ESET našel viry

[Dandy123]

Jedná se o starší PC, které mělo cca 50 havětí v sobě...A ještě to dále nachází další.....
Je narušen komplet systém Windows XP SP2, aktualizace na SP3 ani na Windows Update mě to nepustí...
Nachází se zde 3 disky.

Eset mi našel toto:
D:\flash\plocha flash\RSO.Vocal.Magic.VST.4.0.rar » RAR » RSO.Vocal.Magic.VST.4.00.exe » CAB » RSOVST~1.EXE - varianta infiltrace Win32/Obfuscated.NEJ trojský kůň
D:\guru\GURU with key.zip » ZIP » KeyGen/nGen.exe - pravděpodobně varianta infiltrace Win32/Agent.NNIZXFU trojský kůň
D:\guru\KeyGen\nGen.exe - pravděpodobně varianta infiltrace Win32/Agent.NNIZXFU trojský kůň - vyléčen smazáním - uložen do karantény [1]
D:\VST\HADY DVD\AV.Music.Morpher.Gold.v5.0.41.incl.patch-iOTA\music_morpher_gold.exe » NSIS » DealioKit1-stub-0.exe - Win32/Toolbar.Widgi potenciálně nechtěná aplikace
D:\VST\HADY DVD\vocal magic\RSO.Vocal.Magic.VST.4.00.exe » CAB » RSOVST~1.EXE - varianta infiltrace Win32/Obfuscated.NEJ trojský kůň
G:\SOFTWARE\RSO.Vocal.Magic.VST.4.00.exe » CAB » RSOVST~1.EXE - varianta infiltrace Win32/Obfuscated.NEJ trojský kůň
G:\SOFTWARE\CUBASE 4\Cubase\Cubase\SCS4\SCS4\AutoPlay\Docs\Cubase Studio 4 for Windows\Additional Content\Copy Protection Driver\SyncrosoftLicenseControlSetup.exe » RAR » synsoacc.dll - pravděpodobně varianta infiltrace Win32/Agent.NBWWAAL trojský kůň
G:\SOFTWARE\CUBASE 4\Cubase\Cubase\SLCx32Bits\SLCx32Bits\synsoacc.dll - pravděpodobně varianta infiltrace Win32/Agent.NBWWAAL trojský kůň - vyléčen smazáním - uložen do karantény [1]
G:\SOFTWARE\CUBASE 4\Cubase\Cubase\SLCx64Bits\SLCx64Bits\synsoacc.dll - pravděpodobně varianta infiltrace Win32/Agent.NBWWAAL trojský kůň - vyléčen smazáním - uložen do karantény [1]
G:\SOFTWARE\Pugins\3\Wave[1].Arts.Power.Suite.v5.47.DX.VST.RTAS.Incl.Keygen-DYNAMiCS.rar » RAR » Wave.Arts.Power.Suite.v5.47.DX.VST.RTAS.Incl.Keygen-DYNAMiCS\Key_Gen.exe - varianta infiltrace Win32/Injector.AHO trojský kůň
G:\SOFTWARE\Pugins\3\Wave.Arts.Power.Suite.v5.47.DX.VST.RTAS.Incl.Keygen-DYNAMiCS\Key_Gen.exe - varianta infiltrace Win32/Injector.AHO trojský kůň - vyléčen smazáním - uložen do karantény [1]
D:\VST\HADY DVD\AV.Music.Morpher.Gold.v5.0.41.incl.patch-iOTA\music_morpher_gold.exe » NSIS » DealioKit1-stub-0.exe - Win32/Toolbar.Widgi potenciálně nechtěná aplikace


MWAV našel toto:
24 I 2013 23:39:32 - Offending file found: C:\Documents and Settings\PC\Plocha\Magic Video Converter\avcore.dll
24 I 2013 23:39:32 - System found infected with AntiSpyDeluxe Corrupted Adware/Spyware (avcore.dll)! Action taken: Ponecháno, neodstraněno!.

