Něco, co asi koluje po Skypu.

[Ladix]

Zdravím a pěkný večer přeji, ačkoliv to normálně nedělám, dnes po práci jsem klikl na Skypu na podezřelý link, co mi poslal kámoš v domění, že to bude nějaká sranda. V té zprávě stálo tohle: "hej je to tvuj nový obrázek profilu? hxxp://goo.gl/Ya6Se?image=ladix_ ". Otevřelo se to v Raru, tak jsem to bohužel rozklikl a chvilku naběhly hodiny, jako že pc maká, ale nakonec se nic nespustilo, tak už mi to bylo hned jasné, že to asi nebude jen tak něco. Zatím se teda nic moc nestalo, jen se mi asi na minutu přibrzdil pc víc než obvykle. Tak bych se chtěl prosím Vás zeptat, jestli nevíte, o co jde a popřípadě poradit, co se dá dělat - děkuji.


Zde je log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2012-10-10 20:18:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (5%) free of 153 GB
Total RAM: 2015 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:29, on 10.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\pc\Plocha\Programy na čištění a sken PC\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3479322224
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7629 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-22 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-22 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"tvjbmonitor"=C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe [2006-12-26 53248]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2012-10-10 20:18:24 ----D---- C:\rsit
2012-10-10 20:17:29 ----A---- C:\Documents and Settings\pc\Data aplikací\24.exe
2012-10-10 19:52:09 ----A---- C:\Documents and Settings\pc\Data aplikací\21.exe
2012-10-10 19:42:52 ----A---- C:\Documents and Settings\pc\Data aplikací\1E.exe
2012-10-10 18:52:16 ----A---- C:\Documents and Settings\pc\Data aplikací\17.exe
2012-10-10 18:30:51 ----A---- C:\Documents and Settings\pc\Data aplikací\12.exe
2012-10-10 18:08:12 ----D---- C:\WINDOWS\LastGood
2012-09-27 23:04:49 ----D---- C:\Documents and Settings\pc\Data aplikací\Stellarium
2012-09-27 23:04:33 ----D---- C:\Program Files\Stellarium
2012-09-18 21:27:12 ----D---- C:\Program Files\SuperDVD Video Editor
2012-09-18 21:19:04 ----D---- C:\Documents and Settings\pc\Data aplikací\GeoVid
2012-09-18 21:18:29 ----A---- C:\WINDOWS\system32\mfc71u.dll
2012-09-18 21:18:29 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-09-18 21:18:29 ----A---- C:\WINDOWS\system32\dsetup.dll
2012-09-18 21:18:29 ----A---- C:\WINDOWS\system32\atl71.dll
2012-09-18 21:18:28 ----D---- C:\Program Files\GeoVid
2012-09-18 20:53:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Freemake
2012-09-18 20:53:01 ----D---- C:\Program Files\Freemake
2012-09-12 19:26:47 ----D---- C:\Documents and Settings\pc\Data aplikací\avidemux
2012-09-12 09:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$

======List of files/folders modified in the last 1 months======

2012-10-10 20:18:42 ----D---- C:\Program Files\trend micro
2012-10-10 20:04:49 ----D---- C:\Documents and Settings\pc\Data aplikací\Skype
2012-10-10 18:08:54 ----D---- C:\WINDOWS\inf
2012-10-10 18:08:39 ----D---- C:\WINDOWS\$hf_mig$
2012-10-10 18:08:38 ----D---- C:\WINDOWS
2012-10-10 18:08:12 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-10 18:04:56 ----D---- C:\WINDOWS\temp
2012-10-09 21:25:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-09 17:05:04 ----D---- C:\Program Files\Counter-Strike 1.6 Standalone
2012-10-07 14:19:51 ----D---- C:\Documents and Settings\pc\Data aplikací\vlc
2012-10-01 19:03:33 ----D---- C:\WINDOWS\Prefetch
2012-09-30 12:10:14 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-27 23:04:33 ----D---- C:\Program Files
2012-09-23 07:57:39 ----D---- C:\WINDOWS\system32
2012-09-23 01:08:12 ----DC---- C:\WINDOWS\system32\dllcache
2012-09-23 01:08:11 ----D---- C:\WINDOWS\system32\cs-cz
2012-09-23 01:08:11 ----D---- C:\Program Files\Internet Explorer
2012-09-19 08:27:19 ----SHD---- C:\WINDOWS\Installer
2012-09-19 08:27:09 ----D---- C:\Config.Msi
2012-09-18 21:18:47 ----D---- C:\WINDOWS\WinSxS
2012-09-12 09:45:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-09-12 09:44:44 ----A---- C:\WINDOWS\imsins.BAK
2012-09-12 09:40:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 m5288;m5288; C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 210304]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-10-04 639224]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 aavjwio8;aavjwio8; C:\WINDOWS\system32\drivers\aavjwio8.sys []
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]
S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-22 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-19 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-14 189784]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Super, jdeme dale

