Prosim o kontrolu logu, diky moc

Zpráva

Jameson_cz · #1 Příspěvek od **Jameson_cz** » 04 úno 2010 12:05

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-02-04 12:02:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (80%) free of 32 GB
Total RAM: 3070 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:01, on 4.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\csrcs.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE
D:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
d:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Winamp\winamp.exe
I:\RSIT.exe
C:\WINDOWS\system32\SVRP.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZDWlan.EXE] "D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE"
O4 - HKLM\..\Run: [tvjbmonitor] d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [XPRT] C:\WINDOWS\system32\SVRP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5044 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-02-13 7557120]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-02-13 86016]
"avast!"=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"ZDWlan.EXE"=D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE [2009-01-14 491520]
"tvjbmonitor"=d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe [2006-12-26 53248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"=C:\WINDOWS\system32\csrcs.exe [2008-04-14 734573]
"XPRT"=C:\WINDOWS\system32\SVRP.exe [2010-02-04 565248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Driver Updater"= []
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe"="D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe:*:Enabled:Cubase SX"
"D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe"="D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe:*:Enabled:Skate4"
"H:\Counter-Strike\hl.exe"="H:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"G:\Counter-Strike\hl.exe"="G:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Counter-Strike 1.6\hl.exe"="D:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Pinnacle\Programs\RM.exe"="D:\Program Files\Pinnacle\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Programs\Studio.exe"="D:\Program Files\Pinnacle\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Programs\umi.exe"="D:\Program Files\Pinnacle\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b11f9056-ea32-11de-8367-0018f3f01424}]
shell\AutoRun\command - I:\EmDesk.exe
shell\EmDesk\command - I:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52d6c5b-b4a8-11de-96db-ad66ed9cd204}]
shell\AutoRun\command - I:\qsqlyc.exe
shell\open\command - I:\qsqlyc.exe

======List of files/folders created in the last 1 months======

2010-02-04 12:02:29 ----D---- C:\Program Files\trend micro
2010-02-04 12:02:28 ----D---- C:\rsit
2010-02-04 12:00:05 ----A---- C:\WINDOWS\system32\SVRP.exe
2010-01-12 16:36:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Help
2010-01-12 16:13:43 ----A---- C:\WINDOWS\BBW_INFO.INI

======List of files/folders modified in the last 1 months======

2010-02-04 12:02:29 ----RD---- C:\Program Files
2010-02-04 12:02:25 ----D---- C:\WINDOWS\Prefetch
2010-02-04 12:00:05 ----D---- C:\WINDOWS\system32
2010-02-04 11:56:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-04 11:56:57 ----D---- C:\WINDOWS\Temp
2010-02-04 11:52:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 11:50:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-03 00:06:12 ----D---- C:\Documents and Settings\Kuba\Data aplikací\vlc
2010-02-02 23:50:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\dvdcss
2010-01-12 16:13:43 ----D---- C:\WINDOWS
2010-01-12 16:12:32 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 CEUSBAUD;Lambda MIDI Device; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2007-11-08 17920]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-22 33792]
R3 DfuUsb;DfuUsb; C:\WINDOWS\SYSTEM32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2009-01-05 500736]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2009-01-05 17664]
S3 aykcjd1w;aykcjd1w; C:\WINDOWS\system32\drivers\aykcjd1w.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2009-01-05 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-02-13 143426]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 04 úno 2010 13:48

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 04 úno 2010 13:53

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Jameson_cz · #4 Příspěvek od **Jameson_cz** » 04 úno 2010 15:40

ComboFix 10-02-03.06 - Kuba 04.02.2010 15:32:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2639 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 100204-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Kuba\LOCALS~1\Temp\install_flash_player.exe
C:\khq
c:\windows\system32\AutoRun.inf
c:\windows\system32\ieuinit.inf
c:\windows\system32\msvcsv60.dll
D:\khq
G:\khq

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 12:03 . 2010-02-04 12:03 -------- d-----w- c:\program files\Conduit
2010-02-04 12:03 . 2010-02-04 12:03 -------- d-----w- c:\program files\Yeahhhh
2010-02-04 11:02 . 2010-02-04 11:03 -------- d-----w- c:\program files\trend micro
2010-02-04 11:02 . 2010-02-04 11:03 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 14:07 . 2001-10-25 12:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 14:07 . 2001-10-25 12:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2009-12-22 15:21 . 2009-10-15 09:31 32 ----a-w- c:\windows\msocreg32.dat
2009-12-01 19:55 . 2009-12-01 19:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c019fb40-27bc-4db1-a42b-0634cf92b190}"= "c:\program files\Yeahhhh\tbYeah.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{c019fb40-27bc-4db1-a42b-0634cf92b190}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c019fb40-27bc-4db1-a42b-0634cf92b190}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Yeahhhh\tbYeah.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c019fb40-27bc-4db1-a42b-0634cf92b190}"= "c:\program files\Yeahhhh\tbYeah.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{c019fb40-27bc-4db1-a42b-0634cf92b190}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-02-13 7557120]
"nwiz"="nwiz.exe" [2006-02-13 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-02-13 86016]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"ZDWlan.EXE"="d:\program files\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520]
"tvjbmonitor"="d:\program files\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
"d:\\Program Files\\Tony Hawks Pro Skater 4\\Game\\Skate4.exe"=
"g:\\Counter-Strike\\hl.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Pinnacle\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\Programs\\Studio.exe"=
"d:\\Program Files\\Pinnacle\\Programs\\umi.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [14.10.2009 17:23 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.10.2009 12:00 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2009 12:00 20560]
R3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [14.10.2009 16:30 17920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [14.10.2009 16:33 33792]
R3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [14.10.2009 17:25 10880]
R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [14.10.2009 16:58 500736]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.12.2009 20:55 721904]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [14.10.2009 16:58 20608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Driver Updater - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 15:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2010-02-04 15:36:15
ComboFix-quarantined-files.txt 2010-02-04 14:36