24 I 2013 23:39:33 - Offending file found: C:\Documents and Settings\PC\Plocha\Magic Video Converter 8.0.10.28\Stubs\bfd26d349fb0e3c579711e96b2cc4da3917d162c\avcore.dll
24 I 2013 23:39:33 - System found infected with AntiSpyDeluxe Corrupted Adware/Spyware (avcore.dll)! Action taken: Ponecháno, neodstraněno!.

24 I 2013 23:39:52 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
24 I 2013 23:39:52 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Ponecháno, neodstraněno!.

24 I 2013 23:39:53 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
24 I 2013 23:39:53 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Ponecháno, neodstraněno!.

24 I 2013 23:39:54 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
24 I 2013 23:39:54 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Ponecháno, neodstraněno!.

Combofix mi smazal cca 20 věcí....Ale bohužel jsem omylem smazal log...

Kaspersky mi odstranil 4 soubory...


Posílám ještě log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2013-01-26 09:27:29
WIN_XP Service Pack 2
System drive C: has 40 GB (50%) free of 80 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:28:00, on 26.1.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PC\Plocha\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-21-1123561945-1757981266-839522115-1003\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SNMP - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: Zachytávání pro službu SNMP (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 5306 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2012-08-17 537528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2012-08-17 811960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2012-08-17 484280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-08-17 218880]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-26 5074384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2012-08-17 200632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave8"=EchogalsWrap.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======List of files/folders created in the last 3 months======

2013-01-26 09:27:32 ----D---- C:\Program Files\trend micro
2013-01-26 09:27:29 ----D---- C:\rsit
2013-01-26 08:34:45 ----D---- C:\Program Files\Google
2013-01-25 20:30:40 ----D---- C:\Documents and Settings\PC\Data aplikací\ESET
2013-01-25 20:21:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2013-01-25 10:03:20 ----D---- C:\Program Files\Kaspersky Lab
2013-01-25 10:03:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2013-01-25 10:03:14 ----D---- C:\WINDOWS\LastGood
2013-01-25 10:03:05 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2013-01-25 10:03:05 ----A---- C:\WINDOWS\system32\drivers\klflt.sys
2013-01-25 09:04:18 ----A---- C:\WINDOWS\002906_.tmp
2013-01-25 08:52:35 ----A---- C:\WINDOWS\imsins.BAK
2013-01-25 08:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2013-01-25 08:52:27 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-25 08:51:39 ----D---- C:\Program Files\MSECache
2013-01-25 08:50:48 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-25 08:45:48 ----D---- C:\Program Files\Microsoft Download Manager
2013-01-25 07:21:39 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2013-01-25 07:21:39 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2013-01-25 07:20:51 ----ASH---- C:\WINDOWS\system32\drivers\fidbox2.dat
2013-01-25 07:20:51 ----ASH---- C:\WINDOWS\system32\drivers\fidbox.dat
2013-01-25 07:19:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2013-01-24 23:33:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-24 23:31:29 ----SHD---- C:\RECYCLER
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\VDLL.DLL
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\RUNDL132.EXE
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\logo_1.exe
2013-01-24 22:24:23 ----A---- C:\WINDOWS\002904_.tmp
2013-01-24 22:13:27 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2013-01-24 22:13:27 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2013-01-24 20:37:08 ----D---- C:\servis
2013-01-24 15:18:21 ----D---- C:\Program Files\TeamViewer
2013-01-24 15:10:55 ----ASH---- C:\BOOT.BAK
2013-01-24 15:10:18 ----D---- C:\$WIN_NT$.~BT
2013-01-24 15:10:18 ----A---- C:\WINDOWS\UPGRADE.TXT
2013-01-24 15:04:33 ----ASH---- C:\pagefile.sys
2013-01-24 14:34:31 ----D---- C:\RegBackup
2013-01-24 14:32:23 ----A---- C:\WINDOWS\002905_.tmp
2013-01-24 14:28:55 ----DC---- C:\WINDOWS\$NtServicePackUninstall$
2013-01-24 14:26:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2013-01-24 12:11:58 ----AD---- C:\WINDOWS\system32\runouce.exe
2013-01-24 12:10:37 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-01-24 12:10:36 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-01-24 12:10:35 ----A---- C:\WINDOWS\system32\eEmpty.exe
2013-01-24 12:10:33 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\system32\T.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\REGEDIT.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\R.COM
2013-01-24 12:10:32 ----D---- C:\Program Files\Common Files\MicroWorld
2013-01-24 12:10:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-01-24 12:09:02 ----D---- C:\WINDOWS\temp
2013-01-24 11:56:45 ----D---- C:\WINDOWS\erdnt
2013-01-24 11:10:32 ----A---- C:\atl.dll
2013-01-24 10:42:51 ----A---- C:\WINDOWS\system32\msacm32.dll

