PROSIIIIIIIM o kontrolu logu z RSIT

[ShaguarB]

Spustil jsem to v uspornem rezimu, doufam ze to nicemu nevadi, ze tam treba nejsou nejaka data jak pri normalnim spusteni...nevim nerozumim tak pc.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-14 19:12:16
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (7%) free of 114 GB
Total RAM: 1535 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:23, on 14.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\TEMP\221453sys.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 3848 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-26 949376]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"RegistryMechanic"= []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2008-10-17 2323680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-10-24 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
C:\Hry\Warcraft3\w3dr.exe [2008-08-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\TEMP\221453sys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Documents and Settings\Home\Plocha\quake III\quake3.exe"="C:\Documents and Settings\Home\Plocha\quake III\quake3.exe:*:Enabled:quake3"
"C:\Program Files\UOAM\uoam.exe"="C:\Program Files\UOAM\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\d.j.knedlik@seznam.cz\counter-strike\hl.exe"="C:\Program Files\Steam\SteamApps\d.j.knedlik@seznam.cz\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Electronic Arts\Need for Speed Carbon\nfsc.exe"="C:\Program Files\Electronic Arts\Need for Speed Carbon\nfsc.exe:*:Enabled:nfsc"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\hry\nwn\nwn2main.exe"="C:\hry\nwn\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\hry\nwn\nwn2main_amdxp.exe"="C:\hry\nwn\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\hry\nwn\nwupdate.exe"="C:\hry\nwn\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\hry\nwn\nwn2server.exe"="C:\hry\nwn\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-14 19:12:16 ----D---- C:\rsit
2010-01-14 19:12:16 ----D---- C:\Program Files\trend micro
2010-01-14 19:09:37 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-01-14 19:08:27 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-01-14 19:08:26 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-01-14 19:07:03 ----D---- C:\WINDOWS\CSC
2010-01-14 16:35:54 ----D---- C:\WINDOWS\Minidump
2010-01-05 19:51:37 ----A---- C:\netlist.txt
2010-01-05 19:30:14 ----D---- C:\Program Files\YANG
2009-12-30 17:31:50 ----D---- C:\Program Files\CamStudio
2009-12-25 16:40:33 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 16:40:32 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-21 22:22:53 ----D---- C:\Program Files\Valve
2009-12-18 12:56:01 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-18 12:55:59 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 months======

2010-01-14 19:12:16 ----RD---- C:\Program Files
2010-01-14 19:08:26 ----D---- C:\Documents and Settings
2010-01-14 19:07:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-14 19:07:03 ----D---- C:\WINDOWS
2010-01-14 18:43:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 17:21:40 ----D---- C:\Program Files\Common Files
2010-01-14 17:21:29 ----D---- C:\WINDOWS\Temp
2010-01-14 17:13:16 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 16:49:18 ----D---- C:\WINDOWS\system32
2010-01-12 21:06:52 ----D---- C:\Program Files\WinRAR
2010-01-12 15:36:13 ----D---- C:\WINDOWS\Prefetch
2010-01-12 10:55:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 13:19:46 ----D---- C:\Program Files\UOAM
2010-01-08 21:48:42 ----D---- C:\World of Warcraft
2010-01-08 09:42:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-30 23:55:39 ----D---- C:\Program Files\Steam
2009-12-25 17:40:30 ----A---- C:\WINDOWS\wincmd.ini
2009-12-25 16:40:33 ----HD---- C:\WINDOWS\inf
2009-12-25 16:40:33 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 16:40:29 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-21 13:29:30 ----SH---- C:\boot.ini
2009-12-21 13:29:30 ----A---- C:\WINDOWS\win.ini
2009-12-21 13:29:30 ----A---- C:\WINDOWS\system.ini
2009-12-18 12:56:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-18 12:55:59 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-05 25280]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-07-26 15424]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys []
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
S2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
S2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe []
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-26 552064]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-11 66872]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S2 wmcmgc;Windows Management Configuration; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[ShaguarB]

Mam problem v tom ze kdyz spustim PC tak to najede do windousu a neukaze se ani jedna ikona jen pozadi...proste jen vidim pozadi.A zvuk to udela takove to tůtnutí že se stala nejaka chyba.

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[ShaguarB]

tak ten combofix uz mi ten pc rozjel promazal asi ty srance co tam nemeli bejt a uz to fakci...diky moc

[Rudy]

tak ten combofix uz mi ten pc rozjel promazal asi ty srance co tam nemeli bejt a uz to fakci...diky moc

Rád bych viděl log z něj, jestli tam něco nezbylo.