Před spuštěním: Volných bajtů: 26 609 819 648
Po spuštění: Volných bajtů: 26 670 231 552

- - End Of File - - 7783A77B4BB7F542000681A60C5F760D

#5 Příspěvek od **Caroprd111** » 04 úno 2010 15:55

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\drivers\DFUUsb.sys
c:\program files\Yeahhhh\tbYeah.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

Jsou s PC nějaké problémy

Jameson_cz · #6 Příspěvek od **Jameson_cz** » 04 úno 2010 16:31

File size: 10880 bytes
MD5...: 0819d9af77d51b1c397d1097aa5bfddc
SHA1..: afbd6d0495a5fab438c918f2beaa1447d420d539
SHA256: 8f170320d30dfc0f0a7ebc1c453a75b8d56619ec6207eee32594c83d6785ef7b
ssdeep: 192:X+IuNkHWzRf/yuNQyzeRLaJ7col6mCCSN+EHqW/WWmjw:X+IoRJyqpeRLaZc
YdYN+EqW/WWI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x738
timedatestamp.....: 0x3c0416dc (Tue Nov 27 22:42:36 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x1bf2 0x1c00 6.39 79481654ae330ed517b9fdad65e20fe6
.rdata 0x1f00 0x109 0x180 3.55 499a33f4c69995131470654a99933d17
INIT 0x2080 0x3d0 0x400 4.83 70413881d87ecc6b1558eae0a9b5f1d3
.rsrc 0x2480 0x418 0x480 3.13 05b1b0246c105254b1bcf8c2ca36eec9
.reloc 0x2900 0x16e 0x180 5.24 8bdd7668475b1313821bce80b4db55ba

( 3 imports )
> NTOSKRNL.EXE: KeInitializeSpinLock, KeInitializeEvent, IoCreateDevice, KeWaitForSingleObject, RtlFreeUnicodeString, IoBuildDeviceIoControlRequest, ExFreePool, ExAllocatePoolWithTag, IoRegisterDeviceInterface, KeSetEvent, InterlockedDecrement, IofCallDriver, InterlockedIncrement, IoAttachDeviceToDeviceStack, RtlInitUnicodeString, IofCompleteRequest, IoDeleteDevice, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, IoAllocateIrp, PoRequestPowerIrp, IoFreeMdl, IoCancelIrp, IoBuildPartialMdl, IoAllocateMdl, IoSetDeviceInterfaceState
> HAL.DLL: KfReleaseSpinLock, KfAcquireSpinLock
> USBD.SYS: _USBD_ParseConfigurationDescriptorEx@28, USBD_GetUSBDIVersion, _USBD_CreateConfigurationRequestEx@8

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Texas Instruments
copyright....: Copyright (C) Texas Instruments
product......: Microsoft(R) Windows NT(R) Operating System
description..: TI DFU Test Driver
original name: DfuUsb.sys
internal name: DFUUSB.SYS
file version.: 5.00.1636.1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

File size: 2349080 bytes
MD5...: 455e61a2cf37f7210df685e2b77bfbe3
SHA1..: 4e8bc33c6dfbdd9727988eb0aa95af115c08fa8f
SHA256: 1429bb65815378be477091733036bf346c2030d3cec57b9ce55010c8ff21e3f0
ssdeep: 49152:GYqHRU4WtsufiSkJ9Z9gfU4zG+zWxK7/xrFbAvzVQQiFimvB25:GT0tNiZ
vMfhLzWxKjshB
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1173a0
timedatestamp.....: 0x4b3c74b0 (Thu Dec 31 09:53:52 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1474f3 0x147600 6.60 130952ab5ca68491e3eb9afeb2f72268
.rdata 0x149000 0x74aa7 0x74c00 4.54 63901788510b8530f57c16d50e880945
.data 0x1be000 0x8584 0x6400 4.93 8dfa9c2f6d1b7fd5e0460812beebdaae
.rsrc 0x1c7000 0x5d168 0x5d200 5.97 4efdce3958de3ada93cb3e307af88510
.reloc 0x225000 0x1cfde 0x1d000 5.94 587570a59b7f4d5776c873b3af757d7c

