Security Tool - vir

[stell]

pa,pa
ahoj,,

[HnB]

Dobrý den,
mám stejný problém. Zkoušel jsem to vyřešit podle předchozích postupů uvedených v tomto vlákně, ale bohužel neúspěšně. Zde přikládám log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-06 16:52:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (11%) free of 30 GB
Total RAM: 2038 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:13, on 6.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [InvokeSvc.exe] C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [50445927] C:\DOCUME~1\ALLUSE~1\DATAAP~1\50445927\50445927.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1547161642-926492609-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'milhaus')
O4 - HKUS\S-1-5-21-1547161642-926492609-839522115-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'milhaus')
O4 - HKUS\S-1-5-21-1547161642-926492609-839522115-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'milhaus')
O4 - HKUS\S-1-5-21-1547161642-926492609-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\milhaus\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c (User 'milhaus')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1547161642-926492609-839522115-1003 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'milhaus')
O4 - S-1-5-21-1547161642-926492609-839522115-1003 Startup: zavupd32.exe (User 'milhaus')
O4 - S-1-5-21-1547161642-926492609-839522115-1003 User Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'milhaus')
O4 - S-1-5-21-1547161642-926492609-839522115-1003 User Startup: zavupd32.exe (User 'milhaus')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GtkLogon - C:\WINDOWS\SYSTEM32\GtkLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - K:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Windows_rejoice2007_101 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice101.exe (file missing)

--
End of file - 7957 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-926492609-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-926492609-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-26 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-26 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-26 137752]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-23 136600]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-12-02 111928]
"InvokeSvc.exe"=C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe [2006-07-12 921600]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-02-07 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"50445927"=C:\DOCUME~1\ALLUSE~1\DATAAP~1\50445927\50445927.exe [2009-11-05 1055269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GtkLogon]
C:\WINDOWS\system32\GtkLogon.dll [2006-01-19 81978]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Total Commander\TOTALCMD.EXE"="C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"K:\Program Files\Nero Sipps\Phone.exe"="K:\Program Files\Nero Sipps\Phone.exe:*:Disabled:Phone"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2009-11-06 16:52:06 ----D---- C:\rsit
2009-11-06 16:52:06 ----D---- C:\Program Files\trend micro
2009-11-06 16:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2009-11-06 16:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2009-11-06 16:49:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2009-11-06 16:43:58 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-06 16:42:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-06 15:28:00 ----D---- C:\Program Files\CCleaner
2009-11-06 15:26:00 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2009-11-06 15:26:00 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2009-11-06 15:25:39 ----SHD---- C:\WINDOWS\CSC
2009-11-05 18:47:23 ----D---- C:\Program Files\WinPcap
2009-11-05 18:46:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\50445927
2009-11-01 13:14:31 ----A---- C:\WINDOWS\TV.INI
2009-10-31 14:09:25 ----D---- C:\Program Files\Valve
2009-10-28 18:54:09 ----D---- C:\Program Files\Common Files\Aladdin Shared
2009-10-28 18:53:59 ----A---- C:\WINDOWS\system32\hasplms.exe
2009-10-28 18:53:36 ----A---- C:\WINDOWS\system32\aksusb2.dll
2009-10-28 18:53:36 ----A---- C:\WINDOWS\system32\aksllmtp.exe
2009-10-28 18:53:36 ----A---- C:\WINDOWS\system32\akshsp50.dll
2009-10-28 18:53:36 ----A---- C:\WINDOWS\system32\akshhl26.dll
2009-10-27 21:21:10 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-27 21:21:10 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-27 21:21:09 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-27 21:21:08 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-27 21:21:08 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-27 21:21:07 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-27 21:21:07 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-27 21:21:06 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-10-27 21:21:06 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-10-27 21:21:05 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-10-27 21:21:04 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-27 21:21:04 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-27 21:21:03 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-27 21:21:03 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-27 21:21:02 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-27 21:21:02 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-27 21:21:01 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-27 21:21:00 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-10-27 21:21:00 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-10-27 21:19:18 ----D---- C:\WINDOWS\system32\AGEIA
2009-10-27 21:19:18 ----D---- C:\Program Files\AGEIA Technologies

