Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Zpráva

Draisy · #1 Příspěvek od **Draisy** » 04 úno 2010 12:11

Dobry den,

prosim o pomoc. Rozpada se mi obraz na monitoru (ztraci text) a neustale na me zacaly vyskokovat hlasky "K dokonceni pozadovane sluzby je strankovaci soubor prilis maly" a "xxx neni platnou bitovou kopii systemu Windows"

Vkladam obsah log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Karel at 2010-02-04 12:02:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 124 GB (81%) free of 153 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:33, on 4.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Canon\BJPV\TVMon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\FlashGet\flashget.exe
D:\Program Files\The Bat!\thebat.exe
D:\Program Files\Opera\Opera.exe
E:\Dokumenty\Download\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BJPD HID Control] D:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výročí.lnk = D:\Program Files\Vyroci\vyroci.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - D:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10774 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2007-08-09 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - D:\Program Files\FlashGet\jccatch.dll [2007-01-29 75528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Program Files\FlashGet\getflash.dll [2007-01-15 136968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-08-09 491520]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BJPD HID Control"=D:\Program Files\Canon\BJPV\TVMon.exe [2003-01-21 45056]
"DiskeeperSystray"=D:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-11-12 180312]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"egui"=D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-12-21 1443072]
"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2006-07-12 237568]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2007-04-20 503808]
"Adobe Acrobat Speed Launcher"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"SoundMAXPnP"=D:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\Karel\Nabídka Start\Programy\Po spuštění
Výročí.lnk - D:\Program Files\Vyroci\vyroci.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-04 12:02:09 ----D---- C:\rsit
2010-02-04 11:30:39 ----SHD---- C:\RECYCLER
2010-02-03 21:25:45 ----A---- C:\WINDOWS\zip.exe
2010-02-03 21:25:45 ----A---- C:\WINDOWS\SWREG.exe
2010-02-03 21:25:45 ----A---- C:\WINDOWS\sed.exe
2010-02-03 21:25:45 ----A---- C:\WINDOWS\PEV.exe
2010-02-03 21:25:45 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-03 21:25:45 ----A---- C:\WINDOWS\grep.exe
2010-02-03 21:25:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-03 21:25:44 ----A---- C:\WINDOWS\SWSC.exe
2010-01-20 09:50:05 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-01-09 16:11:42 ----D---- C:\Documents and Settings\Karel\Data aplikací\EIZO
2010-01-09 16:11:40 ----D---- D:\Program Files\EIZO

======List of files/folders modified in the last 1 months======

2010-02-04 12:02:26 ----D---- C:\WINDOWS\Temp
2010-02-04 12:01:11 ----D---- D:\Program Files\FlashGet
2010-02-04 11:51:50 ----D---- C:\WINDOWS\Internet Logs
2010-02-04 11:39:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-04 11:39:17 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-04 11:39:17 ----D---- C:\WINDOWS\Minidump
2010-02-04 11:39:17 ----D---- C:\WINDOWS
2010-02-04 10:47:48 ----A---- C:\WINDOWS\WEBTRAN4.INI
2010-02-04 07:49:16 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-02-03 22:39:01 ----N---- C:\WINDOWS\system.ini
2010-02-03 22:35:05 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 22:35:05 ----D---- C:\WINDOWS\system32
2010-02-03 22:35:05 ----D---- C:\WINDOWS\AppPatch
2010-02-03 22:26:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 21:37:27 ----D---- D:\Program Files\Wallpaper Changer
2010-02-03 21:01:23 ----D---- C:\WINDOWS\system32\config
2010-02-03 20:06:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-03 20:00:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-03 19:59:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-03 19:59:57 ----D---- D:\Program Files\WebEx
2010-02-03 11:25:29 ----A---- C:\Documents and Settings\Karel\Data aplikací\ex_log.txt
2010-02-02 22:27:43 ----D---- C:\Documents and Settings\Karel\Data aplikací\Vso
2010-02-02 13:08:12 ----D---- D:\Program Files\jv16 PowerTools 2006
2010-02-02 12:03:22 ----D---- D:\Program Files\SUPERAntiSpyware
2010-02-02 11:41:21 ----D---- D:\Program Files\Mozilla Firefox
2010-01-30 23:36:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-01-25 08:22:23 ----D---- C:\Documents and Settings\Karel\Data aplikací\Help
2010-01-20 10:12:30 ----HD---- C:\WINDOWS\inf
2010-01-20 09:54:50 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-20 09:50:24 ----D---- C:\WINDOWS\Help
2010-01-19 23:46:29 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-19 13:50:09 ----A---- C:\WINDOWS\WDICT32.INI
2010-01-11 23:28:14 ----D---- D:\Program Files\DreamCom
2010-01-09 21:39:42 ----A---- C:\WINDOWS\WTRAN32.INI
2010-01-09 16:11:42 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 CMFileDisk;CMFileDisk; \??\C:\WINDOWS\system32\drivers\CMFileDisk.sys []
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-06-03 147984]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 BtAudio;Bluetooth Audio Device; C:\WINDOWS\system32\DRIVERS\btaudio.sys [2004-03-31 16640]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-03-31 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-03-31 146684]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 93056]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-08-08 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-01-15 63360]
S3 a4cnw5mw;a4cnw5mw; C:\WINDOWS\system32\drivers\a4cnw5mw.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856]
S3 catchme;catchme; \??\C:\DOCUME~1\Karel\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FilterService;Canon BJ Hid Usb Filter Service; C:\WINDOWS\system32\DRIVERS\bjhid.sys [2002-11-10 6016]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2006-03-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2006-03-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2006-03-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2006-03-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2006-03-13 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-12-01 43136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-01-15 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-01-15 14848]
S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-01-15 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-01-15 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-01-15 91264]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; D:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168]
R2 Diskeeper;Diskeeper; D:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-11-16 594028]
R2 ekrn;Eset Service; D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LinksysUpdater;Linksys Updater; D:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-10 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-12-21 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 04 úno 2010 13:38