( 20 imports )
> COMCTL32.dll: _TrackMouseEvent, -, InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, ImageList_Create
> WININET.dll: InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, FindFirstUrlCacheEntryA, FindNextUrlCacheEntryA, HttpOpenRequestA, InternetSetOptionExA, DeleteUrlCacheEntry, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, InternetQueryOptionA, InternetCanonicalizeUrlA, FindCloseUrlCache, InternetConnectA, GetUrlCacheEntryInfoW
> SHLWAPI.dll: SHDeleteKeyA, PathFileExistsW
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> MSIMG32.dll: GradientFill
> RPCRT4.dll: UuidToStringW
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> CRYPT32.dll: CryptProtectData, CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CryptUnprotectData, CertGetNameStringA, CertFindCertificateInStore, CryptQueryObject, CryptMsgGetParam, CertGetNameStringW
> WINMM.dll: PlaySoundA, sndPlaySoundW, PlaySoundW, timeGetTime
> PSAPI.DLL: EnumProcesses, GetModuleFileNameExW, EnumProcessModules, GetModuleBaseNameW, GetProcessMemoryInfo
> KERNEL32.dll: ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileW, SizeofResource, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetFileTime, RemoveDirectoryW, GetSystemTimeAsFileTime, GetComputerNameW, OutputDebugStringW, HeapFree, GetProcessHeap, LocalAlloc, OpenProcess, Thread32Next, Thread32First, CreateToolhelp32Snapshot, TerminateProcess, SetThreadPriority, GetCurrentThread, SetEvent, CreateSemaphoreW, ReleaseSemaphore, CreateFileMappingW, OpenFileMappingW, UnmapViewOfFile, MapViewOfFile, MulDiv, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, HeapReAlloc, HeapAlloc, RtlUnwind, LoadLibraryA, GlobalUnlock, GlobalFree, OpenMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, CreateMutexW, SetEndOfFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, GetLocaleInfoA, Beep, MultiByteToWideChar, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, SetLastError, CreateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, CopyFileW, lstrcpyW, lstrcpyA, GetCurrentThreadId, LocalFree, GetLongPathNameW, GetShortPathNameW, GetModuleHandleW, GetTickCount, GetVersionExA, LoadLibraryW, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, MoveFileExW, lstrlenW, CreateEventW, WaitForSingleObject, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, GetLastError, InterlockedDecrement, ReleaseMutex, CloseHandle, GetCurrentProcessId, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, LCMapStringA, GetConsoleCP, GetConsoleMode, InterlockedExchange, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, SetFilePointer
> USER32.dll: GetWindowRgn, MessageBeep, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, MessageBoxA, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetDlgItemInt, GetDlgItemTextA, FrameRect, DrawFrameControl, CharLowerBuffA, DrawEdge, MsgWaitForMultipleObjects, PostThreadMessageA, SetParent, GetDlgItemTextW, GetScrollInfo, GetMenuItemRect, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, SetForegroundWindow, EnableWindow, IsDlgButtonChecked, CheckDlgButton, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageW, DispatchMessageA, SetCapture, GetUpdateRect, BeginPaint, EndPaint, SetWindowRgn, SetRect, OffsetRect, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetAsyncKeyState, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, LoadImageW, IsIconic, GetLastInputInfo, CharUpperW, DrawFocusRect, GetWindow, UpdateWindow, GetClassInfoExW, RegisterClassExW, CopyRect, PostMessageW, SetDlgItemTextW, EndDialog, GetWindowTextW, FindWindowW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, CreateWindowExW, UnregisterClassA, GetClassNameW, DefWindowProcA, GetWindowLongA, SetWindowLongA, GetFocus, IsChild, KillTimer, IsWindowUnicode, CallWindowProcW, FindWindowExW, GetWindowThreadProcessId, SetWindowPos, wsprintfW, SetWindowTextA, SetWindowTextW, GetClientRect, GetDlgCtrlID, CallWindowProcA, InvalidateRect, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, InflateRect, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, MoveWindow, DrawTextW, GetDC, GetWindowRect, RegisterWindowMessageW, IsWindowVisible, PtInRect, ScreenToClient, GetCursorPos, MonitorFromRect, GetMonitorInfoA, GetClassInfoW, RegisterClassW, DestroyWindow, SetTimer, GetDesktopWindow, SetFocus, AllowSetForegroundWindow
> GDI32.dll: GetBkMode, GetBkColor, PtInRegion, SetLayout, PlgBlt, SelectPalette, RealizePalette, GetDeviceCaps, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, RoundRect, ExcludeClipRect, GetPixel, CreateCompatibleBitmap, BitBlt, CreateRectRgn, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CombineRgn, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetTextColor, GetStockObject
> COMDLG32.dll: GetOpenFileNameW
> ADVAPI32.dll: RegCreateKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetSidSubAuthority, SetSecurityDescriptorSacl, RegDeleteKeyA, RegCloseKey, RegOpenKeyExA, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegSetValueExA, RegCreateKeyExA, GetSidSubAuthorityCount, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextA, CryptReleaseContext, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, GetTokenInformation, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, OpenProcessToken, GetSecurityDescriptorSacl
> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, SHCreateDirectoryExW, ShellExecuteW
> ole32.dll: CoCreateInstance, IIDFromString, CreateStreamOnHGlobal, CLSIDFromString, CoUninitialize, CoCreateGuid, StringFromGUID2, CoInitialize, CoGetMalloc, StringFromIID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> DNSAPI.dll: DnsQuery_A

( 14 exports )
DllCanUnloadNow, DllConnectToIE, DllConnectionProc, DllGetClassObject, DllGetInstallFileNameExt, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Conduit Ltd.
copyright....: Copyright (c) Conduit Ltd. 2008
product......: Conduit Toolbar
description..: Conduit Toolbar
original name: n/a
internal name: Conduit Toolbar
file version.: 5, 3, 4, 2
comments.....: Conduit Toolbar ver 1.0
signers......: Conduit Ltd.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 4:29 PM 2/4/2010
verified.....: -
trid..: Windows OCX File (47.6%)
Win64 Executable Generic (33.0%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Generic Win/DOS Executable (0.7%)
pdfid.: -