======List of files/folders modified in the last 3 months======

2013-01-26 09:27:32 ----RD---- C:\Program Files
2013-01-25 20:23:07 ----SHD---- C:\WINDOWS\Installer
2013-01-25 20:22:37 ----D---- C:\WINDOWS\system32\drivers
2013-01-25 20:22:36 ----HD---- C:\WINDOWS\inf
2013-01-25 20:21:19 ----D---- C:\Program Files\ESET
2013-01-25 19:59:20 ----D---- C:\WINDOWS
2013-01-25 15:25:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-01-25 15:21:52 ----D---- C:\WINDOWS\system32
2013-01-25 09:54:24 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-25 09:52:36 ----D---- C:\WINDOWS\security
2013-01-25 09:19:44 ----D---- C:\Program Files\DAEMON Tools Toolbar
2013-01-25 09:04:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-01-25 08:59:22 ----D---- C:\WINDOWS\ehome
2013-01-25 08:54:26 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-25 08:52:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-25 08:50:50 ----D---- C:\WINDOWS\Debug
2013-01-25 08:39:27 ----SHD---- C:\System Volume Information
2013-01-24 22:54:07 ----D---- C:\WINDOWS\SoftwareDistribution
2013-01-24 19:35:20 ----RASH---- C:\boot.ini
2013-01-24 12:10:32 ----D---- C:\Program Files\Common Files
2013-01-24 12:07:41 ----A---- C:\WINDOWS\system.ini
2013-01-24 12:07:33 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-24 12:05:43 ----D---- C:\WINDOWS\AppPatch
2013-01-24 11:30:57 ----D---- C:\WINDOWS\Minidump
2013-01-24 11:30:57 ----D---- C:\WINDOWS\Logs
2013-01-24 11:30:57 ----D---- C:\Documents and Settings\PC\Data aplikací\DAEMON Tools Lite
2013-01-24 11:23:59 ----D---- C:\WINDOWS\system32\NtmsData
2012-12-04 21:16:45 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R0 kl1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2012-06-19 136024]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2011-04-11 2996]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-08-13 584536]
R1 kltdi;kltdi; C:\WINDOWS\system32\DRIVERS\kltdi.sys [2012-06-08 43608]
R1 kneps;kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [2012-08-13 144344]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 DLPortIO;DriverLINX Port I/O Driver; C:\WINDOWS\system32\drivers\DLPortIO.sys [1999-01-10 3584]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-08-19 154112]
R3 echogals;Layla20 Service; C:\WINDOWS\system32\drivers\echogals.sys [2002-11-13 196864]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S2 DMXUsbCr;DMX-USB Creator universal driver; C:\WINDOWS\System32\Drivers\dmxusbcr.sys [2009-03-24 18560]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000nt5.sys [2001-10-24 51231]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2005-12-19 28449]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2005-12-19 60572]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
S3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [2012-05-25 23896]
S3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2012-07-25 24920]
S3 lptdmxcr;lptdmxcr; \??\C:\Program Files\DMXCreatorTimeline\lptdmxcr.sys []
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\C:\Program Files\Magix\samplitude7_pro\mxasio.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 okdmx31;OksiD DMX 3/1 interface; C:\WINDOWS\System32\Drivers\okdmx31.sys [2011-04-11 3712]
S3 paeusbaudio;paeusbaudio; C:\WINDOWS\system32\DRIVERS\paeusbaudio.sys [2011-08-10 184656]
S3 paeusbaudiodsp;paeusbaudiodsp; C:\WINDOWS\system32\DRIVERS\paeusbaudiodsp.sys [2011-08-10 66384]
S3 paeusbaudioks;paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks.sys [2011-08-10 42320]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2004-08-24 319104]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader; C:\WINDOWS\system32\drivers\usb22ldr.sys [2012-02-03 14272]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBMN2X2;M-Audio USB MidiSport 2x2; C:\WINDOWS\system32\drivers\usbmn2x2.sys [2012-02-03 22304]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 zlportio;zlportio; \??\C:\Documents and Settings\PC\Plocha\PHOENIXstudios PC_DIMMER2008\zlportio.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-04-09 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-04-09 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-04-09 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3472376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-08-17 218880]
S2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------