[ShaguarB]

tak kompl zase zacal hlasit nejake spatne kody(respektive NOD32) tak jsem to projel combofixem a posilam log.Nebo cim bych tu havět mohl dorazit?

Kód: Vybrat vše

ComboFix 10-01-25.01 - Home 25.01.2010  22:05:19.2.1 - x86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.1535.1179 [GMT 1:00]
Spuštěný z: c:\documents and settings\Home\Dokumenty\Stažené soubory\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\qipsearch.xml
c:\windows\temp\43209sys.dll
.
---- Předchozí spuštění -------
.
C:\install.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll
c:\windows\Temp\141143sys.dll
c:\windows\Temp\20194sys.dll
c:\windows\TEMP\221453sys.dll
c:\windows\Temp\471628sys.dll

.
(((((((((((((((((((((((((   Soubory vytvořené od 2009-12-25 do 2010-01-25  )))))))))))))))))))))))))))))))
.

2010-01-14 18:08 . 2010-01-14 18:09	--------	d-----w-	c:\documents and settings\Administrator
2010-01-14 18:08 . 2010-01-14 18:09	--------	d-----w-	c:\documents and settings\Administrator\Oblíbené položky
2010-01-14 18:08 . 2007-07-26 11:09	--------	d--h--w-	c:\documents and settings\Administrator\Okolní tiskárny
2010-01-14 18:08 . 2007-07-26 11:09	--------	d--h--w-	c:\documents and settings\Administrator\Okolní síť
2010-01-14 18:08 . 2007-07-26 11:09	--------	d-----w-	c:\documents and settings\Administrator\Dokumenty
2010-01-14 18:08 . 2007-07-26 11:09	--------	d-----r-	c:\documents and settings\Administrator\Nabídka Start
2010-01-14 18:08 . 2007-07-26 09:14	--------	d--h--w-	c:\documents and settings\Administrator\Šablony
2010-01-05 18:30 . 2010-01-05 18:30	--------	d-----w-	c:\program files\YANG
2009-12-30 16:31 . 2009-12-30 16:48	--------	d-----w-	c:\program files\CamStudio

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 19:20 . 2007-08-22 08:30	--------	d-----w-	c:\program files\UOAM
2010-01-14 18:12 . 2010-01-14 18:12	--------	d-----w-	c:\program files\trend micro
2010-01-14 15:49 . 2009-10-01 15:37	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2009-12-30 22:55 . 2008-03-12 11:55	--------	d-----w-	c:\program files\Steam
2009-12-21 21:25 . 2009-12-21 21:22	--------	d-----w-	c:\program files\Valve
2009-11-29 19:44 . 2009-11-29 19:43	21840	----atw-	c:\windows\system32\SIntfNT.dll
2009-11-29 19:44 . 2009-11-29 19:43	17212	----atw-	c:\windows\system32\SIntf32.dll
2009-11-29 16:14 . 2009-11-29 16:14	--------	d-----w-	c:\program files\Common Files\3DO Shared
2009-11-29 16:14 . 2009-11-29 16:14	--------	d-----w-	c:\program files\3DO
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-26 949376]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 17:18	2323680	----a-w-	c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-24 11:32	1217808	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38	61440	----a-w-	c:\hry\Warcraft3\W3DR.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\UOAM\\uoam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\d.j.knedlik@seznam.cz\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [26.7.2007 11:12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [26.7.2007 11:12 5248]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26.7.2007 10:58 15424]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11.3.2008 23:26 2368]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 RZQTNDHBTIWG;RZQTNDHBTIWG;c:\docume~1\ADMINI~1\LOCALS~1\Temp\RZQTNDHBTIWG.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\RZQTNDHBTIWG.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wmcmgc
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://codecs.r8.org/
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\xpflz7zz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.qip.ru
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-RegistryMechanic - (no file)
AddRemove-Eurobattle.net Installer1.22 - c:\windows\Eurobattle.net Installer\uninstall.exe
AddRemove-Eurobattle.net2.0 - c:\windows\Eurobattle.net Installer\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 22:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E73910]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> atapi.sys @ 0xb7eeb7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
 ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
 ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7db6ba0
 PacketIndicateHandler -> NDIS.sys @ 0xb7dc3b21
 SendHandler -> NDIS.sys @ 0xb7da187b
user & kernel MBR OK 

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-01-25  22:11:18
ComboFix-quarantined-files.txt  2010-01-25 21:11

Před spuštěním: 7 663 542 272
Po spuštění: 7 643 508 736

- - End Of File - - 9CC97A3294818BC9E09F08FD604B463D

[Rudy]

Opět jste si PC zaviroval. Ještě dočistíme. Přesuiňte comboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\docume~1\ADMINI~1\LOCALS~1\Temp\RZQTNDHBTIWG.exe

Driver::
RZQTNDHBTIWG

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte CF se spustí a vykoná příkazy ze skriptu.