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-02-04 16:31:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 25 GB (80%) free of 32 GB
Total RAM: 3070 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:17, on 4.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yeahhhh Toolbar - {c019fb40-27bc-4db1-a42b-0634cf92b190} - C:\Program Files\Yeahhhh\tbYeah.dll
O2 - BHO: Yeahhhh Toolbar - {c019fb40-27bc-4db1-a42b-0634cf92b190} - C:\Program Files\Yeahhhh\tbYeah.dll
O3 - Toolbar: Yeahhhh Toolbar - {c019fb40-27bc-4db1-a42b-0634cf92b190} - C:\Program Files\Yeahhhh\tbYeah.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZDWlan.EXE] "D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE"
O4 - HKLM\..\Run: [tvjbmonitor] d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5134 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c019fb40-27bc-4db1-a42b-0634cf92b190}]
Yeahhhh Toolbar - C:\Program Files\Yeahhhh\tbYeah.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{c019fb40-27bc-4db1-a42b-0634cf92b190} - Yeahhhh Toolbar - C:\Program Files\Yeahhhh\tbYeah.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-02-13 7557120]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-02-13 86016]
"avast!"=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"ZDWlan.EXE"=D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE [2009-01-14 491520]
"tvjbmonitor"=d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe [2006-12-26 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe"="D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe:*:Enabled:Cubase SX"
"D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe"="D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe:*:Enabled:Skate4"
"G:\Counter-Strike\hl.exe"="G:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Counter-Strike 1.6\hl.exe"="D:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Pinnacle\Programs\RM.exe"="D:\Program Files\Pinnacle\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Programs\Studio.exe"="D:\Program Files\Pinnacle\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Programs\umi.exe"="D:\Program Files\Pinnacle\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-04 15:36:16 ----A---- C:\ComboFix.txt
2010-02-04 15:31:49 ----A---- C:\WINDOWS\zip.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\SWSC.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\SWREG.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\sed.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\PEV.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\MBR.exe
2010-02-04 15:31:49 ----A---- C:\WINDOWS\grep.exe
2010-02-04 15:31:39 ----D---- C:\WINDOWS\ERDNT
2010-02-04 15:28:41 ----AD---- C:\Qoobox
2010-02-04 13:03:47 ----D---- C:\Program Files\Conduit
2010-02-04 13:03:46 ----D---- C:\Program Files\Yeahhhh
2010-02-04 12:02:29 ----D---- C:\Program Files\trend micro
2010-02-04 12:02:28 ----D---- C:\rsit
2010-01-12 16:36:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Help
2010-01-12 16:13:43 ----A---- C:\WINDOWS\BBW_INFO.INI

======List of files/folders modified in the last 1 months======

2010-02-04 15:44:10 ----D---- C:\WINDOWS\Prefetch
2010-02-04 15:39:34 ----D---- C:\WINDOWS\Temp
2010-02-04 15:35:47 ----D---- C:\WINDOWS\system32
2010-02-04 15:35:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 15:35:21 ----D---- C:\WINDOWS
2010-02-04 15:35:21 ----A---- C:\WINDOWS\system.ini
2010-02-04 15:34:23 ----D---- C:\WINDOWS\system32\drivers
2010-02-04 15:34:23 ----D---- C:\WINDOWS\AppPatch
2010-02-04 15:34:19 ----D---- C:\Program Files\Common Files
2010-02-04 15:32:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-04 15:31:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 13:03:47 ----RD---- C:\Program Files
2010-02-03 00:06:12 ----D---- C:\Documents and Settings\Kuba\Data aplikací\vlc
2010-02-02 23:50:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\dvdcss
2010-01-12 16:12:32 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 CEUSBAUD;Lambda MIDI Device; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2007-11-08 17920]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-22 33792]
R3 DfuUsb;DfuUsb; C:\WINDOWS\SYSTEM32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2009-01-05 500736]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2009-01-05 17664]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2009-01-05 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Kuba\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mbr;mbr; \??\C:\DOCUME~1\Kuba\LOCALS~1\Temp\mbr.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-02-13 143426]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

Predtim mi avast hlasil problemy, ted zatim nic

#7 Příspěvek od **Caroprd111** » 04 úno 2010 16:35

Ten virustotal není celý, vložte sem odkaz na výsledek testu.

Jameson_cz · #8 Příspěvek od **Jameson_cz** » 04 úno 2010 16:50

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.04 -
Antiy-AVL 2.0.3.7 2010.02.04 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.04 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.04 -
ClamAV 0.96.0.0-git 2010.02.04 -
Comodo 3818 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7283 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5881 2010.02.03 -
McAfee+Artemis 5881 2010.02.03 -
McAfee-GW-Edition 6.8.5 2010.02.04 -
Microsoft 1.5406 2010.02.04 -
NOD32 4835 2010.02.04 -
Norman 6.04.03 2010.02.04 -
nProtect 2009.1.8.0 2010.02.04 -
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.04 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.180 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.4.2172 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.04 -
Rozšiřující informace
File size: 10880 bytes
MD5...: 0819d9af77d51b1c397d1097aa5bfddc
SHA1..: afbd6d0495a5fab438c918f2beaa1447d420d539
SHA256: 8f170320d30dfc0f0a7ebc1c453a75b8d56619ec6207eee32594c83d6785ef7b
ssdeep: 192:X+IuNkHWzRf/yuNQyzeRLaJ7col6mCCSN+EHqW/WWmjw:X+IoRJyqpeRLaZc
YdYN+EqW/WWI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x738
timedatestamp.....: 0x3c0416dc (Tue Nov 27 22:42:36 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x1bf2 0x1c00 6.39 79481654ae330ed517b9fdad65e20fe6
.rdata 0x1f00 0x109 0x180 3.55 499a33f4c69995131470654a99933d17
INIT 0x2080 0x3d0 0x400 4.83 70413881d87ecc6b1558eae0a9b5f1d3
.rsrc 0x2480 0x418 0x480 3.13 05b1b0246c105254b1bcf8c2ca36eec9
.reloc 0x2900 0x16e 0x180 5.24 8bdd7668475b1313821bce80b4db55ba