Hezké odpoledne

Můžu vidět log z combofixu, který jste udělal?

Draisy · #3 Příspěvek od **Draisy** » 04 úno 2010 17:34

Log z ComboFixu byl ze vcerejsiho dne. Kdy CombFix problem opravil, ale dnes se opet objevil. Snaha o aktualni log se protahla, protoze PC spadnul nekolikrat do BSOD a nekolikrat se restartoval. ComboFix se musel vzdy znova spoustet. Vysledek nekolikahodinoveho snazeni prikladam

ComboFix 10-02-03.08 - Karel 04.02.2010 17:10:35.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.293 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 11:02 . 2010-02-04 11:02 -------- d-----w- C:\rsit
2010-01-09 15:11 . 2010-01-09 15:11 -------- d-----w- d:\program files\EIZO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 15:55 . 2008-12-09 09:52 4294967232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-04 15:55 . 2008-12-09 09:52 198089408 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-04 15:18 . 2007-08-09 23:11 -------- d-----w- d:\program files\FlashGet
2010-02-04 08:39 . 2007-08-10 16:25 3208 ----a-w- c:\windows\im32st.dat
2010-02-03 20:37 . 2007-08-08 21:31 -------- d-----w- d:\program files\Wallpaper Changer
2010-02-03 18:59 . 2009-07-14 09:25 -------- d-----w- d:\program files\WebEx
2010-02-02 13:03 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2D.tmp
2010-02-02 12:36 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2C.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AB0.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAF.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAE.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAD.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAC.tmp
2010-02-02 12:36 . 2010-02-02 12:36 1880064 ----a-w- c:\windows\Internet Logs\xDB6AAB.tmp
2010-02-02 12:08 . 2007-08-08 21:36 -------- d-----w- d:\program files\jv16 PowerTools 2006
2010-02-02 11:03 . 2007-08-08 21:47 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-01-23 06:46 . 2010-01-23 06:46 2553479 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-22 07:08 . 2010-01-22 07:10 3614720 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-11 22:28 . 2007-08-08 21:41 -------- d-----w- d:\program files\DreamCom
2009-12-21 22:00 . 2007-08-09 23:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-19 21:51 . 2009-11-19 21:51 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-19 05:48 . 2001-10-25 14:00 82520 ----a-w- c:\windows\system32\perfc005.dat
2009-11-19 05:48 . 2001-10-25 14:00 436304 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJPD HID Control"="d:\program files\Canon\BJPV\TVMon.exe" [2003-01-21 45056]
"DiskeeperSystray"="d:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-11-12 180312]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-20 503808]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věroźˇ.lnk - d:\program files\Vyroci\vyroci.exe [2001-3-3 358912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\M:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 CMFileDisk;CMFileDisk;c:\windows\system32\drivers\CMFileDisk.sys [8.8.2007 17:27 7164]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [8.8.2007 17:27 93056]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.8.2007 23:06 685816]
S2 LinksysUpdater;Linksys Updater;d:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [13.11.2008 20:43 204800]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [11.8.2007 11:35 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [11.8.2007 11:35 549421]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - d:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - d:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - d:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\7lxbqxp0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-04 17:25:16
ComboFix-quarantined-files.txt 2010-02-04 16:25