======List of files/folders modified in the last 1 months======

2009-11-06 16:52:06 ----RD---- C:\Program Files
2009-11-06 16:49:36 ----D---- C:\Program Files\Mozilla Firefox
2009-11-06 16:43:58 ----D---- C:\WINDOWS
2009-11-06 16:42:58 ----D---- C:\WINDOWS\Temp
2009-11-06 15:54:03 ----D---- C:\WINDOWS\Prefetch
2009-11-06 15:45:02 ----D---- C:\WINDOWS\system32
2009-11-06 15:42:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-06 15:29:55 ----D---- C:\WINDOWS\Debug
2009-11-06 15:25:59 ----D---- C:\Documents and Settings
2009-11-05 18:47:23 ----D---- C:\WINDOWS\system32\drivers
2009-10-31 18:20:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-31 18:20:21 ----HD---- C:\WINDOWS\inf
2009-10-31 14:32:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-28 18:54:09 ----D---- C:\Program Files\Common Files
2009-10-28 18:53:08 ----D---- C:\Program Files\PROTECH
2009-10-27 22:46:32 ----SHD---- C:\WINDOWS\Installer
2009-10-27 21:21:12 ----D---- C:\WINDOWS\system32\DirectX
2009-10-27 21:20:38 ----RSD---- C:\WINDOWS\assembly
2009-10-27 21:19:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-24 19:22:04 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-23 09:08:11 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-27 21275]
S2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-18 350720]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
S2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
S2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
S3 av3obxon;av3obxon; C:\WINDOWS\system32\drivers\av3obxon.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-06 4622848]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-06 10342784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-04-24 2562048]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-23 152984]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Windows_rejoice2007_101;Windows_rejoice2007_101; C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice101.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-29 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; K:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Za případnou pomoc děkuji.

[stell]

zdravim
HnB
stale treba otvorit vlastnu novu temu,,ale ked uz si tu tak co s tebou,
Nikdy nepouzivaj ziadny postup,,malware casto a nahodne menia svoje nazvy a tak mozes poskodit system,
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Program Files\SweetIM\Toolbars
C:\DOCUME~1\ALLUSE~1\DATAAP~1\50445927
C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice101.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"50445927"=-

:services
Windows_rejoice2007_101

:commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

[HnB]

Zde je výsledek:

Kód: Vybrat vše

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer moved successfully.
C:\Program Files\SweetIM\Toolbars moved successfully.
C:\DOCUME~1\ALLUSE~1\DATAAP~1\50445927 moved successfully.
File/Folder C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice101.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\50445927 deleted successfully.
========== SERVICES/DRIVERS ==========

Service\Driver Windows_rejoice2007_101 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 434890 bytes
->FireFox cache emptied: 27304170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: milhaus
->Temp folder emptied: 232 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26309997 bytes
->Google Chrome cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 51,61 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTM by OldTimer - Version 3.0.0.6 log created on 11062009_173121

Files moved on Reboot...

Registry entries deleted on Reboot...

[stell]

ok,poprosim ta aby si dalsie logy nedaval do code,dakujem

Stiahnes>>Malwarebytes' Anti-Malware
sprav komplet skan,,log vloz sem,

[HnB]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3111
Windows 5.1.2600 Service Pack 3

6.11.2009 18:28:34
mbam-log-2009-11-06 (18-28-25).txt

Typ kontroly: Kompletní kontrola (C:\|K:\|)
Zkontrolované objekty: 215862
Uplynulý čas: 33 minute(s), 15 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\_OTM\MovedFiles\11062009_173121\DOCUME~1\ALLUSE~1\DATAAP~1\50445927\50445927.exe (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\milhaus\Nabídka Start\Programy\Po spuštění\zavupd32.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\milhaus\Plocha\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\milhaus\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\milhaus\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

[stell]

ok,daj vsetko zmazat a pokracujes combofixom

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[HnB]