Děkuji velmi moc za pomoc...

[Márty84]

Zdravim

Jako "vzorny navstevnik" byste mel snad vedet, ze ComboFix se na vlastni pest nepouziva Krom toho, ze je to poruseni pravidel fora a i licence CF, jste mi tim smazal veskere stopy pripadne nakazy a ja se ted nemam ceho chytit. A jeste k tomu jste smazal log To je fakt idealni kombinace.
Priste bude po svevolnem pouziti CF pomoc odmitnuta.
Ted se na to teda zkusime podivat, ale vysledek je nejisty a asi se to protahne


Jeden z antiviru dejte pryc
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice


Jelikoz je MWAV uz davno mrtvy, odinstalujte ho.


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Dandy123]

Jsem si vědom, že jsem udělal kravinu...
Kaspersky šel pryč, zůstal jen nový eset trial. MWAV šel taky pryč....
MBAM na rychlou kontrolu nenašel nic... Pustil jsem hloubkovou..

[Márty84]

To bohuzel ano, ale ted uz s tim nic nenadelame

Doufam, ze ten mesicni trial esetu nebudete pouzivat rok

Ano, tu jsem chtel. At to proleze vsechno, uvidime, jestli neco vystoura.

[Dandy123]

Nejspíše tam dám Free Aviru... PC se bude používat bez připojení k netu...


MBAM našel 13 věcí..posílám log:


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
http://www.malwarebytes.org

Verze: v2013.01.26.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
PC :: PEPA [administrátor]

Ochrana: Zakázána

26.1.2013 11:43:26
MBAM-log-2013-01-26 (13-39-21).txt

Typ: Kompletní kontrola (C:\|D:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 432453
Uplynulý čas: 1 hodin, 15 minut, 9 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 13
C:\Documents and Settings\PC\Plocha\Magic Video Converter 8.0.10.28\Magic Video Converter.exe (Trojan.Backdoor) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\PC\Plocha\Magic Video Converter 8.0.10.28\Stubs\bfd26d349fb0e3c579711e96b2cc4da3917d162c\avcore.dll (Trojan.Backdoor) -> Nebyla provedena žádná instrukce.
C:\servis\produkey\ProduKey.exe (PUP.PSWTool.ProductKey) -> Nebyla provedena žádná instrukce.
D:\guru\GURU_v1-6-12_Both.exe (Rogue.Multiple) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{AFDE8FA7-C4C9-4F69-949A-738988C1CF4E}\RP801\A0086408.exe (Worm.Brontok) -> Nebyla provedena žádná instrukce.
D:\VST\HADY DVD\Applied.Acoustics.Ultra.Analog.VA-1.VSTi.DXi.RTAS.v1.1.4.Incl.Keygen-AiR\a-ua114\Keygen.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
D:\VST\HADY DVD\voxengo22nov2010-air_avaxhome.ru\Voxengo.Deft.Compressor.VST.v1.2.x86.x64.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
D:\VST\HADY DVD\voxengo22nov2010-air_avaxhome.ru\Voxengo.Elephant.VST.v3.7.2.x86.x64.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
D:\VST\HADY DVD\voxengo22nov2010-air_avaxhome.ru\Voxengo.Soniformer.VST.v3.1.x86.x64.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
G:\AUDIO\RM BAND\ostatni\PC\Traktor.DJ.Studio.v2.6\Native.Instruments.Traktor.DJ.Studio.v2.6.1.022-H2O\traktor261_keygen.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
G:\AUDIO\RM BAND\ostatni\PC\winRAR\patch.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
G:\SOFTWARE\CUBASE 4\Cubase\Cubase\SCS4\SCS4\AutoPlay\Docs\Cubase Studio 4 for Windows\cmdow.exe (PUP.Tool) -> Nebyla provedena žádná instrukce.
G:\System Volume Information\_restore{AFDE8FA7-C4C9-4F69-949A-738988C1CF4E}\RP801\A0086411.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

