Nejde mi vimazat wwwpos32.exe ze startupu

Zpráva

D!S · #1 Příspěvek od **D!S** » 21 led 2010 23:33

Dobry den,
nejde mi vymazat wwwpos32.exe ze startupu, uz jsem zkousel vsecko mozni, antivir porad hlasi ze nalez dalsiviry ale nemuze je otevrit
tady je log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Пользователь at 2010-01-21 23:24:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 258 MB (0%) free of 114 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:19, on 21.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Silvercrest MTS2118 driver\StartAutorun.exe
C:\Program Files\Silvercrest MTS2118 driver\KMConfig.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Silvercrest MTS2118 driver\KMProcess.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Пользователь\Мои документы\Downloads\RSIT.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Пользователь\Рабочий стол\)))\Пользователь.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apeha.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2118 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: wwwpos32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\windows\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\System32\imapi.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\windows\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Sam and Max Episode 1 Drivers Auto Removal (pr2aqp2b) (pr2aqp2b) - Russobit-M - C:\windows\system32\pr2aqp2b.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\windows\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7534 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\windows\SOUNDMAN.EXE [2003-12-19 65024]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"KMCONFIG"=C:\Program Files\Silvercrest MTS2118 driver\StartAutorun.exe [2007-03-06 212992]
"ATIPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Пользователь^Главное меню^Программы^Автозагрузка^wwwpos32.exe]
C:\Documents and Settings\Пользователь\Главное меню\Программы\Автозагрузка\wwwpos32.exe [2008-04-14 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2
"MSCamSvc"=2
"Automatic LiveUpdate Scheduler"=2

C:\Documents and Settings\Пользователь\Главное меню\Программы\Автозагрузка
wwwpos32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Games\Quake 3 Arena\unpacked\Quake3\quake3.exe"="C:\Games\Quake 3 Arena\unpacked\Quake3\quake3.exe:*:Enabled:quake3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WebMoney\WebMoney.exe"="C:\Program Files\WebMoney\WebMoney.exe:*:Enabled:WebMoney Keeper Classic Runner Module"
"C:\Games\1000\1000.exe"="C:\Games\1000\1000.exe:*:Enabled:1000"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Games\Valve\hl.exe"="C:\Games\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\game.dat"="C:\Games\EA GAMES\Command & Conquer The First Decade\Command & Conquer(tm) Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Games\Quake III Arena\quake3.exe"="C:\Games\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Games\Akella Games\Player2\player2.exe"="C:\Games\Akella Games\Player2\player2.exe:*:Enabled:clubplayer"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Mail.Ru\Agent\magent.exe"="C:\Program Files\Mail.Ru\Agent\magent.exe:*:Enabled:Mail.Ru Агент"
"C:\Program Files\Kasparov Chessmate\KasparovChess.RWG"="C:\Program Files\Kasparov Chessmate\KasparovChess.RWG:*:Enabled:KasparovChess"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe"="C:\Program Files\Play+Smile\Texas Hold'em Poker 3D - Deluxe Edition\Poker3d.exe:*:Enabled:Poker3d"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\NetIntellGames\Net Poker 4\poker.exe"="C:\Program Files\NetIntellGames\Net Poker 4\poker.exe:*:Enabled:Net Poker"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fed280-898d-11dd-bb0c-0040d05bd812}]
shell\AutoRun\command - E:\Web'n'walk_Helper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82769f10-be9d-11dd-bb85-000d88eff846}]
shell\AutoRun\command - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
shell\Open\command - "resycl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba0ca671-23df-11dd-ba77-0040d05bd812}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\desktop.dll,InstallM