ComboFix 09-11-05.05 - milhaus 06.11.2009 18:47.1.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1566 [GMT 1:00]
Spuštěný z: c:\documents and settings\milhaus\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Soubory vytvořené od 2009-10-06 do 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 16:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 16:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 16:46 . 2009-11-06 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 16:31 . 2009-11-06 16:31 -------- d-----w- C:\_OTM
2009-11-06 15:52 . 2009-11-06 15:52 -------- d-----w- C:\rsit
2009-11-06 15:52 . 2009-11-06 15:52 -------- d-----w- c:\program files\trend micro
2009-11-06 14:28 . 2009-11-06 14:28 -------- d-----w- c:\program files\CCleaner
2009-11-06 14:26 . 2009-11-06 16:28 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-31 13:09 . 2009-11-03 18:33 -------- d-----w- c:\program files\Valve
2009-10-28 17:54 . 2009-10-28 17:54 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2009-10-28 17:53 . 2008-04-24 12:40 2562048 ----a-w- c:\windows\system32\hasplms.exe
2009-10-28 17:53 . 2008-03-18 15:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2009-10-28 17:53 . 2008-04-24 12:40 2562048 ----a-w- c:\windows\system32\aksllmtp.exe
2009-10-28 17:53 . 2008-01-09 17:08 29184 ----a-w- c:\windows\system32\akshhl26.dll
2009-10-28 17:53 . 2007-12-20 07:48 31232 ----a-w- c:\windows\system32\aksusb2.dll
2009-10-28 17:53 . 2007-07-23 14:12 46336 ----a-w- c:\windows\system32\drivers\akshhl.sys
2009-10-28 17:53 . 2007-07-14 14:55 9216 ----a-w- c:\windows\system32\akshsp50.dll
2009-10-27 20:19 . 2009-10-27 20:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-27 20:19 . 2009-10-27 20:19 -------- d-----w- c:\windows\system32\AGEIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 16:31 . 2009-01-03 16:01 -------- d-----w- c:\program files\SweetIM
2009-11-06 14:42 . 2001-10-25 12:00 70106 ----a-w- c:\windows\system32\perfc005.dat
2009-11-06 14:42 . 2001-10-25 12:00 393192 ----a-w- c:\windows\system32\perfh005.dat
2009-10-31 13:32 . 2008-11-23 15:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 17:53 . 2008-11-30 15:47 -------- d-----w- c:\program files\PROTECH
2009-09-30 16:35 . 2009-04-26 12:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-30 16:28 . 2009-09-30 16:28 -------- d-----w- c:\program files\Common Files\Skype
2009-09-30 16:28 . 2009-09-30 16:28 -------- d-----r- c:\program files\Skype
2009-09-19 15:04 . 2009-09-19 15:02 -------- d-----w- c:\program files\Common Files\snpstd3
2009-09-09 19:46 . 2008-11-30 16:18 -------- d-----w- c:\program files\Microsoft Silverlight
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"InvokeSvc.exe"="c:\program files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe" [2006-07-12 921600]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-02-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"combofix"="c:\combofix\CF16223.exe" [2009-11-06 390144]
"Alcmtr"="ALCMTR.EXE" - c:\windows\Alcmtr.exe [2005-05-03 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\milhaus\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-23 962663]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GtkLogon]
2006-01-19 05:57 81978 ----a-w- c:\windows\system32\GtkLogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"k:\\Program Files\\Nero Sipps\\Phone.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\CDPoker\casino.exe
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\milhaus\Data aplikací\Mozilla\Firefox\Profiles\pktyqyxm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Google Update - c:\documents and settings\milhaus\Local Settings\Data aplikaci´\Google\Update\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 18:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbb.sys >>UNKNOWN [0x89DF1938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFCB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\GtkLogon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2009-11-06 18:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-06 17:54

Před spuštěním: 3 312 390 144
Po spuštění: 3 197 026 304

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DE3F9D3A7F97111B7E0E12096B6EE8EF

[stell]

otestujte na VIRUSTOTALu
c:\windows\system32\hasplms.exe
(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

[HnB]

Soubor hasplms.exe přijatý 2009.11.06 18:24:59 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/40 (0%)