Před spuštěním: Volných bajtů: 144 019 304 448
Po spuštění: Volných bajtů: 143 914 016 768

- - End Of File - - 7EA9345F7D81AF5D4600FC79CCF2AEFC

#4 Příspěvek od **motji** » 04 úno 2010 18:33

Ale já jsem chtěla právě ten log ze včerejška, abych viděla , co mazal..tento log už mi to neukáže

.

Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\drivers\tcpip.sys

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Draisy · #5 Příspěvek od **Draisy** » 04 úno 2010 18:42

Ukazu

Vcera byl CombiFix pusten 2x

Prvni spusteni:

ComboFix 10-02-03.03 - Karel 03.02.2010 21:29:05.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.383 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\comboFix.exe
Použité ovládací přepínače :: /u
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twain_32.dll
d:\program files\Wallpaper Changer\wpchan.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-01-09 15:11 . 2010-01-09 15:11 -------- d-----w- d:\program files\EIZO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 20:37 . 2007-08-08 21:31 -------- d-----w- d:\program files\Wallpaper Changer
2010-02-03 20:22 . 2008-12-09 09:52 4294967232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-03 20:22 . 2008-12-09 09:52 198089408 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-03 18:59 . 2009-07-14 09:25 -------- d-----w- d:\program files\WebEx
2010-02-02 22:07 . 2007-08-09 23:11 -------- d-----w- d:\program files\FlashGet
2010-02-02 13:03 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2D.tmp
2010-02-02 12:36 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2C.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AB0.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAF.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAE.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAD.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAC.tmp
2010-02-02 12:36 . 2010-02-02 12:36 1880064 ----a-w- c:\windows\Internet Logs\xDB6AAB.tmp
2010-02-02 12:08 . 2007-08-08 21:36 -------- d-----w- d:\program files\jv16 PowerTools 2006
2010-02-02 11:03 . 2007-08-08 21:47 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-02-01 17:15 . 2007-08-10 16:25 3208 ----a-w- c:\windows\im32st.dat
2010-01-23 06:46 . 2010-01-23 06:46 2553479 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-22 07:08 . 2010-01-22 07:10 3614720 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-11 22:28 . 2007-08-08 21:41 -------- d-----w- d:\program files\DreamCom
2009-12-21 22:00 . 2007-08-09 23:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-19 21:51 . 2009-11-19 21:51 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-19 05:48 . 2001-10-25 14:00 82520 ----a-w- c:\windows\system32\perfc005.dat
2009-11-19 05:48 . 2001-10-25 14:00 436304 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJPD HID Control"="d:\program files\Canon\BJPV\TVMon.exe" [2003-01-21 45056]
"DiskeeperSystray"="d:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-11-12 180312]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-20 503808]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věroźˇ.lnk - d:\program files\Vyroci\vyroci.exe [2001-3-3 358912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\M:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 CMFileDisk;CMFileDisk;c:\windows\system32\drivers\CMFileDisk.sys [8.8.2007 17:27 7164]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [8.8.2007 17:27 93056]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.8.2007 23:06 685816]
S2 LinksysUpdater;Linksys Updater;d:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [13.11.2008 20:43 204800]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [11.8.2007 11:35 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [11.8.2007 11:35 549421]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - d:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - d:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - d:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\7lxbqxp0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Wallpaper Changer - d:\program files\Wallpaper Changer\wpchan.dll

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-03 21:42:03
ComboFix-quarantined-files.txt 2010-02-03 20:41

Před spuštěním: Volných bajtů: 130 284 228 608
Po spuštění: Volných bajtů: 130 228 449 280

- - End Of File - - C9374DF1B47E45B42C93CB2F5E4F935C

Druhe spusteni:

ComboFix 10-02-03.04 - Karel 03.02.2010 22:27:23.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.326 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\comboFix.exe
Použité ovládací přepínače :: uninstall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-01-09 15:11 . 2010-01-09 15:11 -------- d-----w- d:\program files\EIZO