======List of files/folders created in the last 3 months======

2010-01-21 23:24:59 ----D---- C:\rsit
2010-01-21 23:07:38 ----A---- C:\avenger.txt
2010-01-18 23:58:12 ----D---- C:\Program Files\NetIntellGames
2010-01-18 23:46:32 ----D---- C:\Program Files\Tiks Texas Hold Em
2010-01-14 03:04:58 ----HDC---- C:\windows\$NtUninstallKB955759$
2010-01-14 03:04:52 ----A---- C:\windows\imsins.BAK
2010-01-14 03:04:46 ----HDC---- C:\windows\$NtUninstallKB972270$
2010-01-04 00:13:48 ----D---- C:\Documents and Settings\Пользователь\Application Data\skypePM
2010-01-04 00:13:06 ----D---- C:\Program Files\Common Files\Skype
2010-01-03 01:49:56 ----D---- C:\Program Files\Full Tilt Poker
2010-01-03 00:54:02 ----D---- C:\Program Files\Play+Smile
2009-12-19 15:29:26 ----D---- C:\Documents and Settings\Пользователь\Application Data\VoipDiscount
2009-12-19 15:23:02 ----D---- C:\Program Files\VoipDiscount.com
2009-12-09 03:12:08 ----HDC---- C:\windows\$NtUninstallKB970430$
2009-12-09 03:11:51 ----HDC---- C:\windows\$NtUninstallKB974318$
2009-12-09 03:11:33 ----HDC---- C:\windows\$NtUninstallKB973904$
2009-12-09 03:09:44 ----HDC---- C:\windows\$NtUninstallKB974392$
2009-12-09 03:09:23 ----HDC---- C:\windows\$NtUninstallKB971737$
2009-12-01 14:40:28 ----D---- C:\Documents and Settings\Пользователь\Application Data\Miranda
2009-12-01 14:39:58 ----D---- C:\Program Files\Miranda IM
2009-11-25 10:51:13 ----HDC---- C:\windows\$NtUninstallKB976098-v2$
2009-11-25 10:51:00 ----HDC---- C:\windows\$NtUninstallKB973687$
2009-11-12 03:00:56 ----HDC---- C:\windows\$NtUninstallKB969947$
2009-11-07 22:16:48 ----D---- C:\Program Files\Новый Диск
2009-11-07 22:16:19 ----D---- C:\Documents and Settings\Пользователь\Application Data\InstallShield
2009-11-04 19:58:45 ----D---- C:\Program Files\Common Files\DirectX
2009-10-30 18:52:00 ----HDC---- C:\windows\$NtUninstallKB958869$
2009-10-30 18:42:14 ----HDC---- C:\windows\$NtUninstallKB969059$
2009-10-30 18:41:54 ----HDC---- C:\windows\$NtUninstallKB954155_WM9$
2009-10-30 18:41:40 ----HDC---- C:\windows\$NtUninstallKB974112$
2009-10-30 18:41:03 ----HDC---- C:\windows\$NtUninstallKB975025$
2009-10-30 18:39:45 ----HDC---- C:\windows\$NtUninstallKB974571$
2009-10-30 18:23:46 ----HDC---- C:\windows\$NtUninstallKB971486$
2009-10-30 18:21:08 ----HDC---- C:\windows\$NtUninstallKB973525$
2009-10-30 18:20:35 ----HDC---- C:\windows\$NtUninstallKB975467$
2009-10-26 17:31:27 ----D---- C:\Program Files\Transcend JetFlash Recovery Tool

