vir Trojan.Generic + log z MWAV a RSIT

Zpráva

Stajda · #1 Příspěvek od **Stajda** » 06 úno 2010 19:58

Dobrý den,
dostal jsem se dálkově k PC jedné uživatelky a všiml jsem si, že se nespustil NOD32 - hláška: "Chyba při komunikaci se službou NOD32 Kernel". Nejde spustit ani přes "services.msc" -"služba neodpověděla dostatečně včas". Po odkliknutí hlášky služba NOD32 v procesech už není. Dle uživatelky Nod tuto hlášku o chybě zobrazuje už několik měsíců!!! Proto jsem u RSITu nastavil maximum 3 měsíce.
Děkuji předem za radu, jak to vyléčit.

Log z MWAV:
Objekt "Registry Doktor 2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Lidka\file.exe je infikovaný virem Trojan.Generic.1930344 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108426.dll je infikovaný virem Trojan.Generic.1821029 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108427.exe je infikovaný virem Trojan.Generic.1981090 (DB) !! Provedené akce: Ponecháno, neodstraněno!.

Log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by swaczynova at 2010-02-06 19:24:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 15 GB (39%) free of 38 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:06, on 6.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPSmart\UPServ.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\UPSmart\UPSmart.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gemini\ncm\GNCMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\nod32kui.exe
C:\DOCUME~1\SWACZY~1\LOCALS~1\Temp\mexe.com
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\swaczynova\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\swaczynova.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\Gemini\ncm\GNCMTray.exe
O4 - HKLM\..\Run: [Kontrola objednávek] C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-515967899-573735546-725345543-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'smrzova')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3955310921
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9FB52B-FCF1-443D-8189-364355409B2D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\Gemini\ncm\GNCM.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: UPSmartDB9 - Unknown owner - C:\Program Files\UPSmart\UPServ.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5798 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-04 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"Gemini NCM Status"=C:\Program Files\Gemini\ncm\GNCMTray.exe [2004-01-16 49257]
"Kontrola objednávek"=C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe [2005-11-29 45056]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-02-04 949376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
C:\WINDOWS\system32\gemstrmw.exe [2004-08-09 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2003-02-06 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-12-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2003-02-06 45108]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lidka^Nabídka Start^Programy^Po spuštění^Zástupce - tiskárna.lnk]
C:\DOCUME~1\Lidka\Plocha\TISKRN~1.BAT [2008-11-24 55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"gupdate1ca99d37cb1cafa"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Přehled výroby\PlanPrehled.exe"="C:\Program Files\Přehled výroby\PlanPrehled.exe:*:Enabled:PlanPrehled"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\hp laserjet m2727\Fax Config utility0.exe"="C:\Program Files\HP\hp laserjet m2727\Fax Config utility0.exe:*:Enabled:HP Networked Printer Installer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-02-06 19:24:58 ----D---- C:\Program Files\trend micro
2010-02-06 19:24:57 ----D---- C:\rsit
2010-02-06 18:00:03 ----AD---- C:\WINDOWS\rundll16.exe
2010-02-06 18:00:03 ----AD---- C:\WINDOWS\logo1_.exe
2010-02-06 17:40:24 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Macromedia
2010-02-06 17:40:24 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Adobe
2010-02-06 17:34:51 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Mozilla
2010-02-06 17:25:38 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Identities
2010-02-06 17:25:29 ----SD---- C:\Documents and Settings\swaczynova\Data aplikací\Microsoft
2010-02-06 17:25:29 ----ASH---- C:\Documents and Settings\swaczynova\Data aplikací\desktop.ini
2010-02-04 12:34:32 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\VDLL.DLL
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\logo_1.exe
2010-02-04 12:21:31 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-02-04 12:21:30 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-02-04 12:21:29 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-02-04 12:21:26 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-02-04 12:21:26 ----A---- C:\WINDOWS\system32\T.COM
2010-02-04 12:21:26 ----A---- C:\WINDOWS\REGEDIT.COM
2010-02-04 12:21:26 ----A---- C:\WINDOWS\R.COM
2010-02-04 12:21:24 ----D---- C:\Program Files\Common Files\MicroWorld
2010-02-04 12:21:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-02-04 11:59:08 ----D---- C:\avenger
2010-02-04 11:58:39 ----A---- C:\avenger.txt
2010-02-04 11:40:06 ----D---- C:\Program Files\CCleaner
2010-02-04 11:18:47 ----A---- C:\WINDOWS\system32\imon.dll
2010-02-04 09:57:28 ----D---- C:\Program Files\MozBackup
2010-02-04 09:57:09 ----D---- C:\USMT2.UNC
2010-01-26 06:04:29 ----D---- C:\Program Files\Autodesk
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-01-26 06:04:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-01-26 06:03:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-01-20 14:21:25 ----D---- C:\Program Files\Common Files\Skype
2010-01-20 14:21:22 ----RD---- C:\Program Files\Skype
2010-01-20 14:21:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-11-24 05:44:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\SmartCard Reader Installation