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

[Ladix]

Dobrý den, když OTL skenoval pc, tak se asi po 10 minutách restartoval a na liště vedle hodin byl zelený štít a z něj bublina, ve které bylo napsáno, že se počítač aktualizoval, ale bohužel jsem s tím přišel i o logy. Mám OTL zapnout znovu?

[vyosek]

A nejsou v miste spusteni OTL nahodou ulozeny? Pokud ne, tak bohuzel znovu

[Ladix]

V okolí OTL se objevil pouze nějaký systémový soubor thumbs.db a nevím proč. Takže jdu znovu na OTL

[vyosek]

To je v pohode, ten pak zakryjem, ma byt skryty ale OTL jej odkryl aby se vedelo ze tam je..

Udelejte tedy znovu OTLko

[Ladix]

OTL hodil asi po 15 minutovém scanu hlášku: "Acces violation at adress 77C381CD in module ´msvcrt.dll´. Read of adress 0223D00" a pak přestal scanovat.

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Ladix]

Zdravím pěkně. Při každém scanu, který jsem dělal, se odehrávaly nějaké chyby, což už jsem dlouho neviděl, nějaký jsem "vyprintscreanoval" a chtěl jsem je sem i vložit, jenže imageshack mi nechtěl pobrat email, tak jsem to vzdal


Zde je log z rkillu:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 06:19:29 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\pc\Data aplikací\1.exe (PID: 4000) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* HidServ [Missing ImagePath]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\DMusic.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys : 52 864 : 08/03/2004 11:07 PM : a6f881284ac1150e37d9ae47ff601267 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52 864 : 04/13/2008 08:45 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]

* C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig]
+-> C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys : 2 944 : 08/03/2004 11:07 PM : 1ed4dbbae9f5d558dbba4cc450e3eb2e [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2 944 : 04/13/2008 08:45 PM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]

* C:\WINDOWS\System32\drivers\parport.sys [NoSig]



A zde je log z Combofixu:



ComboFix 12-10-12.01 - pc 12.10.2012 19:13:35.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1218 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pc\Data aplikací\11.exe
c:\documents and settings\pc\Data aplikací\113.exe
c:\documents and settings\pc\Data aplikací\12.exe
c:\documents and settings\pc\Data aplikací\17.exe
c:\documents and settings\pc\Data aplikací\19.exe
c:\documents and settings\pc\Data aplikací\1E.exe
c:\documents and settings\pc\Data aplikací\21.exe
c:\documents and settings\pc\Data aplikací\24.exe
c:\documents and settings\pc\Data aplikací\29.exe
c:\documents and settings\pc\Data aplikací\36.exe
c:\documents and settings\pc\Data aplikací\37.exe
c:\documents and settings\pc\Data aplikací\5.exe
c:\documents and settings\pc\Data aplikací\6.exe
c:\documents and settings\pc\Data aplikací\7.exe
c:\documents and settings\pc\Data aplikací\8.exe
c:\documents and settings\pc\Data aplikací\9.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-12 do 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-11 15:58 . 2012-10-12 17:13 47104 ----a-w- c:\documents and settings\pc\Data aplikací\C.exe
2012-10-11 13:40 . 2012-10-12 16:13 47104 ----a-w- c:\documents and settings\pc\Data aplikací\1.exe
2012-10-11 13:13 . 2012-10-11 15:52 512 ----a-w- C:\PhysicalMBR.bin
2012-10-10 18:18 . 2012-10-10 18:20 -------- d-----w- C:\rsit
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\stellarium
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\documents and settings\pc\Data aplikací\Stellarium
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\program files\Stellarium
2012-09-19 06:10 . 2012-09-19 06:10 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\Downloaded Installations
2012-09-18 19:27 . 2012-09-18 19:35 -------- d-----w- c:\program files\SuperDVD Video Editor
2012-09-18 19:19 . 2012-09-18 19:19 -------- d-----w- c:\documents and settings\pc\Data aplikací\GeoVid
2012-09-18 19:18 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2012-09-18 19:18 . 2004-08-18 13:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-18 19:18 . 2003-03-19 06:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-09-18 19:18 . 2003-03-19 04:05 89088 ----a-w- c:\windows\system32\atl71.dll
2012-09-18 19:18 . 2012-09-18 19:18 -------- d-----w- c:\program files\GeoVid
2012-09-18 18:53 . 2012-09-19 07:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Freemake
2012-09-18 18:53 . 2012-09-19 07:03 -------- d-----w- c:\program files\Freemake
2012-09-12 17:26 . 2012-09-12 17:27 -------- d-----w- c:\documents and settings\pc\Data aplikací\avidemux
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 18:40 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-08-27 05:04 . 2012-07-30 06:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 05:04 . 2011-12-07 19:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 13:53 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-18 12:00 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-16 11:03 . 2012-07-16 11:03 687529 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2012-09-08 08:13 . 2012-09-08 08:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [21.7.2006 18:45 210304]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2006 12:07 639224]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [21.7.2006 18:44 5824]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.7.2012 8:18 114144]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.7.2012 19:30 27064]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [29.11.2010 19:23 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [29.11.2010 19:23 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [29.11.2010 19:23 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [29.11.2010 19:23 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [29.11.2010 19:23 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [29.11.2010 19:23 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [29.11.2010 19:23 123504]
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.146.136.10 213.29.58.9
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\ibrobymz.default\
FF - prefs.js: browser.search.defaulturl -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 19:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Llsesp = c:\documents and settings\pc\Data aplikac?\Llsesp.exe
.
skenování skrytých souborů ...
.
.
c:\documents and settings\pc\Data aplikací\Llsesp.exe 494080 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Llsesp"="c:\\Documents and Settings\\pc\\Data aplikací\\Llsesp.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-10-12 19:27:59
ComboFix-quarantined-files.txt 2012-10-12 17:27
.
Před spuštěním: 6 776 754 176
Po spuštění: 6 775 427 072
.
- - End Of File - - 3CA69242A2CF56EB6BA4728465DE5045

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  DMusic.sys
  drmkaud.sys
  
  :service
  RpcSs

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[Ladix]

Zde je log ze Systemlook"


SystemLook 30.07.11 by jpshortstuff
Log created at 14:48 on 13/10/2012 by pc
Administrator - Elevation successful

========== filefind ==========

Searching for "DMusic.sys"
C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys -----c- 52864 bytes [10:47 06/09/2008] [21:07 03/08/2004] A6F881284AC1150E37D9AE47FF601267
C:\WINDOWS\ServicePackFiles\i386\dmusic.sys ------- 52864 bytes [18:45 13/04/2008] [18:45 13/04/2008] 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\system32\drivers\DMusic.sys --a---- 52864 bytes [16:47 21/07/2006] [21:07 03/08/2004] A6F881284AC1150E37D9AE47FF601267

Searching for "drmkaud.sys"
C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys -----c- 2944 bytes [10:47 06/09/2008] [21:07 03/08/2004] 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys ------- 2944 bytes [18:45 13/04/2008] [18:45 13/04/2008] 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\system32\drivers\drmkaud.sys --a---- 2944 bytes [16:47 21/07/2006] [21:07 03/08/2004] 1ED4DBBAE9F5D558DBBA4CC450E3EB2E