======List of files/folders modified in the last 3 months======

2010-01-21 23:20:25 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 23:20:07 ----D---- C:\Documents and Settings\Пользователь\Application Data\Skype
2010-01-21 23:15:41 ----D---- C:\windows\Temp
2010-01-21 23:08:45 ----A---- C:\windows\win.ini
2010-01-21 23:08:45 ----A---- C:\windows\system.ini
2010-01-21 23:08:27 ----D---- C:\Avenger
2010-01-21 23:07:38 ----D---- C:\windows\system32\drivers
2010-01-21 23:07:38 ----D---- C:\windows\system32
2010-01-21 23:07:18 ----A---- C:\windows\SchedLgU.Txt
2010-01-21 23:06:12 ----D---- C:\windows\Prefetch
2010-01-21 22:47:27 ----D---- C:\WINDOWS
2010-01-21 22:38:51 ----D---- C:\windows\system32\CatRoot2
2010-01-21 15:04:46 ----D---- C:\Documents and Settings\Пользователь\Application Data\uTorrent
2010-01-18 23:58:12 ----RD---- C:\Program Files
2010-01-18 23:37:27 ----SHD---- C:\windows\Installer
2010-01-18 23:37:27 ----SHD---- C:\Config.Msi
2010-01-18 23:37:09 ----D---- C:\Program Files\Microsoft LifeCam
2010-01-14 07:48:39 ----D---- C:\windows\AppPatch
2010-01-14 03:05:03 ----HD---- C:\windows\inf
2010-01-14 03:05:02 ----RSHDC---- C:\windows\system32\dllcache
2010-01-14 03:04:57 ----HD---- C:\windows\$hf_mig$
2010-01-13 21:44:03 ----D---- C:\windows\system32\DirectX
2010-01-13 21:44:01 ----RSD---- C:\windows\assembly
2010-01-13 21:34:25 ----A---- C:\windows\NeroDigital.ini
2010-01-07 20:57:01 ----D---- C:\Новая папка
2010-01-07 19:08:33 ----D---- C:\Video
2010-01-05 01:17:46 ----A---- C:\windows\system32\MRT.exe
2010-01-04 00:13:21 ----RD---- C:\Program Files\Skype
2010-01-04 00:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-04 00:12:51 ----D---- C:\Program Files\Common Files
2010-01-03 12:50:59 ----D---- C:\windows\files
2010-01-03 00:25:29 ----SD---- C:\windows\Downloaded Program Files
2009-12-31 09:59:16 ----D---- C:\Program Files\ICQ6.5
2009-12-31 03:55:54 ----D---- C:\windows\Minidump
2009-12-31 03:55:54 ----D---- C:\windows\Debug
2009-12-09 03:10:47 ----D---- C:\windows\system32\ru-ru
2009-12-09 03:10:47 ----D---- C:\Program Files\Internet Explorer
2009-12-08 15:52:07 ----D---- C:\My Downloads
2009-12-08 02:28:01 ----D---- C:\trash
2009-12-07 00:47:22 ----D---- C:\Program Files\Free Video Converter
2009-11-25 15:37:36 ----D---- C:\Games
2009-11-25 10:49:58 ----D---- C:\windows\WinSxS
2009-11-24 19:09:18 ----RD---- C:\Music
2009-11-23 12:01:28 ----A---- C:\windows\system32\PnkBstrB.exe
2009-11-07 22:16:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-07 21:32:56 ----D---- C:\Koshkin
2009-11-04 20:38:45 ----D---- C:\Program Files\ArtMoney
2009-10-30 19:25:17 ----D---- C:\windows\Microsoft.NET
2009-10-30 18:56:31 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-10-30 16:40:43 ----D---- C:\windows\Help
2009-10-29 08:45:21 ----N---- C:\windows\system32\pngfilt.dll
2009-10-29 08:45:21 ----N---- C:\windows\system32\occache.dll
2009-10-29 08:45:21 ----N---- C:\windows\system32\mstime.dll
2009-10-29 08:45:21 ----N---- C:\windows\system32\msrating.dll
2009-10-29 08:45:21 ----N---- C:\windows\system32\mshtmled.dll
2009-10-29 08:45:21 ----A---- C:\windows\system32\wininet.dll
2009-10-29 08:45:21 ----A---- C:\windows\system32\webcheck.dll
2009-10-29 08:45:21 ----A---- C:\windows\system32\urlmon.dll
2009-10-29 08:45:21 ----A---- C:\windows\system32\url.dll
2009-10-29 08:45:20 ----N---- C:\windows\system32\jsproxy.dll
2009-10-29 08:45:20 ----A---- C:\windows\system32\mshtml.dll
2009-10-29 08:45:20 ----A---- C:\windows\system32\msfeedsbs.dll
2009-10-29 08:45:20 ----A---- C:\windows\system32\msfeeds.dll
2009-10-29 08:45:19 ----N---- C:\windows\system32\iernonce.dll
2009-10-29 08:45:19 ----A---- C:\windows\system32\iertutil.dll
2009-10-29 08:45:19 ----A---- C:\windows\system32\ieframe.dll
2009-10-29 08:45:17 ----N---- C:\windows\system32\iedkcs32.dll
2009-10-29 08:45:17 ----N---- C:\windows\system32\ieaksie.dll
2009-10-29 08:45:17 ----N---- C:\windows\system32\ieakeng.dll
2009-10-29 08:45:17 ----N---- C:\windows\system32\extmgr.dll
2009-10-29 08:45:17 ----A---- C:\windows\system32\ieencode.dll
2009-10-29 08:45:17 ----A---- C:\windows\system32\ieapfltr.dll
2009-10-29 08:45:17 ----A---- C:\windows\system32\icardie.dll
2009-10-29 08:45:16 ----N---- C:\windows\system32\dxtrans.dll
2009-10-29 08:45:16 ----N---- C:\windows\system32\dxtmsft.dll
2009-10-29 08:45:16 ----N---- C:\windows\system32\corpol.dll
2009-10-29 08:45:16 ----A---- C:\windows\system32\advpack.dll
2009-10-28 16:07:15 ----N---- C:\windows\system32\tzchange.exe
