r.o.s.t.a.c.k.a - kontrola logu.

Zpráva

#61 Příspěvek od **JaRon** » 01 srp 2007 12:16

zalezi od BD http://www.bitdefender.com/site/view/co ... k=SiteHome
ak Tvoj nema FW - mozes pouzit Kerio

r.o.s.t.a.c.k.a

JaRon píše:zalezi od BD http://www.bitdefender.com/site/view/co ... k=SiteHome
ak Tvoj nema FW - mozes pouzit Kerio

Tak jsem se divala a ma ho

r.o.s.t.a.c.k.a

Zase mi to blbne - skoro se nedostanu na net, proto prosim o kontrolu... Zda se mi tam divnej jeden programek - bonjour - vubec nevim, kde se tu vzal, kazdopadne se po spusteni PC dozadoval pripojeni na net (coz jsem zakazala pres bit defendera)

Logfile of HijackThis v1.99.1
Scan saved at 17:50:18, on 9.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Junior\Plocha\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1815401495
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1815325906
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

r.o.s.t.a.c.k.a

Prosim vas je v tom logu neco spatneho? Dnes to blblo jeste vic, mam pocit, ze jsem nejakyho vira chytla

#65 Příspěvek od **Rudy** » 10 srp 2007 17:56

Log vypadá čistý. Bonjour je, pokud vím, korektní. Kontaktovala jste providera?

r.o.s.t.a.c.k.a

Rudy píše:Log vypadá čistý. Bonjour je, pokud vím, korektní. Kontaktovala jste providera?

Vcera, kdyz nesel vubec... Restartovali mi modem a net jde (ale chvilema je to silene pomale - ale to neni poskytovatelem, to takhle blbne posledni dobou porad).. Ale PC je celkove zpomaleny, to neni tim... Nemuze mi ho treba zpomalovat bitdefender? Nemam se vratit ke kasperskemu radeji?

#67 Příspěvek od **Rudy** » 11 srp 2007 17:58

Každý rezidentní program víceméně PC zpomaluje. Vyzkoušejte jiný antivir.

r.o.s.t.a.c.k.a

Rudy píše:Každý rezidentní program víceméně PC zpomaluje. Vyzkoušejte jiný antivir.

Muzete mi prosim nejaky dobry doporucit? Urcite nechci Avast a podobne. Mivala jsem Kasperskeho, mam se k nemu vratit? A jaky antispyware a firewall je k tomu nejidealnejsi? Dekuji za pomoc...

#69 Příspěvek od **Rudy** » 12 srp 2007 13:16

Kaspersky zkusit můžete, pokud jste s ním měla dobré zkušenosti. Patří mezi špičku. Z free AV ještě Avira, která má velmi malé nároky na systémové prostředky a solidní detekční schopnost.

r.o.s.t.a.c.k.a

Rudy píše:Kaspersky zkusit můžete, pokud jste s ním měla dobré zkušenosti. Patří mezi špičku. Z free AV ještě Avira, která má velmi malé nároky na systémové prostředky a solidní detekční schopnost.

Rozhodla jsem se, ze si zatim jeste chvilku necham bitdefendera... Az bude trocha casu, zalohoju si veci a reinstaluju system + formatovani disku.. Pak si tam dam kasperskeho.. Muzu jeste poprosit o radu? Jaky firewall a antispyware je ke kasperskemu nejvhodnejsi a nepusobi problemy, jako napr. zpomalovani PC? Nejlepe v cestine, ale neni podminkou.. Dekuju

#71 Příspěvek od **Rudy** » 13 srp 2007 20:32

Myslím, že jako firewall Comodo (má relativně malé nároky na syst. prostředky) a jako antispy SuperAntispyware. Není zač!

r.o.s.t.a.c.k.a

Prosím o kontrolu logu, mám nějaký vir - nebo spíš několik virů.. Nevím, s čím se mi dostaly do PC, nějaký "malware"...
Jedna drobnost, nevím, jestli to může být virem způsobeno, ale je to divné - cca před týdnem jsme s přítelem postřehli, že se nám kompletně změnilo písmo (maličko odlišný typ a drobnější).. Projevilo se to na ploše u popisků ikonek, v total commanderovi, na internetu, zkrátka všude máme jiné písmo.. Ale žádné nastavení jsme neměnili.. Projížděla jsem včera i dnes PC antivirem, sice to něco našlo, ale nejde to smazat, pouze hodit do karantény a když jsem se tam dívala, jsou tam jen 2 soubory, i když jsem jich do karantény dala více..

Logfile of HijackThis v1.99.1
Scan saved at 19:53:43, on 18.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Programs\Adobe Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\QIP\qip.exe
c:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [16 move] C:\DOCUME~1\Nanina\DATAAP~1\ROADBE~1\Fork eq sixth.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programs\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#73 Příspěvek od **Rudy** » 18 dub 2008 19:01

Fixněte v HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKCU\..\Run: [16 move] C:\DOCUME~1\Nanina\DATAAP~1\ROADBE~1\Fork eq sixth.exe

Restartujte PC a dejte log z ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe . Chybí firewall.

r.o.s.t.a.c.k.a

Hotovo... Můžete mi poradit nějaký opravdu kvalitní (nejlépe free) firewall? Pokud možno v češtině, aby bylo snadné ho nastavit... Hodilo by se mi něco, co kontroluje PC neustále...Děkuji..