Nalezy nechte odstranit.

Jelikoz mate havet v bodech obnovy, vymazte je http://forum.viry.cz/viewtopic.php?f=46&t=47040

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[Dandy123]

Nalezy nechte odstranit.

Jelikoz mate havet v bodech obnovy, vymazte je http://forum.viry.cz/viewtopic.php?f=46&t=47040

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Obnovení systému nejde spustit.
Nástroj Obnovení systému nemůže zajistit ochranu počítače. Restartujte počítač atd... Po restartování zase to samé.
Je to vypnutý i jako služba...Jakmile dám spustit, tak vyskočí, že uvedený modul nebyl nalezen.

[Márty84]

Dobra, pokracujte RogueKillerem

[Dandy123]

RogueKiller log:

RogueKiller V8.4.3 [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pepa [Práva správce]
Mód : Kontrola -- Datum : 01/26/2013 14:49:33
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3760f226f981db76b7b34e38449ce2cf
[BSP] f0f710cf2f201aebd967f8d669d31226 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 34428 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 60be17d1c011bc8f9e99db3bea4d05da
[BSP] 04dda0f60acb62a4b5fa90835b88d1d4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_01262013_02d1449.txt >>
RKreport[1]_S_01262013_02d1449.txt

[Márty84]

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[Dandy123]

Posílám první log:

RogueKiller V8.4.3 [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pepa [Práva správce]
Mód : Odebrat -- Datum : 01/26/2013 15:32:34
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3760f226f981db76b7b34e38449ce2cf
[BSP] f0f710cf2f201aebd967f8d669d31226 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 80003 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 163846935 | Size: 34428 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 60be17d1c011bc8f9e99db3bea4d05da
[BSP] 04dda0f60acb62a4b5fa90835b88d1d4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[4]_D_01262013_02d1532.txt >>
RKreport[1]_S_01262013_02d1449.txt ; RKreport[2]_D_01262013_02d1532.txt ; RKreport[3]_S_01262013_02d1532.txt ; RKreport[4]_D_01262013_02d1532.txt

[Dandy123]

Posílám druhý log:

RogueKiller V8.4.3 [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Pepa [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/26/2013 15:33:42
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5]_H_01262013_02d1533.txt >>
RKreport[1]_S_01262013_02d1449.txt ; RKreport[2]_D_01262013_02d1532.txt ; RKreport[3]_S_01262013_02d1532.txt ; RKreport[4]_D_01262013_02d1532.txt ; RKreport[5]_H_01262013_02d1533.txt

[Márty84]

Dejte novy log z RSIT

[Dandy123]