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 21:13 . 2008-12-09 09:52 4294967232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-03 21:13 . 2008-12-09 09:52 198089408 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-03 20:37 . 2007-08-08 21:31 -------- d-----w- d:\program files\Wallpaper Changer
2010-02-03 18:59 . 2009-07-14 09:25 -------- d-----w- d:\program files\WebEx
2010-02-02 22:07 . 2007-08-09 23:11 -------- d-----w- d:\program files\FlashGet
2010-02-02 13:03 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2D.tmp
2010-02-02 12:36 . 2010-02-02 13:03 9216 ----a-w- c:\windows\Internet Logs\xDB6B2C.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AB0.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAF.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAE.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAD.tmp
2010-02-02 12:36 . 2010-02-02 12:36 9216 ----a-w- c:\windows\Internet Logs\xDB6AAC.tmp
2010-02-02 12:36 . 2010-02-02 12:36 1880064 ----a-w- c:\windows\Internet Logs\xDB6AAB.tmp
2010-02-02 12:08 . 2007-08-08 21:36 -------- d-----w- d:\program files\jv16 PowerTools 2006
2010-02-02 11:03 . 2007-08-08 21:47 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-02-01 17:15 . 2007-08-10 16:25 3208 ----a-w- c:\windows\im32st.dat
2010-01-23 06:46 . 2010-01-23 06:46 2553479 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-22 07:08 . 2010-01-22 07:10 3614720 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-11 22:28 . 2007-08-08 21:41 -------- d-----w- d:\program files\DreamCom
2009-12-21 22:00 . 2007-08-09 23:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-19 21:51 . 2009-11-19 21:51 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-19 05:48 . 2001-10-25 14:00 82520 ----a-w- c:\windows\system32\perfc005.dat
2009-11-19 05:48 . 2001-10-25 14:00 436304 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-03_20.38.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 21:15 . 2010-02-03 21:15 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2010-02-03 21:15 . 2010-02-03 21:15 16384 c:\windows\Temp\Perflib_Perfdata_214.dat
+ 2007-08-08 22:18 . 2010-02-03 21:24 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2007-08-08 22:18 . 2007-08-08 22:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJPD HID Control"="d:\program files\Canon\BJPV\TVMon.exe" [2003-01-21 45056]
"DiskeeperSystray"="d:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-11-12 180312]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-20 503808]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věroźˇ.lnk - d:\program files\Vyroci\vyroci.exe [2001-3-3 358912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\M:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 CMFileDisk;CMFileDisk;c:\windows\system32\drivers\CMFileDisk.sys [8.8.2007 17:27 7164]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 11:39 32256]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [8.8.2007 17:27 93056]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.8.2007 23:06 685816]
S2 LinksysUpdater;Linksys Updater;d:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [13.11.2008 20:43 204800]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 16:51 4096]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [11.8.2007 11:35 60255]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [11.8.2007 11:35 549421]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout FlashGetem - d:\program files\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - d:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - d:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\7lxbqxp0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 22:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-03 22:44:09
ComboFix-quarantined-files.txt 2010-02-03 21:43
ComboFix2.txt 2010-02-03 20:42

Před spuštěním: Volných bajtů: 130 182 582 272
Po spuštění: Volných bajtů: 130 122 067 968

- - End Of File - - 42DBA0CB43029A1E348D51733C0DAD4D

Dále budu pokračovat podle instrukcí...

#6 Příspěvek od **motji** » 04 úno 2010 18:49

Vy si ten combofix spouštíte jak na běžícím pásu

, pozor na to, tento program není určen pro běžné použití. Při nesprávném používání může dojít k poškození systému. Měl by se vždy spouštět pod dozorem zkušené osoby. Navíc combofix automaticky všechno nemaže, takže je zbytečné ho spouštět několikrát za sebou, podle logu se pak píše ještě skript s příkazy na dočištění.

Draisy · #7 Příspěvek od **Draisy** » 04 úno 2010 19:46

Ano, vim o tom, presto dekuji za upozorneni. Combofix se vcera podruhe spustil sam po zadani prikazu Start > Spustit > Combofix /u. Podarilo se mi ho odinstalovat az T-cleanerem.