ComboFix 08-04-17.1 - Nanina 2008-04-18 20:09:50.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.675 [GMT 2:00]
Running from: c:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nanina\Data aplikací\inst.exe
C:\WINDOWS\assys.dll
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\micr0st.dll
C:\WINDOWS\uawin.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 20:06 . 2008-04-18 20:06 <DIR> d-------- C:\backups
2008-04-18 20:04 . 2008-04-18 20:04 1,770,815 --a------ C:\ComboFix.exe
2008-04-18 19:53 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
2008-04-18 13:09 . 2008-04-18 13:09 <DIR> d-------- C:\Program Files\QIP
2008-04-16 17:37 . 2008-04-16 17:45 <DIR> d-------- C:\Downloads
2008-04-15 15:06 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-15 15:06 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-15 04:20 . 2008-04-15 04:20 8 --a------ C:\Documents and Settings\Nanina\Data aplikací\NMM-MetaData.db
2008-04-13 10:07 . 2008-04-13 10:23 <DIR> d-------- C:\Program Files\ModTheSims2.com
2008-04-13 06:51 . 2008-04-13 06:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-13 06:51 . 2008-04-13 06:51 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-13 06:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-07 21:17 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-07 21:17 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-07 21:17 . 2008-04-07 21:17 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-07 21:17 . 2008-04-07 21:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-07 21:15 . 2008-04-07 21:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-07 21:15 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-07 21:15 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-07 21:15 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-07 21:15 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-07 21:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-07 21:15 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-03-29 22:25 . 2008-04-10 13:33 <DIR> d-------- C:\Documents and Settings\BORDEL KUA
2008-03-25 12:21 . 2008-03-25 12:21 <DIR> d-------- C:\Program Files\Rockstar Games
2008-03-25 12:20 . 2008-04-07 08:17 <DIR> d-------- C:\== Image ===
2008-03-21 14:10 . 2008-03-21 14:33 <DIR> d-------- C:\Documents and Settings\Eden

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-16 15:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\uTorrent
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 16:50 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Vso
2008-04-15 13:06 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-13 04:51 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-13 04:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-04-07 19:15 --------- d-----w C:\Program Files\Nokia
2008-03-26 09:01 --------- d-----w C:\Program Files\totalcmd
2008-03-25 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 17:14 --------- d-----w C:\Program Files\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-17 17:14 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\DVD Flick
2008-03-15 06:23 --------- d-----w C:\Program Files\AllToAVI
2008-03-14 18:12 --------- d-----w C:\Program Files\SMPlayer
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:52 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\IObit
2008-03-14 06:51 --------- d-----w C:\Program Files\IObit
2008-03-08 08:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-05 18:44 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Nokia
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:28 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\Talkback
2008-03-02 21:27 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-03-02 12:58 69,632 ----a-w C:\WINDOWS\AutoUpdateWin31.dll
2008-03-02 12:58 32,768 ----a-w C:\WINDOWS\AutoUpdateWin33.exe
2008-02-29 20:17 --------- d-----w C:\Program Files\MagicISO
2008-02-28 20:22 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\Ahead
2008-02-28 09:44 --------- d-----w C:\Program Files\SlySoft
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-23 13:03 --------- d-----w C:\Documents and Settings\Nanina\Data aplikací\PC Suite
2008-02-20 06:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-02-01 13:17 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 81,920 ----a-w C:\Documents and Settings\Nanina\Data aplikací\ezpinst.exe
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-12-22 08:39 47,360 ----a-w C:\Documents and Settings\Nanina\Data aplikací\pcouffin.sys
2007-09-13 20:47 66,936 --sha-w C:\WINDOWS\hrinfo_0.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"DAEMON Tools Lite"="C:\Programs\DAEMON Tools\daemon.exe" [2007-12-29 14:05 486856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 12:24 47104 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 13:07 262401]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Programs\Adobe Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programs\\QIP\\qip.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-04-17 13:07]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-04-17 13:07]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-04-17 13:07]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 18:00:00 C:\WINDOWS\Tasks\B1F60F8290A1801E.job"
- c:\docume~1\nanina\dataap~1\roadbe~1\blah software wave.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 20:11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

folder error: C:\DOCUME~1\Nanina\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 20:13:54
ComboFix-quarantined-files.txt 2008-04-18 18:13:37

Adresářů: 13, Volných bajtů: 27,114,795,008
Adresářů: 18, Volných bajtů: 27,161,812,992

r.o.s.t.a.c.k.a

Je tedy už PC čistý, nebo mám smazat ještě něco?