6.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1279 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomáš\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\GoogleUpdate.exe
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1957994488-2025429265-839522115-1003(2)\INFO2
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-14 do 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 18:10 . 2012-03-14 18:10 -------- d-----w- C:\rsit
2012-03-14 18:10 . 2012-03-14 18:10 -------- d-----w- c:\program files\trend micro
2012-03-14 17:40 . 2012-03-14 17:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 17:25 . 2012-03-14 17:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-14 17:22 . 2012-03-14 17:22 -------- d-----w- c:\windows\$regcmp$
2012-03-13 22:00 . 2012-03-13 22:00 -------- d-----w- c:\program files\Common Files\Java
2012-03-13 21:34 . 2012-03-13 21:34 -------- d-----w- c:\documents and settings\Tomáš\Data aplikací\Malwarebytes
2012-03-13 21:34 . 2012-03-13 21:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-15 17:13 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:13 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 21:59 . 2011-10-24 18:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-17 15:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 15:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 15:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 15:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 15:44 385024 ----a-w- c:\windows\system32\html.iec
2012-02-17 16:41 . 2011-05-07 17:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO 5.0.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO 5.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 5.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^FIFA 10 Registration.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\FIFA 10 Registration.lnk
backup=c:\windows\pss\FIFA 10 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2011-07-27 04:13 434080 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:06 3144800 ----a-w- c:\program files\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-05-18 10:29 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-11-18 19:46 602360 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-07-12 21:01 29696 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 03:57 16855552 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 -c----r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-28 13:13 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Warcraft 3\\Warcraft III\\Warcraft III.exe"=
"d:\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19541:TCP"= 19541:TCP:BitComet 19541 TCP
"19541:UDP"= 19541:UDP:BitComet 19541 UDP
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.10.2009 18:49 691696]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [30.10.2010 17:10 19360]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [30.10.2009 16:04 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\TOM~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\TOM~1\LOCALS~1\Temp\CFcatchme.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\TOM~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\TOM~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-14 c:\windows\Tasks\User_Feed_Synchronization-{C6996D96-D49E-486F-8CFB-98458C9904A4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inext.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: Interfaces\{06355F1C-EF01-4D68-B837-B8C84268C49E}: NameServer = 212.111.0.10,194.213.32.237
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://188.116.65.34:11101/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\f26mcvm4.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 22:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-03-14 22:40:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-14 21:40
ComboFix2.txt 2012-03-14 18:07
ComboFix3.txt 2012-03-13 18:20
ComboFix4.txt 2011-11-13 17:11
ComboFix5.txt 2012-03-14 21:22
.
Před spuštěním: 4 789 399 552
Po spuštění: 4 745 555 968
.
- - End Of File - - 5A26F4530CACE20913ADE003E1C3AE35
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Log již vypadá čistý.

[andy206]

Děkuji mnohokrát! Velmi si vážím rychlé a odporné pomoci.

[Rudy]

Nemáte zač!

[Rudy]

Omlouvám se, ale něco jsem přehlédl. Spusťte ještě jednou CF tímto skriptem:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-