Uz mam problem cokoliv na PC udelat

Otestovany soubor na virustotal.com:
Soubor tcpip.sys přijatý 2010.02.04 17:45:46 (UTC)
Současný stav: Dokončeno
Výsledek: 1/40 (2.5%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.04 -
Antiy-AVL 2.0.3.7 2010.02.04 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.04 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.04 -
ClamAV 0.96.0.0-git 2010.02.04 -
Comodo 3819 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7283 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
Jiangmin 13.0.900 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5882 2010.02.04 -
McAfee+Artemis 5882 2010.02.04 -
McAfee-GW-Edition 6.8.5 2010.02.04 Heuristic.BehavesLike.Win32.Packed.I
Microsoft 1.5406 2010.02.04 -
NOD32 4835 2010.02.04 -
Norman 6.04.03 2010.02.04 -
nProtect 2009.1.8.0 2010.02.04 -
Panda 10.0.2.2 2010.02.04 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.04 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.180 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.4.2172 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.04 -
Rozšiřující informace
File size: 359808 bytes
MD5...: b4e29943b4b04bd5e7381546848e6669
SHA1..: 134f6e92e0474a32490dc169ae5ac168fa96c2b1
SHA256: b87f7bbbf007e19f6d9fc11815425d2f404c0693c49713b449c1a773c9512472
ssdeep: 6144:jaALiGdmz77B9dwUgvrGWZ7xBiqOOnFHfpY8eWKKOizAo9JVVAb53wMc/vl
JtdGM:OALiimP7B9dwP1YAnpfpsgRzAo9JVVan
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x51416
timedatestamp.....: 0x444775d3 (Thu Apr 20 11:51:47 2006)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3eb46 0x3eb80 6.60 0070c0fe071f86ff450abb82796a707b
.rdata 0x3ef00 0x57c 0x580 4.44 69aa09759336b6e0507386af3bbb6dcc
.data 0x3f480 0xa4a4 0xa500 0.06 3c6615b610e6de876b2c262b0758fd16
PAGE 0x49980 0x1f2b 0x1f80 6.38 81d20590d39aa950d5bf471b3be448de
PAGELK 0x4b900 0x6f2 0x700 6.22 9af2dd2d18cd58f1055a9beeb544167e
PAGEIPMc 0x4c000 0x2781 0x2800 6.43 e1de3c0bdeb74f323da3399d8c48e2cf
.edata 0x4e800 0x341 0x380 5.21 ec24162692a0d59d9dc3f33c776159b4
INIT 0x4eb80 0x5836 0x5880 6.21 56b0bf9da7a059179f57ab00094761f5
.rsrc 0x54400 0x3f0 0x400 3.40 542b54f6047b1b152fb11007523f7fdf
.reloc 0x54800 0x355c 0x3580 6.81 22673530fa14c0fa0b8d5337c10fdd05

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Protocol Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Prvni log Gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-04 18:59:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Karel\LOCALS~1\Temp\pgtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF72A2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF72A3340]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86D9D1E8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 848C6790

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

Druhy log Gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-04 19:12:36
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Karel\LOCALS~1\Temp\pgtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAE49D8C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAE49A6D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAE4A74C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAE49DE80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAE4A4C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAE4A4E80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAE4A8D80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAE49DF70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAE49AC60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAE4A7D40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAE4A7AF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAE4A45F0]
SSDT sptd.sys ZwEnumerateKey [0xF72A2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF72A3340]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xAE4973A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAE4A8260]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAE4A82E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xAE4A9000]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAE49AAC0]
SSDT sptd.sys ZwOpenKey [0xF729D0B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAE4A64F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAE4A62B0]
SSDT sptd.sys ZwQueryKey [0xF72A3418]
SSDT sptd.sys ZwQueryValueKey [0xF72A3298]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAE4A89A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAE4A8400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAE49D4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAE4A87F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAE49DA90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAE49AE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xAE497180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAE4A7830]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAE4A5570]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAE4A53F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xAE4975C0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 80503B28 12 Bytes [80, DE, 49, AE, 70, 4C, 4A, ...] {SBB DH, 0x49; SCASB ; JO 0x52; DEC EDX; SCASB ; OR BYTE [ESI+0x4a], 0xae}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D18 80503BF4 12 Bytes [A0, 73, 49, AE, 60, 82, 4A, ...]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? srescan.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F6E8D62C 5 Bytes JMP 86C54770
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF695C000, 0x1C5D38, 0xE8000020]
? System32\Drivers\amgw780d.SYS Systém nemůže nalézt uvedenou cestu. !
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAE718A00]