========== service ==========

RpcSs
Vzdálené volání procedur (RPC)
"Poskytuje mapovač koncových bodů a různé další služby RPC."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost.exe -k rpcss
Group: COM Infrastructure
SafeBoot: Minimal Network
Dependencies:
(none)
Dependant Services:
->Služba pro síťová ustanovení (xmlprov) (Stopped)
->Automatická konfigurace bezdrátových zařízení (WZCSVC) (Started)
->Centrum zabezpečení (wscsvc) (Started)
->Adaptér výkonu služby WMI (WmiApSrv) (Started)
->Internet Connection Sharing (SharedAccess) (Started)
->Služba WMI (winmgmt) (Started)
->Stínová kopie svazku (VSS) (Stopped)
->Klient služby sledování distribuovaných propojení (TrkWks) (Started)
->Sledování infračerveného přenosu (Irmon) (Started)
->Kompatibilita pro rychlé přepínání uživatelů (FastUserSwitchingCompatibility) (Started)
->Terminálová služba (TermService) (Started)
->Správce automatického připojení pomocí vzdáleného přístupu (RasAuto) (Stopped)
->Správce vzdáleného přístupu (RasMan) (Started)
->Telefonní subsystém (TapiSrv) (Started)
->MS Software Shadow Copy Provider (SwPrv) (Stopped)
->Načítání obrázků (WIA) (stisvc) (Stopped)
->Služba obnovení systému (srservice) (Started)
->Zařazování tisku (Spooler) (Started)
->Skype Updater (SkypeUpdate) (Stopped)
->Rozpoznávání hardwaru (ShellHWDetection) (Started)
->Plánovač úloh (Schedule) (Started)
->Koordinátor DTC (MSDTC) (Stopped)
->Správce zabezpečení účtů (SamSs) (Started)
->QoS RSVP (RSVP) (Stopped)
->Směrování a vzdálený přístup (RemoteAccess) (Stopped)
->Správce relací nápovědy ke vzdálené ploše (RDSessMgr) (Stopped)
->Chráněné úložiště (ProtectedStorage) (Started)
->Služby IPSEC (PolicyAgent) (Started)
->Vyměnitelné úložiště (NtmsSvc) (Stopped)
->Síťová připojení (Netman) (Started)
->Agent architektury NAP (Network Access Protection) (napagent) (Stopped)
->Windows Installer (MSIServer) (Stopped)
->Kurýrní služba (Messenger) (Stopped)
->Služba Správa klíčů a certifikátů stavu (hkmsvc) (Stopped)
->Nápověda a odborná pomoc (helpsvc) (Started)
->Oznamování systémových událostí (SENS) (Started)
->Systém událostí modelu COM+ (EventSystem) (Started)
->Error Reporting Service (ERSvc) (Started)
->Automatická konfigurace pevné sítě (Dot3svc) (Stopped)
->Služba EAP (Extensible Authentication Protocol) (EapHost) (Stopped)
->Služba správy pro Správce logických disků (dmadmin) (Stopped)
->Správce logických disků (dmserver) (Stopped)
->CryptSvc (CryptSvc) (Started)
->Systémové aplikace modelu COM+ (COMSysApp) (Stopped)
->Indexing Service (CiSvc) (Stopped)
->Bluetooth Support Service (BthServ) (Stopped)
->BITS (BITS) (Started)
->Zvuk systému Windows (AudioSrv) (Started)

-= EOF =-

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• c:\documents and settings\pc\Data aplikací\Llsesp.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[Ladix]

https://www.virustotal.com/file/91378eb ... 350216523/

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\documents and settings\pc\Data aplikací\Llsesp.exe
  c:\documents and settings\pc\Data aplikací\C.exe
  c:\documents and settings\pc\Data aplikací\1.exe
  
  Rootkit::
  c:\documents and settings\pc\Data aplikací\Llsesp.exe 
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Llsesp"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  "Skype"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ISUSPM Startup"=-
  "ISUSScheduler"=-
  
  FCopy::
  C:\WINDOWS\ServicePackFiles\i386\dmusic.sys | C:\WINDOWS\System32\drivers\DMusic.sys
  C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys | C:\WINDOWS\System32\drivers\drmkaud.sys
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Ladix]

Zde je log z CF po aplikaci skriptu:


ComboFix 12-10-12.01 - pc 14.10.2012 20:30:43.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2015.1583 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.
file zipped: c:\documents and settings\pc\Data aplikací\1.exe
file zipped: c:\documents and settings\pc\Data aplikací\C.exe
file zipped: c:\documents and settings\pc\Data aplikací\Llsesp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pc\Data aplikací\1.exe
c:\documents and settings\pc\Data aplikací\10.exe
c:\documents and settings\pc\Data aplikací\11.exe
c:\documents and settings\pc\Data aplikací\12.exe
c:\documents and settings\pc\Data aplikací\13.exe
c:\documents and settings\pc\Data aplikací\18.exe
c:\documents and settings\pc\Data aplikací\1B.exe
c:\documents and settings\pc\Data aplikací\1C.exe
c:\documents and settings\pc\Data aplikací\1E.exe
c:\documents and settings\pc\Data aplikací\2.exe
c:\documents and settings\pc\Data aplikací\21.exe
c:\documents and settings\pc\Data aplikací\22.exe
c:\documents and settings\pc\Data aplikací\23.exe
c:\documents and settings\pc\Data aplikací\24.exe
c:\documents and settings\pc\Data aplikací\25.exe
c:\documents and settings\pc\Data aplikací\26.exe
c:\documents and settings\pc\Data aplikací\36.exe
c:\documents and settings\pc\Data aplikací\3A.exe
c:\documents and settings\pc\Data aplikací\3B.exe
c:\documents and settings\pc\Data aplikací\3C.exe
c:\documents and settings\pc\Data aplikací\47.exe
c:\documents and settings\pc\Data aplikací\6.exe
c:\documents and settings\pc\Data aplikací\7.exe
c:\documents and settings\pc\Data aplikací\8.exe
c:\documents and settings\pc\Data aplikací\9.exe
c:\documents and settings\pc\Data aplikací\A.exe
c:\documents and settings\pc\Data aplikací\B.exe
c:\documents and settings\pc\Data aplikací\D.exe
c:\documents and settings\pc\Data aplikací\E.exe
c:\documents and settings\pc\Data aplikací\F.exe
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\dmusic.sys --> c:\windows\System32\drivers\DMusic.sys
c:\windows\$NtServicePackUninstall$\drmkaud.sys --> c:\windows\System32\drivers\drmkaud.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-14 do 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-12 18:52 . 2012-10-12 18:52 47104 ----a-w- c:\documents and settings\pc\Data aplikací\1D.exe
2012-10-11 15:58 . 2012-10-14 09:56 91136 ----a-w- c:\documents and settings\pc\Data aplikací\C.exe
2012-10-11 13:13 . 2012-10-11 15:52 512 ----a-w- C:\PhysicalMBR.bin
2012-10-10 18:18 . 2012-10-10 18:20 -------- d-----w- C:\rsit
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\stellarium
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\documents and settings\pc\Data aplikací\Stellarium
2012-09-27 21:04 . 2012-09-27 21:04 -------- d-----w- c:\program files\Stellarium
2012-09-19 06:10 . 2012-09-19 06:10 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\Downloaded Installations
2012-09-18 19:27 . 2012-09-18 19:35 -------- d-----w- c:\program files\SuperDVD Video Editor
2012-09-18 19:19 . 2012-09-18 19:19 -------- d-----w- c:\documents and settings\pc\Data aplikací\GeoVid
2012-09-18 19:18 . 2005-06-07 13:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2012-09-18 19:18 . 2004-08-18 13:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-18 19:18 . 2003-03-19 06:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-09-18 19:18 . 2003-03-19 04:05 89088 ----a-w- c:\windows\system32\atl71.dll
2012-09-18 19:18 . 2012-09-18 19:18 -------- d-----w- c:\program files\GeoVid
2012-09-18 18:53 . 2012-09-19 07:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Freemake
2012-09-18 18:53 . 2012-09-19 07:03 -------- d-----w- c:\program files\Freemake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 18:40 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-18 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-08-27 05:04 . 2012-07-30 06:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 05:04 . 2011-12-07 19:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 13:53 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-18 12:00 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-08 08:13 . 2012-09-08 08:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [21.7.2006 18:45 210304]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2006 12:07 639224]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [21.7.2006 18:44 5824]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.7.2012 8:18 114144]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.7.2012 19:30 27064]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [29.11.2010 19:23 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [29.11.2010 19:23 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [29.11.2010 19:23 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [29.11.2010 19:23 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [29.11.2010 19:23 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [29.11.2010 19:23 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [29.11.2010 19:23 123504]
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.146.136.10 213.29.58.9
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\ibrobymz.default\
FF - prefs.js: browser.search.defaulturl -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 20:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-10-14 20:51:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-14 18:51
ComboFix2.txt 2012-10-12 17:28
.
Před spuštěním: 2 228 432 896
Po spuštění: 2 202 562 560
.
- - End Of File - - E02E18309E8F4C0A605BFCEF8711DBDD