( 3 imports )
> NTOSKRNL.EXE: KeInitializeSpinLock, KeInitializeEvent, IoCreateDevice, KeWaitForSingleObject, RtlFreeUnicodeString, IoBuildDeviceIoControlRequest, ExFreePool, ExAllocatePoolWithTag, IoRegisterDeviceInterface, KeSetEvent, InterlockedDecrement, IofCallDriver, InterlockedIncrement, IoAttachDeviceToDeviceStack, RtlInitUnicodeString, IofCompleteRequest, IoDeleteDevice, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, IoAllocateIrp, PoRequestPowerIrp, IoFreeMdl, IoCancelIrp, IoBuildPartialMdl, IoAllocateMdl, IoSetDeviceInterfaceState
> HAL.DLL: KfReleaseSpinLock, KfAcquireSpinLock
> USBD.SYS: _USBD_ParseConfigurationDescriptorEx@28, USBD_GetUSBDIVersion, _USBD_CreateConfigurationRequestEx@8

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Texas Instruments
copyright....: Copyright (C) Texas Instruments
product......: Microsoft(R) Windows NT(R) Operating System
description..: TI DFU Test Driver
original name: DfuUsb.sys
internal name: DFUUSB.SYS
file version.: 5.00.1636.1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
pdfid.: -

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.04 -
Antiy-AVL 2.0.3.7 2010.02.04 -
Authentium 5.2.0.5 2010.02.04 W32/OnlineGames.A.gen!Eldorado
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.04 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.04 -
ClamAV 0.96.0.0-git 2010.02.04 -
Comodo 3818 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7283 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 W32/OnlineGames.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
Jiangmin 13.0.900 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5881 2010.02.03 -
McAfee+Artemis 5881 2010.02.03 -
McAfee-GW-Edition 6.8.5 2010.02.04 -
Microsoft 1.5406 2010.02.04 -
NOD32 4835 2010.02.04 -
Norman 6.04.03 2010.02.04 -
nProtect 2009.1.8.0 2010.02.04 -
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.04 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.180 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.4.2172 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.04 -
Rozšiřující informace
File size: 2349080 bytes
MD5...: 455e61a2cf37f7210df685e2b77bfbe3
SHA1..: 4e8bc33c6dfbdd9727988eb0aa95af115c08fa8f
SHA256: 1429bb65815378be477091733036bf346c2030d3cec57b9ce55010c8ff21e3f0
ssdeep: 49152:GYqHRU4WtsufiSkJ9Z9gfU4zG+zWxK7/xrFbAvzVQQiFimvB25:GT0tNiZ
vMfhLzWxKjshB
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1173a0
timedatestamp.....: 0x4b3c74b0 (Thu Dec 31 09:53:52 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1474f3 0x147600 6.60 130952ab5ca68491e3eb9afeb2f72268
.rdata 0x149000 0x74aa7 0x74c00 4.54 63901788510b8530f57c16d50e880945
.data 0x1be000 0x8584 0x6400 4.93 8dfa9c2f6d1b7fd5e0460812beebdaae
.rsrc 0x1c7000 0x5d168 0x5d200 5.97 4efdce3958de3ada93cb3e307af88510
.reloc 0x225000 0x1cfde 0x1d000 5.94 587570a59b7f4d5776c873b3af757d7c