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[676] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F729DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F729DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F729E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F729E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72B329A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE4A2400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE4A0770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE4A2B40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE4A2210] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

#8 Příspěvek od **motji** » 04 úno 2010 20:05

otestujte na www.virustotal.com
C:\WINDOWS\system32\drivers\Senfilt.sys

Jak to ted vypadá s počítačem?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Draisy · #9 Příspěvek od **Draisy** » 04 úno 2010 22:30

otestujte na www.virustotal.com - C:\WINDOWS\system32\drivers\Senfilt.sys

Soubor senfilt.sys přijatý 2010.02.04 21:19:46 (UTC)
Současný stav: Dokončeno
Výsledek: 0/39 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.04 -
AhnLab-V3 5.0.0.2 2010.02.04 -
AntiVir 7.9.1.158 2010.02.04 -
Antiy-AVL 2.0.3.7 2010.02.04 -
Authentium 5.2.0.5 2010.02.04 -
Avast 4.8.1351.0 2010.02.04 -
AVG 9.0.0.730 2010.02.04 -
BitDefender 7.2 2010.02.04 -
CAT-QuickHeal 10.00 2010.02.04 -
ClamAV 0.96.0.0-git 2010.02.04 -
Comodo 3821 2010.02.04 -
DrWeb 5.0.1.12222 2010.02.04 -
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7283 2010.02.04 -
F-Prot 4.5.1.85 2010.02.04 -
F-Secure 9.0.15370.0 2010.02.04 -
Fortinet 4.0.14.0 2010.02.04 -
GData 19 2010.02.04 -
Ikarus T3.1.1.80.0 2010.02.04 -
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.04 -
McAfee 5882 2010.02.04 -
McAfee+Artemis 5882 2010.02.04 -
McAfee-GW-Edition 6.8.5 2010.02.04 -
Microsoft 1.5406 2010.02.04 -
NOD32 4836 2010.02.04 -
Norman 6.04.03 2010.02.04 -
nProtect 2009.1.8.0 2010.02.04 -
Panda 10.0.2.2 2010.02.04 -
PCTools 7.0.3.5 2010.02.04 -
Prevx 3.0 2010.02.04 -
Rising 22.33.03.04 2010.02.04 -
Sophos 4.50.0 2010.02.04 -
Sunbelt 3.2.1858.2 2010.02.04 -
TheHacker 6.5.1.0.180 2010.02.04 -
TrendMicro 9.120.0.1004 2010.02.04 -
VBA32 3.12.12.1 2010.02.04 -
ViRobot 2010.2.4.2172 2010.02.04 -
VirusBuster 5.0.21.0 2010.02.04 -
Rozšiřující informace
File size: 392960 bytes
MD5...: b6a6b409fda9d9ebd3aadb838d3d7173
SHA1..: 9e8ed179d4f48365787b16e68581ab983ec48dc8
SHA256: 0a9a4c15c83aacba9fc87b674cb17375de988b41448a65101647ae67bdd15377
ssdeep: 6144:dffnuDGQWWVzdzt7Rwwnq4x/UqemhMJqFW1Uih0DH/Fjh7OdKX:dWDDWWVh
BRRNUqemhMJqah0jFjZkK
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x58a00
timedatestamp.....: 0x4415a07c (Mon Mar 13 16:40:28 2006)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x426da 0x42700 6.65 b6304a22ff56bf4386d20c61a4dcd0fc
page 0x42a80 0x15ea5 0x15f00 6.40 b0c636e7ceae01154ffac646f1652b7b
init 0x58980 0xd8c 0xe00 6.18 6d525004b84f46438a353ed2264b2332
.data 0x59780 0x2740 0x2780 0.66 9a9c8cac27ec83081ecd097f0ab1d47d
.CRT 0x5bf00 0x14 0x80 0.52 ceceeae98999603f49c260ac22e723bc
init 0x5bf80 0x28 0x80 1.52 1e3caf3db673d56b3e5fc316c25e029e
INIT 0x5c000 0x728 0x780 5.33 23409d6cddc935ba264f99a69e846754
.rsrc 0x5c780 0x2a8 0x300 2.96 688f7e4bd414e655457b54afe884d4b4
.reloc 0x5ca80 0x3446 0x3480 6.27 5edf6c7eeaa0623c584825cbfc9c09ab