2009-10-28 15:38:52 ----N---- C:\windows\system32\ie4uinit.exe
2009-10-28 15:38:52 ----A---- C:\windows\system32\ieudinit.exe
2009-10-28 07:52:46 ----N---- C:\windows\system32\ieakui.dll
2009-10-26 17:31:23 ----A---- C:\windows\iun6002.exe
2009-10-22 13:23:40 ----D---- C:\windows\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 intelppm;Драйвер Intel процессора; C:\windows\System32\DRIVERS\intelppm.sys [2008-04-14 40704]
R1 kbdhid;Драйвер клавиатуры HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\windows\System32\drivers\ws2ifsl.sys [2003-05-29 12032]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 Ethpdrv;Ethernet Packet Driver; C:\windows\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2003-12-19 541548]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:\windows\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys [2008-10-05 223128]
R3 EMCR;EMCR; C:\windows\System32\DRIVERS\EMCR7SK.sys [2004-01-06 72064]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 hidusb;Драйвер класса HID Microsoft; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KMWDFilter;KMWDFilter; \??\C:\windows\System32\Drivers\KMWDFilter.SYS []
R3 MODEMCSA;Устройство фильтрации потока Unimodem; C:\windows\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Драйвер мыши HID; C:\windows\System32\DRIVERS\mouhid.sys [2003-05-29 12160]
R3 MSHUSBVideo;NX6000 Filter Driver; C:\windows\System32\Drivers\nx6000.sys [2006-08-24 23552]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\windows\System32\DRIVERS\ptserial.sys [2003-11-07 356127]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\windows\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\System32\DRIVERS\SynTP.sys [2003-09-26 177856]
R3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 концентратор; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Vmodem;W2K Vmodem; C:\windows\System32\DRIVERS\vmodem.sys [2003-11-07 703673]
R3 Vpctcom;W2K Vpctcom; C:\windows\System32\DRIVERS\vpctcom.sys [2003-11-07 801778]
R3 Vvoice;W2K Vvoice; C:\windows\System32\DRIVERS\vvoice.sys [2003-11-07 70320]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Arp1394;Протокол клиента 1394 ARP; C:\windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption декодер; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 DNE;Deterministic Network Enhancer Miniport; C:\windows\system32\DRIVERS\dne2000.sys [2005-10-11 110080]
S3 ipw_bus;IPWireless; C:\windows\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\windows\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\windows\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Сетевой драйвер 1394; C:\windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\windows\system32\PCANDIS5.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:\windows\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter; C:\windows\system32\DRIVERS\GPlus.sys [2003-08-13 202496]
S3 usbprint;Класс принтеров Microsoft USB; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Драйвер USB-сканера; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\windows\system32\DRIVERS\usbsermptxp.sys [2007-10-28 24192]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 cdawdm;CDAWDM; C:\windows\system32\DRIVERS\CDAWDM.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe [2007-06-16 208896]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2008-10-23 63040]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S2 pr2aqp2b;Sam and Max Episode 1 Drivers Auto Removal (pr2aqp2b); C:\windows\system32\pr2aqp2b.exe [2008-02-11 411016]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\windows\System32\TuneUpDefragService.exe [2008-07-19 355584]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S4 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 22 led 2010 06:18

Zdravím,

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto

>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a log vlož sem

Kutiltr · #3 Příspěvek od **Kutiltr** » 26 led 2010 03:04

taky jsem ho měl ve startupu, tak jsem ho zkusil smazat v nouzovém režimu a vyšlo to, doufám že tam toho nebylo někde jinde víc, nejsem žádný odborník

#4 Příspěvek od **cernohous13** » 26 led 2010 05:24

Ahoj, pokud tam byl jen tento problém, tak jsi měl štěstí

Kontrolní RSIT by napověděl

VIRY.CZ

Nejde mi vimazat wwwpos32.exe ze startupu

Nejde mi vimazat wwwpos32.exe ze startupu

Re: Nejde mi vimazat wwwpos32.exe ze startupu

Re: Nejde mi vimazat wwwpos32.exe ze startupu

Re: Nejde mi vimazat wwwpos32.exe ze startupu