( 20 imports )
> COMCTL32.dll: _TrackMouseEvent, -, InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, ImageList_Create
> WININET.dll: InternetCanonicalizeUrlW, InternetCrackUrlW, InternetCloseHandle, InternetSetOptionA, FindFirstUrlCacheEntryA, FindNextUrlCacheEntryA, HttpOpenRequestA, InternetSetOptionExA, DeleteUrlCacheEntry, InternetGetLastResponseInfoA, HttpSendRequestA, HttpQueryInfoA, InternetOpenA, InternetCrackUrlA, InternetOpenW, InternetSetOptionW, InternetOpenUrlW, InternetReadFile, InternetGetConnectedState, InternetQueryOptionA, InternetCanonicalizeUrlA, FindCloseUrlCache, InternetConnectA, GetUrlCacheEntryInfoW
> SHLWAPI.dll: SHDeleteKeyA, PathFileExistsW
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> MSIMG32.dll: GradientFill
> RPCRT4.dll: UuidToStringW
> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW
> CRYPT32.dll: CryptProtectData, CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CryptUnprotectData, CertGetNameStringA, CertFindCertificateInStore, CryptQueryObject, CryptMsgGetParam, CertGetNameStringW
> WINMM.dll: PlaySoundA, sndPlaySoundW, PlaySoundW, timeGetTime
> PSAPI.DLL: EnumProcesses, GetModuleFileNameExW, EnumProcessModules, GetModuleBaseNameW, GetProcessMemoryInfo
> KERNEL32.dll: ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileW, SizeofResource, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetFileTime, RemoveDirectoryW, GetSystemTimeAsFileTime, GetComputerNameW, OutputDebugStringW, HeapFree, GetProcessHeap, LocalAlloc, OpenProcess, Thread32Next, Thread32First, CreateToolhelp32Snapshot, TerminateProcess, SetThreadPriority, GetCurrentThread, SetEvent, CreateSemaphoreW, ReleaseSemaphore, CreateFileMappingW, OpenFileMappingW, UnmapViewOfFile, MapViewOfFile, MulDiv, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, ResumeThread, ExitThread, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, HeapReAlloc, HeapAlloc, RtlUnwind, LoadLibraryA, GlobalUnlock, GlobalFree, OpenMutexW, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, GetLocaleInfoW, CreateMutexW, SetEndOfFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, GetLocaleInfoA, Beep, MultiByteToWideChar, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, LockResource, FreeResource, GetFileAttributesW, SetLastError, CreateThread, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, CopyFileW, lstrcpyW, lstrcpyA, GetCurrentThreadId, LocalFree, GetLongPathNameW, GetShortPathNameW, GetModuleHandleW, GetTickCount, GetVersionExA, LoadLibraryW, FreeLibrary, WideCharToMultiByte, GetModuleFileNameA, MoveFileExW, lstrlenW, CreateEventW, WaitForSingleObject, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, GetLastError, InterlockedDecrement, ReleaseMutex, CloseHandle, GetCurrentProcessId, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, LCMapStringA, GetConsoleCP, GetConsoleMode, InterlockedExchange, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, SetFilePointer
> USER32.dll: GetWindowRgn, MessageBeep, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, MessageBoxA, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetDlgItemInt, GetDlgItemTextA, FrameRect, DrawFrameControl, CharLowerBuffA, DrawEdge, MsgWaitForMultipleObjects, PostThreadMessageA, SetParent, GetDlgItemTextW, GetScrollInfo, GetMenuItemRect, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, SetLayeredWindowAttributes, SetForegroundWindow, EnableWindow, IsDlgButtonChecked, CheckDlgButton, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, DispatchMessageW, DispatchMessageA, SetCapture, GetUpdateRect, BeginPaint, EndPaint, SetWindowRgn, SetRect, OffsetRect, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetAsyncKeyState, SendMessageW, GetWindowTextLengthW, SystemParametersInfoW, LoadImageW, IsIconic, GetLastInputInfo, CharUpperW, DrawFocusRect, GetWindow, UpdateWindow, GetClassInfoExW, RegisterClassExW, CopyRect, PostMessageW, SetDlgItemTextW, EndDialog, GetWindowTextW, FindWindowW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, CreateWindowExW, UnregisterClassA, GetClassNameW, DefWindowProcA, GetWindowLongA, SetWindowLongA, GetFocus, IsChild, KillTimer, IsWindowUnicode, CallWindowProcW, FindWindowExW, GetWindowThreadProcessId, SetWindowPos, wsprintfW, SetWindowTextA, SetWindowTextW, GetClientRect, GetDlgCtrlID, CallWindowProcA, InvalidateRect, IsWindow, GetDlgItem, SendMessageA, ClientToScreen, GetParent, GetWindowLongW, SetCursor, LoadCursorA, InflateRect, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, MoveWindow, DrawTextW, GetDC, GetWindowRect, RegisterWindowMessageW, IsWindowVisible, PtInRect, ScreenToClient, GetCursorPos, MonitorFromRect, GetMonitorInfoA, GetClassInfoW, RegisterClassW, DestroyWindow, SetTimer, GetDesktopWindow, SetFocus, AllowSetForegroundWindow
> GDI32.dll: GetBkMode, GetBkColor, PtInRegion, SetLayout, PlgBlt, SelectPalette, RealizePalette, GetDeviceCaps, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, RoundRect, ExcludeClipRect, GetPixel, CreateCompatibleBitmap, BitBlt, CreateRectRgn, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CombineRgn, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetTextColor, GetStockObject
> COMDLG32.dll: GetOpenFileNameW
> ADVAPI32.dll: RegCreateKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetSidSubAuthority, SetSecurityDescriptorSacl, RegDeleteKeyA, RegCloseKey, RegOpenKeyExA, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegSetValueExA, RegCreateKeyExA, GetSidSubAuthorityCount, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptAcquireContextA, CryptReleaseContext, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, GetTokenInformation, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, OpenProcessToken, GetSecurityDescriptorSacl
> SHELL32.dll: ShellExecuteExW, SHGetFolderPathW, SHCreateDirectoryExW, ShellExecuteW
> ole32.dll: CoCreateInstance, IIDFromString, CreateStreamOnHGlobal, CLSIDFromString, CoUninitialize, CoCreateGuid, StringFromGUID2, CoInitialize, CoGetMalloc, StringFromIID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> DNSAPI.dll: DnsQuery_A

( 14 exports )
DllCanUnloadNow, DllConnectToIE, DllConnectionProc, DllGetClassObject, DllGetInstallFileNameExt, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Conduit Ltd.
copyright....: Copyright (c) Conduit Ltd. 2008
product......: Conduit Toolbar
description..: Conduit Toolbar
original name: n/a
internal name: Conduit Toolbar
file version.: 5, 3, 4, 2
comments.....: Conduit Toolbar ver 1.0
signers......: Conduit Ltd.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 4:44 PM 2/4/2010
verified.....: -
pdfid.: -
trid..: Windows OCX File (47.6%)
Win64 Executable Generic (33.0%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Generic Win/DOS Executable (0.7%)

Ve slozce Yeahhhh je i unwise, mam to zkusit odinstalovat? Netusim co to ma byt

#9 Příspěvek od **Caroprd111** » 04 úno 2010 16:57

Pokud to nepoužíváte, tak to odinstalujte. Je to Toolbar (lišta).