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2013-01-26 15:45:46
WIN_XP Service Pack 2
System drive C: has 40 GB (50%) free of 80 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:45:49, on 26.1.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\servis\RSIT.exe
C:\Program Files\trend micro\studio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SNMP - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: Zachytávání pro službu SNMP (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 4331 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-26 5074384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-04-13 2387968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2004-08-17 22016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave8"=EchogalsWrap.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-01-26 14:28:19 ----D---- C:\Program Files\Yamicsoft
2013-01-26 11:31:30 ----D---- C:\Documents and Settings\Pepa\Data aplikací\Malwarebytes
2013-01-26 11:31:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-01-26 11:31:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-01-26 11:31:04 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-01-26 11:30:22 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-01-26 09:27:32 ----D---- C:\Program Files\trend micro
2013-01-26 09:27:29 ----D---- C:\rsit
2013-01-26 08:34:45 ----D---- C:\Program Files\Google
2013-01-25 20:30:40 ----D---- C:\Documents and Settings\Pepa\Data aplikací\ESET
2013-01-25 20:21:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2013-01-25 09:04:18 ----A---- C:\WINDOWS\002906_.tmp
2013-01-25 08:52:35 ----A---- C:\WINDOWS\imsins.BAK
2013-01-25 08:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2013-01-25 08:52:27 ----HD---- C:\WINDOWS\$hf_mig$
2013-01-25 08:51:39 ----D---- C:\Program Files\MSECache
2013-01-25 08:50:48 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-25 08:45:48 ----D---- C:\Program Files\Microsoft Download Manager
2013-01-25 07:21:39 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2013-01-25 07:21:39 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2013-01-25 07:20:51 ----ASH---- C:\WINDOWS\system32\drivers\fidbox2.dat
2013-01-25 07:20:51 ----ASH---- C:\WINDOWS\system32\drivers\fidbox.dat
2013-01-25 07:19:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2013-01-24 23:33:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-24 23:31:29 ----SHD---- C:\RECYCLER
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\VDLL.DLL
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\RUNDL132.EXE
2013-01-24 23:26:09 ----AD---- C:\WINDOWS\logo_1.exe
2013-01-24 22:24:23 ----A---- C:\WINDOWS\002904_.tmp
2013-01-24 22:13:27 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2013-01-24 22:13:27 ----A---- C:\WINDOWS\system32\drivers\Rtnicxp.sys
2013-01-24 20:37:08 ----D---- C:\servis
2013-01-24 15:18:21 ----D---- C:\Program Files\TeamViewer
2013-01-24 15:10:55 ----ASH---- C:\BOOT.BAK
2013-01-24 15:10:18 ----D---- C:\$WIN_NT$.~BT
2013-01-24 15:10:18 ----A---- C:\WINDOWS\UPGRADE.TXT
2013-01-24 15:04:33 ----ASH---- C:\pagefile.sys
2013-01-24 14:34:31 ----D---- C:\RegBackup
2013-01-24 14:32:23 ----A---- C:\WINDOWS\002905_.tmp
2013-01-24 14:28:55 ----DC---- C:\WINDOWS\$NtServicePackUninstall$
2013-01-24 14:26:27 ----D---- C:\WINDOWS\system32\CatRoot_bak
2013-01-24 12:11:58 ----AD---- C:\WINDOWS\system32\runouce.exe
2013-01-24 12:10:37 ----A---- C:\WINDOWS\system32\msvcr80.dll
2013-01-24 12:10:36 ----A---- C:\WINDOWS\system32\msvcp80.dll
2013-01-24 12:10:35 ----A---- C:\WINDOWS\system32\eEmpty.exe
2013-01-24 12:10:33 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\system32\T.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\REGEDIT.COM
2013-01-24 12:10:33 ----A---- C:\WINDOWS\R.COM
2013-01-24 12:10:32 ----D---- C:\Program Files\Common Files\MicroWorld
2013-01-24 12:10:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2013-01-24 12:09:02 ----D---- C:\WINDOWS\temp
2013-01-24 11:56:45 ----D---- C:\WINDOWS\erdnt
2013-01-24 11:10:32 ----A---- C:\atl.dll
2013-01-24 10:42:51 ----A---- C:\WINDOWS\system32\msacm32.dll