[ShaguarB]

posílám znovu log...měl jsem s tím trošku problémy,kdy mě hlásil combofix pár chyb že jsem vložil špatně skript...ale pak už jsem to nějak rozjel (snad dobře)

Kód: Vybrat vše

ComboFix 10-01-25.05 - Home 26.01.2010   9:28.4.1 - x86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.1535.1173 [GMT 1:00]
Spuštěný z: c:\documents and settings\Home\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Home\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RZQTNDHBTIWG
-------\Service_RZQTNDHBTIWG


(((((((((((((((((((((((((   Soubory vytvořené od 2009-12-26 do 2010-01-26  )))))))))))))))))))))))))))))))
.

2010-01-14 18:08 . 2010-01-14 18:09	--------	d-----w-	c:\documents and settings\Administrator
2010-01-14 18:08 . 2010-01-14 18:09	--------	d-----w-	c:\documents and settings\Administrator\Oblíbené položky
2010-01-14 18:08 . 2007-07-26 11:09	--------	d--h--w-	c:\documents and settings\Administrator\Okolní tiskárny
2010-01-14 18:08 . 2007-07-26 11:09	--------	d--h--w-	c:\documents and settings\Administrator\Okolní síť
2010-01-14 18:08 . 2007-07-26 11:09	--------	d-----w-	c:\documents and settings\Administrator\Dokumenty
2010-01-14 18:08 . 2007-07-26 11:09	--------	d-----r-	c:\documents and settings\Administrator\Nabídka Start
2010-01-14 18:08 . 2007-07-26 09:14	--------	d--h--w-	c:\documents and settings\Administrator\Šablony
2010-01-05 18:30 . 2010-01-05 18:30	--------	d-----w-	c:\program files\YANG
2009-12-30 16:31 . 2009-12-30 16:48	--------	d-----w-	c:\program files\CamStudio

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 19:20 . 2007-08-22 08:30	--------	d-----w-	c:\program files\UOAM
2010-01-14 18:12 . 2010-01-14 18:12	--------	d-----w-	c:\program files\trend micro
2010-01-14 15:49 . 2009-10-01 15:37	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2009-12-30 22:55 . 2008-03-12 11:55	--------	d-----w-	c:\program files\Steam
2009-12-21 21:25 . 2009-12-21 21:22	--------	d-----w-	c:\program files\Valve
2009-11-29 19:44 . 2009-11-29 19:43	21840	----atw-	c:\windows\system32\SIntfNT.dll
2009-11-29 19:44 . 2009-11-29 19:43	17212	----atw-	c:\windows\system32\SIntf32.dll
2009-11-29 16:14 . 2009-11-29 16:14	--------	d-----w-	c:\program files\Common Files\3DO Shared
2009-11-29 16:14 . 2009-11-29 16:14	--------	d-----w-	c:\program files\3DO
.

(((((((((((((((((((((((((((((   SnapShot@2010-01-25_21.10.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-26 08:24 . 2010-01-26 08:24	16384              c:\windows\temp\Perflib_Perfdata_2b0.dat
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-26 949376]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-10-17 17:18	2323680	----a-w-	c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-24 11:32	1217808	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
2008-08-03 14:38	61440	----a-w-	c:\hry\Warcraft3\W3DR.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\UOAM\\uoam.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\d.j.knedlik@seznam.cz\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [26.7.2007 11:12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [26.7.2007 11:12 5248]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26.7.2007 10:58 15424]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11.3.2008 23:26 2368]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [17.8.2004 15:49 14336]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wmcmgc
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://codecs.r8.org/
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\xpflz7zz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.qip.ru
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 09:33
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89ED87C8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> atapi.sys @ 0xb7eeb7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
 ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
 ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7db6ba0
 PacketIndicateHandler -> NDIS.sys @ 0xb7dc3b21
 SendHandler -> NDIS.sys @ 0xb7da187b
user & kernel MBR OK 

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3768)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-01-26  09:35:14
ComboFix-quarantined-files.txt  2010-01-26 08:34
ComboFix2.txt  2010-01-25 21:11

Před spuštěním: 7 600 885 760
Po spuštění: 7 567 040 512

- - End Of File - - C6714B4F1AF918E6EEC58153FA3DF06D

[Rudy]

Smazáno. Pro jistotu ještě udělejte sken MBR: http://www2.gmer.net/mbr/mbr.exe a dejte log.

[ShaguarB]

snad čisto ne?

Kód: Vybrat vše

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

btw: díky moc

[Rudy]

Ano, čisto. Nemáte zač!