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

OK

Zavřít

Jameson_cz · #10 Příspěvek od **Jameson_cz** » 04 úno 2010 17:36

udelal jsem vsechno, dekuju Vam moc.

Kazdopadne ted jsem pripojil k PC flashku z ntb a hlasi virus, asi ten stejnej co predtim, takze flashku mam zformatovat v ntb a s nim udelat stejnou proceduru? Tam bude asi vic problemu...

#11 Příspěvek od **Caroprd111** » 04 úno 2010 17:40

Každé PC se musí řešit individuálně, pro druhé PC si založte nové téma.

Dejte nový log z RSIT jestli se tam něco nedostalo.

Jameson_cz · #12 Příspěvek od **Jameson_cz** » 04 úno 2010 21:13

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-02-04 18:02:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (82%) free of 32 GB
Total RAM: 3070 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:53, on 4.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\SbPFLnch.exe
D:\Program Files\Sunbelt Software\SbPFSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE
D:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\Sunbelt Software\SbPFCl.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kuba\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
G:\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ZDWlan.EXE] "D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE"
O4 - HKLM\..\Run: [tvjbmonitor] d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\SbPFSvc.exe

--
End of file - 5259 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-02-13 7557120]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-02-13 86016]
"avast!"=d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"ZDWlan.EXE"=D:\Program Files\TP-LINK Wireless Client Utility\ZDWlan.EXE [2009-01-14 491520]
"tvjbmonitor"=d:\Program Files\TV Jukebox 3.0\tvjbMonitor.exe [2006-12-26 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe"="D:\Program Files\Steinberg\Cubase SX 3\Cubasesx3.exe:*:Enabled:Cubase SX"
"D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe"="D:\Program Files\Tony Hawks Pro Skater 4\Game\Skate4.exe:*:Enabled:Skate4"
"G:\Counter-Strike\hl.exe"="G:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Counter-Strike 1.6\hl.exe"="D:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Pinnacle\Programs\RM.exe"="D:\Program Files\Pinnacle\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Programs\Studio.exe"="D:\Program Files\Pinnacle\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Programs\umi.exe"="D:\Program Files\Pinnacle\Programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52d6c5b-b4a8-11de-96db-ad66ed9cd204}]
shell\AutoRun\command - I:\qsqlyc.exe
shell\open\command - I:\qsqlyc.exe

======List of files/folders created in the last 1 months======

2010-02-04 18:02:40 ----D---- C:\Program Files\trend micro
2010-02-04 18:02:39 ----D---- C:\rsit
2010-02-04 16:38:27 ----SHD---- C:\RECYCLER
2010-01-12 16:36:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Help
2010-01-12 16:13:43 ----A---- C:\WINDOWS\BBW_INFO.INI

======List of files/folders modified in the last 1 months======

2010-02-04 18:02:48 ----D---- C:\WINDOWS\Prefetch
2010-02-04 18:02:40 ----RD---- C:\Program Files
2010-02-04 17:31:23 ----D---- C:\WINDOWS\Debug
2010-02-04 17:31:23 ----D---- C:\WINDOWS
2010-02-04 17:28:01 ----D---- C:\WINDOWS\Temp
2010-02-04 17:20:13 ----D---- C:\WINDOWS\system32
2010-02-04 17:20:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 17:16:07 ----SHD---- C:\System Volume Information
2010-02-04 17:16:07 ----D---- C:\WINDOWS\system32\Restore
2010-02-04 17:14:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 17:13:09 ----D---- C:\WINDOWS\Minidump
2010-02-04 17:06:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-04 16:36:32 ----SHD---- C:\WINDOWS\Installer
2010-02-04 16:36:28 ----HD---- C:\WINDOWS\inf
2010-02-04 16:36:27 ----D---- C:\WINDOWS\system32\drivers
2010-02-04 15:35:21 ----A---- C:\WINDOWS\system.ini
2010-02-04 15:34:23 ----D---- C:\WINDOWS\AppPatch
2010-02-04 15:34:19 ----D---- C:\Program Files\Common Files
2010-02-03 00:06:12 ----D---- C:\Documents and Settings\Kuba\Data aplikací\vlc
2010-02-02 23:50:01 ----D---- C:\Documents and Settings\Kuba\Data aplikací\dvdcss
2010-01-12 16:12:32 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 CEUSBAUD;Lambda MIDI Device; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2007-11-08 17920]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-22 33792]
R3 DfuUsb;DfuUsb; C:\WINDOWS\SYSTEM32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2009-01-05 500736]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2009-01-05 17664]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2009-01-05 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-01 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; d:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-02-13 143426]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\SbPFSvc.exe [2008-10-31 1365288]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; d:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

#13 Příspěvek od **Caroprd111** » 04 úno 2010 21:15

Flash disk jste zformátoval? V případě, že nezformátoval, ho připojte a pokračujte následujícími kroky:

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Jameson_cz · #14 Příspěvek od **Jameson_cz** » 04 úno 2010 21:35

flashku jsem ted dal do ntb s vistama, protoze ten v sobe nejakou havet ma, pc s xp snad uz ne