======List of files/folders modified in the last 3 months======

2010-02-06 19:24:59 ----D---- C:\WINDOWS\Prefetch
2010-02-06 19:24:58 ----RD---- C:\Program Files
2010-02-06 18:00:03 ----D---- C:\WINDOWS
2010-02-06 17:26:58 ----SHD---- C:\RECYCLER
2010-02-06 17:25:40 ----SHD---- C:\WINDOWS\Installer
2010-02-06 17:25:40 ----HD---- C:\Config.Msi
2010-02-06 17:25:29 ----D---- C:\Documents and Settings
2010-02-06 17:23:25 ----D---- C:\WINDOWS\Temp
2010-02-06 10:54:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-06 09:58:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-06 07:54:49 ----A---- C:\WINDOWS\TextSpy.ini
2010-02-05 12:58:57 ----D---- C:\WINDOWS\system32
2010-02-04 17:40:48 ----D---- C:\Program Files\Mozilla Firefox
2010-02-04 12:50:44 ----SH---- C:\boot.ini
2010-02-04 12:50:44 ----A---- C:\WINDOWS\win.ini
2010-02-04 12:50:44 ----A---- C:\WINDOWS\system.ini
2010-02-04 12:48:58 ----D---- C:\Program Files\Common Files
2010-02-04 12:47:55 ----D---- C:\WINDOWS\system32\drivers
2010-02-04 12:36:59 ----D---- C:\WINDOWS\WinSxS
2010-02-04 11:40:20 ----D---- C:\WINDOWS\Debug
2010-02-04 11:18:47 ----D---- C:\Program Files\ESET
2010-02-04 11:06:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 10:32:42 ----D---- C:\Program Files\NetMeeting
2010-02-04 10:14:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-28 09:17:44 ----D---- C:\PrikazKB
2010-01-26 06:05:02 ----RSD---- C:\WINDOWS\Fonts
2010-01-26 06:04:18 ----D---- C:\WINDOWS\system32\DirectX
2010-01-26 06:04:17 ----HD---- C:\WINDOWS\inf
2010-01-26 06:02:27 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-20 14:30:58 ----SD---- C:\WINDOWS\Tasks
2010-01-20 14:22:54 ----D---- C:\Program Files\Google
2009-12-21 06:02:49 ----D---- C:\Program Files\profibanka
2009-12-10 12:04:47 ----A---- C:\nd00.txt
2009-12-03 08:58:42 ----A---- C:\WINDOWS\toptrans.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-02-04 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-02-04 512096]
R2 SpPortEx;Samsung Port Exclusion; C:\WINDOWS\System32\Drivers\SpPortEx.sys [1999-12-15 7168]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-04-11 11264]
S3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-04-11 14336]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys []
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2001-07-24 241664]
R2 UPSmartDB9;UPSmartDB9; C:\Program Files\UPSmart\UPServ.exe [2000-08-30 61440]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-02-04 552064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\Gemini\ncm\GNCM.exe [2004-01-16 176225]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 311872]
S4 gupdate1ca99d37cb1cafa;Služba Google Update (gupdate1ca99d37cb1cafa); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-20 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]

-----------------EOF-----------------

aiRen · #2 Příspěvek od **aiRen** » 06 úno 2010 20:03

To, že sa nespustí NOD nemusí hneď znamenať vírus, ale keď ste ho tam našli tak to potom môže byť ono. Niektore vírusy spôsobuju zastavanie programov (Teda AV)

Skúste to spustiť cez prikazový riadok, to niekedy pomáha.

#3 Příspěvek od **motji** » 06 úno 2010 22:02

Stajda

Dobrý večer

Zkoušeli jste Nod přeinstalovat?

S avengerem jste dělali co?

:arrow:combofix stahněte takto:
-pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď to přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

editováno

Stajda · #4 Příspěvek od **Stajda** » 07 úno 2010 21:14

Dobrý večer, zdravím na Hanou

,
píšu až nyní, protože mi ComboFix odřízl Remote Administrátora, takže jsem musel fyzicky k PC.
Noda jsem předtím zkoušel odstranit, vyčistit PC Ccleanerem a znovu nainstalovat, ale stále hlásil tu chybu.