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.06 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.06 -
Avast 4.8.1351.0 2009.11.06 -
AVG 8.5.0.423 2009.11.06 -
BitDefender 7.2 2009.11.06 -
CAT-QuickHeal 10.00 2009.11.06 -
ClamAV 0.94.1 2009.11.06 -
Comodo 2862 2009.11.06 -
DrWeb 5.0.0.12182 2009.11.06 -
eTrust-Vet 35.1.7107 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.06 -
GData 19 2009.11.06 -
Ikarus T3.1.1.74.0 2009.11.06 -
Jiangmin 11.0.800 2009.11.06 -
K7AntiVirus 7.10.890 2009.11.06 -
Kaspersky 7.0.0.125 2009.11.06 -
McAfee 5794 2009.11.06 -
McAfee+Artemis 5794 2009.11.06 -
McAfee-GW-Edition 6.8.5 2009.11.06 -
Microsoft 1.5202 2009.11.06 -
NOD32 4580 2009.11.06 -
Norman 6.03.02 2009.11.06 -
nProtect 2009.1.8.0 2009.11.06 -
Panda 10.0.2.2 2009.11.06 -
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.06 -
Rising 21.54.44.00 2009.11.06 -
Sophos 4.47.0 2009.11.06 -
Sunbelt 3.2.1858.2 2009.11.06 -
Symantec 1.4.4.12 2009.11.06 -
TheHacker 6.5.0.2.062 2009.11.05 -
TrendMicro 9.0.0.1003 2009.11.06 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 -
Rozšiřující informace
File size: 2562048 bytes
MD5...: 210e251e9ce3a9e8d336c23546c2e1fc
SHA1..: ec89fbdd0d2c2e5e5d77f9c3b4286331766f5a40
SHA256: 0194ee3276c4ac57b9be3f956e7bc464e6ad5f3c636c222332d1044b8fec9ca4
ssdeep: 49152:vSiiXg6/UR67rUmIf54RsPOFvJOMckMfkzh0HC:JIgNgXfA4WPzoKHC
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4df000
timedatestamp.....: 0x4810427d (Thu Apr 24 08:19:09 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.sect0 0x1000 0x4dc007 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x4de000 0x778 0x3e00 7.77 aec9166b5333e3a9f2901b8b2bb07b71
.protext 0x4df000 0x539c 0x5400 7.98 efcb243d8930ae0b6b0e970739c22d4c
.prodata 0x4e5000 0x26d51d 0x268200 7.41 cd0c4687503e99460942141e730fe6fc

( 6 imports )
> KERNEL32.dll: Sleep
> WSOCK32.dll: -
> ADVAPI32.dll: RegCloseKey
> USER32.dll: RegisterDeviceNotificationA
> dbghelp.dll: GetTimestampForLoadedLibrary
> VERSION.dll: VerQueryValueW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
MS Flight Simulator Aircraft Performance Info (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Aladdin Knowledge Systems Ltd.
copyright....: Aladdin Knowledge Systems Ltd. (c) 1985-2008. All rights reserved.
product......: HASP License Manager Service
description..: Aladdin HASP License Manager Service
original name: hasplms.exe
internal name: hasplms.exe
file version.: 12.31.1.7177
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[stell]

Odinstaluj ComboFix - Start -> Spustit - ComboFix /Uninstall -> OK

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy

Start-spustit-napis cleanmgr ok>>dalsie moznosti-obnova systemu-vycistit,,ok,,ok

Start-spustit-napis cleanmgr,,ok,ok,zafajkni
Temporary Internet Files
kos
Temporary Files
vycistit,ok
Click OK,Yes

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

nevidim Firewall,,a ak vsetko je ok,,tot vse,

[HnB]

Díky za Váš čas.

[stell]

nemas zaco

[Marti86nek]

Ahojky,
já mám bohužel stejný problém, chtěla jsem si stáhnout RSIT, jenže ten Security tool mi to neustále blokuje. Na panelu nástrojů se mi dole zobrazuje, RSIT.exe is infected with worm Lsas.Blaster.keyloger. This worm is trying to send your credit card details using RSIT.exe to connect to remote host. Prosím, poraďte mi, co bych měla dělat. Děkuju moc.

[stell]

Ahoj
uz som chcel dnes skoncit,,,ale co s tebou ak budes sikovna a budes len to robit co pisem raz dva vycistime pc,,takze na vlastnu past nepustaj nic,len co ja pisem,,nic viac a nic menej,ak nieco nepojde ihned pisat,ok
restart do nudzoveho rezimu,s pracou v sieti,a zostan aj v nudzovom rezime,,
Stiahnes>>RSIT >>logy vloz sem,