( 3 imports )
> ntoskrnl.exe: RtlStringFromGUID, KeReleaseSemaphore, ObfDereferenceObject, KeSetEvent, ObReferenceObjectByHandle, ExEventObjectType, InterlockedIncrement, InterlockedDecrement, _purecall, RtlCompareUnicodeString, RtlCompareMemory, KeInitializeMutex, KeWaitForSingleObject, KeReleaseMutex, ZwClose, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, ZwCreateFile, KeResetEvent, InterlockedExchange, KeCancelTimer, KeClearEvent, _aulldiv, _allmul, RtlFreeUnicodeString, KeSetTimer, PsTerminateSystemThread, KeInitializeTimer, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExFreePool, IoAllocateMdl, IoAllocateIrp, IoFreeIrp, IoFreeMdl, MmUnlockPages, MmMapLockedPages, MmProbeAndLockPages, _except_handler3, IoGetDeviceProperty, IofCompleteRequest, IoReleaseCancelSpinLock, IoDeleteDevice, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoAttachDeviceToDeviceStack, IoCreateDevice, InterlockedCompareExchange, RtlEqualUnicodeString, wcslen, RtlInitUnicodeString, IoGetDeviceInterfaces, RtlUnicodeStringToAnsiString, RtlAnsiStringToUnicodeString, ZwQueryValueKey, ZwSetValueKey, ZwCreateKey, ZwOpenKey, IoIsWdmVersionAvailable, KeDelayExecutionThread, ZwReadFile, ZwWriteFile, MmBuildMdlForNonPagedPool, ExAllocatePoolWithTag, RtlRaiseException, KeBugCheckEx
> ks.sys: KsCreatePin
> HAL.dll: KeQueryPerformanceCounter

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Sensaura
copyright....: Copyright (c) 2005 Sensaura
product......: n/a
description..: Sensaura WDM 3D Audio Driver
original name: n/a
internal name: n/a
file version.: 5.10.00.3524
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Jak to ted vypadá s počítačem?
PC stale spatny

MBAM - Nainstalujte,dejte úplný sken
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3690
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4.2.2010 22:04:57
mbam-log-2010-02-04 (22-04-34).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|F:\|I:\|)
Zkontrolované objekty: 668645
Uplynulý čas: 1 hour(s), 36 minute(s), 30 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
I:\ZALOHY_NA_DISKU_I\Záloha_programy_09.11.21\ALCOHOL\Alcohol120_1.9.6.4719-crack\Alcohol.exe (Trojan.Agent) -> No action taken.
I:\ZALOHY_NA_DISKU_I\Záloha_programy_09.11.21\CloneCD 5.3.0.5\patch.exe (Malware.NSPack) -> No action taken.

#10 Příspěvek od **motji** » 04 úno 2010 22:36

Co našel mbam, smažte

Draisy · #11 Příspěvek od **Draisy** » 04 úno 2010 22:59

Smazáno

#12 Příspěvek od **motji** » 04 úno 2010 23:15

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Draisy · #13 Příspěvek od **Draisy** » 04 úno 2010 23:43

Nelze nainstalovat. Musim do nouzoveho rezimu. Necham bezet pres noc a rano poslu log. Prozatim dekuji za ochotu.

Draisy · #14 Příspěvek od **Draisy** » 05 úno 2010 10:59

Kontrola AVPTool probehla. Neco to smazalo. Log jsem ulozil. Zavreni a odinstalace chtela restart. Windows od te doby v normalnim rezimu zcela nenabehnou. Nic nejde spustit. Objevi se plocha a neuplna lista. Rozkliknu-li maly textovy soubor na plose objevi se presypci hodiny, najedu-li mysi na listu > presypci hodiny. Ctrl+Alt+Del nic neudela. Alt+F4 tez ne. Nouzovy rezim funguje, ale nepripojim se k internetu abych odeslal log.

#15 Příspěvek od **motji** » 05 úno 2010 11:37

a nemůžete log zkopírovat na flešku, nebo alespon opsat, co smazal?

Zkuste obnovu systému

start - spustit - napište

%SystemRoot%\System32\restore\rstrui.exe

A vyberte bod obnovy, kdy bylo vše v pořádku.

Máte inst.cd?

VIRY.CZ

Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor

Re: Rozpada se obraz, spatne bitove kopie a maly strank. soubor