ComboFix 10-02-04.01 - Kuba 04.02.2010 21:23:19.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.1982.884 [GMT 1:00]
Spuštěný z: c:\users\Kuba\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 20:30 . 2010-02-04 20:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-04 20:30 . 2010-02-04 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-04 19:44 . 2010-02-04 20:30 -------- d-----w- c:\users\Kuba\AppData\Local\temp
2010-02-04 16:44 . 2010-02-04 20:13 -------- d-----w- c:\program files\trend micro
2010-02-04 16:44 . 2010-02-04 16:45 -------- d-----w- C:\rsit
2010-01-22 17:08 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 17:08 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-13 08:19 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 08:19 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-06 12:20 . 2010-01-06 12:20 -------- d-----w- c:\users\Kuba\AppData\Local\GHISLER
2010-01-05 20:57 . 2010-01-05 20:59 -------- d-----w- c:\users\Kuba\AppData\Roaming\GHISLER
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\UC.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\RAR.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\LHA.PIF
2010-01-05 20:57 . 2009-09-24 06:50 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 20:08 . 2008-05-12 12:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-04 19:06 . 2009-02-16 19:42 117544 ----a-w- c:\programdata\nvModes.dat
2010-02-04 17:05 . 2009-02-15 15:26 -------- d-----w- c:\program files\Lavasoft
2010-02-04 17:05 . 2008-05-12 14:14 -------- d-----w- c:\programdata\Lavasoft
2010-02-04 14:42 . 2008-05-13 17:03 -------- d-----w- c:\users\Kuba\AppData\Roaming\OpenOffice.org2
2010-02-04 14:34 . 2008-05-13 17:04 1 ----a-w- c:\users\Kuba\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-31 18:37 . 2008-07-01 17:12 -------- d-----w- c:\users\Kuba\AppData\Roaming\ICQ
2010-01-29 17:25 . 2009-12-27 18:18 -------- d-----w- c:\program files\Diablo II 1
2010-01-17 21:22 . 2008-03-13 04:23 -------- d-----w- c:\program files\Java
2010-01-14 10:12 . 2009-10-04 11:40 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 08:29 . 2009-04-14 14:39 -------- d-----w- c:\users\Kuba\AppData\Roaming\Cakewalk
2009-12-30 17:57 . 2008-05-18 19:53 -------- d-----w- c:\users\Kuba\AppData\Roaming\Winamp
2009-12-27 18:51 . 2009-12-27 18:29 18580 ----a-w- c:\windows\DIIUnin.dat
2009-12-27 18:29 . 2009-12-27 18:29 94208 ----a-w- c:\windows\DIIUnin.exe
2009-12-27 18:29 . 2009-12-27 18:29 2829 ----a-w- c:\windows\DIIUnin.pif
2009-12-27 17:46 . 2009-12-27 17:49 9712947 ----a-w- c:\users\Public\D2Patch_112a.exe
2009-12-24 09:22 . 2009-12-23 18:14 -------- d-----w- c:\programdata\Motive
2009-12-24 09:22 . 2009-12-23 18:15 -------- d-----w- c:\users\Kuba\AppData\Roaming\Motive
2009-12-24 09:22 . 2009-12-24 09:20 -------- d-----w- c:\program files\TO2SSM
2009-12-24 09:21 . 2009-12-23 18:14 -------- d-----w- c:\program files\Common Files\Motive
2009-11-24 02:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-10 11:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 11:52 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 11:52 411648 ----a-w- c:\windows\system32\drivers\http.sys
2008-05-20 09:10 . 2008-05-20 09:10 604 ---ha-w- c:\program files\STLL Notifier
2006-05-03 09:06 . 2008-06-19 19:43 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-06-19 19:43 31232 --sh--r- c:\windows\System32\msfDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Google Update"="c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"ICQ"="d:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SMail"="d:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"tvjbmonitor"="d:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-12-26 53248]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"ZDWlan.EXE"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TL-WN422G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN422G Wireless Utility\ZDWlan.exe [2009-10-29 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6c,84,b0,3c,b1,41,ca,01

R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [5.4.2009 17:28 33792]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12.5.2008 21:52 717296]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 4:45 904192]
S3 DfuUsb;DfuUsb;c:\windows\System32\drivers\DFUUsb.sys [27.11.2001 23:46 10880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26.6.2008 12:35 21504]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [12.5.2008 15:35 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000Core.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-17 07:38]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409124386-2049806598-4147022681-1000UA.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-17 07:38]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\hw1q6g9a.default\
FF - prefs.js: browser.startup.homepage - About:Blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Kuba\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 21:30
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-04 21:33:16
ComboFix-quarantined-files.txt 2010-02-04 20:33
ComboFix2.txt 2010-02-04 19:44
ComboFix3.txt 2008-06-05 13:02
ComboFix4.txt 2008-06-05 12:06

Před spuštěním: 12 470 620 160 bytes free
Po spuštění: 12 429 565 952 bytes free

- - End Of File - - 0D9993C5AC8590C86BA5A49915543CB8

#15 Příspěvek od **Caroprd111** » 04 úno 2010 21:49

Log z Visty dávejte sem: http://www.viry.cz/forum/viewtopic.php?f=13&t=97220

VIRY.CZ

Prosim o kontrolu logu, diky moc

Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc

Re: Prosim o kontrolu logu, diky moc