======List of files/folders modified in the last 1 month======

2013-01-26 15:42:25 ----D---- C:\WINDOWS\system32\drivers
2013-01-26 14:47:35 ----RD---- C:\WINDOWS\Web
2013-01-26 14:47:35 ----RD---- C:\Program Files
2013-01-26 14:47:17 ----D---- C:\WINDOWS
2013-01-26 14:46:42 ----A---- C:\WINDOWS\ODBCINST.INI
2013-01-26 14:45:54 ----D---- C:\WINDOWS\system32\CatRoot
2013-01-26 14:45:52 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-26 14:44:36 ----D---- C:\WINDOWS\system32\ias
2013-01-26 14:44:22 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2013-01-26 14:42:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-01-26 14:28:30 ----SHD---- C:\WINDOWS\Installer
2013-01-26 14:16:26 ----D---- C:\Documents and Settings
2013-01-26 14:15:57 ----RASH---- C:\boot.ini
2013-01-26 13:58:46 ----D---- C:\WINDOWS\addins
2013-01-26 11:30:25 ----SD---- C:\WINDOWS\Tasks
2013-01-26 11:30:22 ----D---- C:\WINDOWS\system32
2013-01-26 11:28:38 ----D---- C:\Program Files\ESET
2013-01-26 11:06:24 ----HD---- C:\WINDOWS\inf
2013-01-25 15:25:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-01-25 09:52:36 ----D---- C:\WINDOWS\security
2013-01-25 09:19:44 ----D---- C:\Program Files\DAEMON Tools Toolbar
2013-01-25 09:04:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-01-25 08:59:22 ----D---- C:\WINDOWS\ehome
2013-01-25 08:50:50 ----D---- C:\WINDOWS\Debug
2013-01-25 08:39:27 ----SHD---- C:\System Volume Information
2013-01-24 22:54:07 ----D---- C:\WINDOWS\SoftwareDistribution
2013-01-24 12:10:32 ----D---- C:\Program Files\Common Files
2013-01-24 12:07:41 ----A---- C:\WINDOWS\system.ini
2013-01-24 12:07:33 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-24 12:05:43 ----D---- C:\WINDOWS\AppPatch
2013-01-24 11:30:57 ----D---- C:\WINDOWS\Minidump
2013-01-24 11:30:57 ----D---- C:\WINDOWS\Logs
2013-01-24 11:30:57 ----D---- C:\Documents and Settings\Pepa\Data aplikací\DAEMON Tools Lite
2013-01-24 11:23:59 ----D---- C:\WINDOWS\system32\NtmsData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2011-04-11 2996]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 DLPortIO;DriverLINX Port I/O Driver; C:\WINDOWS\system32\drivers\DLPortIO.sys [1999-01-10 3584]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-08-19 154112]
R3 echogals;Layla20 Service; C:\WINDOWS\system32\drivers\echogals.sys [2002-11-13 196864]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S2 DMXUsbCr;DMX-USB Creator universal driver; C:\WINDOWS\System32\Drivers\dmxusbcr.sys [2009-03-24 18560]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000nt5.sys [2001-10-24 51231]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2005-12-19 28449]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2005-12-19 60572]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
S3 lptdmxcr;lptdmxcr; \??\C:\Program Files\DMXCreatorTimeline\lptdmxcr.sys []
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\C:\Program Files\Magix\samplitude7_pro\mxasio.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 okdmx31;OksiD DMX 3/1 interface; C:\WINDOWS\System32\Drivers\okdmx31.sys [2011-04-11 3712]
S3 paeusbaudio;paeusbaudio; C:\WINDOWS\system32\DRIVERS\paeusbaudio.sys [2011-08-10 184656]
S3 paeusbaudiodsp;paeusbaudiodsp; C:\WINDOWS\system32\DRIVERS\paeusbaudiodsp.sys [2011-08-10 66384]
S3 paeusbaudioks;paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks.sys [2011-08-10 42320]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2004-08-24 319104]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader; C:\WINDOWS\system32\drivers\usb22ldr.sys [2012-02-03 14272]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBMN2X2;M-Audio USB MidiSport 2x2; C:\WINDOWS\system32\drivers\usbmn2x2.sys [2012-02-03 22304]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 zlportio;zlportio; \??\C:\Documents and Settings\Pepa\Plocha\PHOENIXstudios PC_DIMMER2008\zlportio.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-04-09 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-04-09 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-04-09 104960]
S3 ZTEusbvoice;ZTE VoUSB Port; C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3472376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 251400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Márty84]

Odinstalujte MBAM


Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[ClearAllRestorePoints]
[RESETHOSTS]
[Purity]

:services
AdobeFlashPlayerUpdateSvc
SNMP
NMIndexingService
SNMPTRAP

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Czech\setup.exe"=-

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)