Dle několika příznaků a hledání na fóru jsem měl podezření na Stration, Avenger ale nic nenašel (postupoval jsem dle http://www.viry.cz/forum/viewtopic.php?f=15&t=19832).

Takže spustil jsem ComboFix a po odhlášení Nod už najel! Takže jsem jej zaktualizoval a projel disky, našlo to ve složce Obnovení systému:
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108427.exe - Win32/Agent.PKN trojský kůň - smazán

Zároveň už začaly fungovat i aktualizace systému, tak jsem ho zaktualizoval a provedl nový test ComboFixem (protože jsem věděl, že mi to opět odřízne Remote Admin, tak jsem tam nejprve nainstaloval LogMeIn). Bohužel mi pro změnu nešel NOD vypnout (rezidentní ochrana) - ani přes services.msc to nešlo - možnosti pro vypnutí nebo restart byly zašedlé.
Zde je log:

ComboFix 10-02-07.02 - swaczynova 07.02.2010 20:37:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.669 [GMT 1:00]
Spuštěný z: c:\documents and settings\swaczynova\Plocha\Potvora.com
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AdmDll.dll
c:\windows\system32\raddrv.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_R_SERVER
-------\Service_r_server

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-07 do 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-07 19:27 . 2009-09-28 18:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-02-07 19:27 . 2009-09-28 18:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-02-07 19:27 . 2009-09-28 18:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-02-07 19:27 . 2008-08-11 11:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-02-07 19:27 . 2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-02-07 19:27 . 2010-02-07 19:51 -------- d-----w- c:\program files\LogMeIn
2010-02-07 15:07 . 2010-02-07 15:07 -------- d-----w- c:\windows\ServicePackFiles
2010-02-07 14:41 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-07 14:41 . 2008-06-14 18:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-02-07 14:09 . 2010-02-07 14:09 -------- d-----w- c:\program files\MSXML 6.0
2010-02-07 13:28 . 2010-02-07 14:03 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-07 13:19 . 2010-02-07 13:19 -------- d-----w- c:\program files\MSXML 4.0
2010-02-07 13:17 . 2009-08-04 17:07 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-07 13:17 . 2009-08-04 17:07 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-07 13:17 . 2009-08-04 17:07 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-07 13:17 . 2009-08-04 17:07 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-06 18:24 . 2010-02-06 18:25 -------- d-----w- c:\program files\trend micro
2010-02-06 18:24 . 2010-02-06 18:25 -------- d-----w- C:\rsit
2010-02-06 17:00 . 2010-02-06 17:00 -------- d---a-w- c:\windows\rundll16.exe
2010-02-06 17:00 . 2010-02-06 17:00 -------- d---a-w- c:\windows\logo1_.exe
2010-02-04 11:23 . 2010-02-04 11:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-04 11:23 . 2010-02-04 11:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-04 11:23 . 2010-02-04 11:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-04 11:23 . 2010-02-04 11:23 -------- d---a-w- c:\windows\logo_1.exe
2010-02-04 11:21 . 2010-02-04 11:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-04 11:21 . 2010-02-04 11:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-04 11:21 . 2010-02-04 11:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-04 11:21 . 2004-08-18 12:00 147968 ----a-w- c:\windows\R.COM
2010-02-04 11:21 . 2004-08-18 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-02-04 11:21 . 2010-02-04 11:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-04 11:01 . 2010-02-04 11:01 3046 ----a-w- C:\avenger.reg
2010-02-04 10:40 . 2010-02-04 10:40 -------- d-----w- c:\program files\CCleaner
2010-02-04 10:18 . 2010-02-04 10:18 298104 ----a-w- c:\windows\system32\imon.dll
2010-02-04 10:18 . 2010-02-04 10:18 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-02-04 10:18 . 2010-02-04 10:18 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-02-04 10:03 . 2010-02-04 10:40 -------- d-----w- c:\documents and settings\minarova\Plocha
2010-02-04 10:03 . 2010-02-04 10:39 -------- d-----r- c:\documents and settings\minarova\Dokumenty
2010-02-04 10:03 . 2010-02-04 10:22 -------- d--h--r- c:\documents and settings\minarova\Data aplikací
2010-02-04 10:03 . 2010-02-04 10:21 -------- d--h--w- c:\documents and settings\minarova\Okolní síť
2010-02-04 10:03 . 2010-02-04 10:03 -------- d-----r- c:\documents and settings\minarova\Oblíbené položky
2010-02-04 10:03 . 2005-12-07 10:39 -------- d--h--w- c:\documents and settings\minarova\Šablony
2010-02-04 10:03 . 2005-12-05 13:42 -------- d--h--w- c:\documents and settings\minarova\Okolní tiskárny
2010-02-04 10:03 . 2005-12-05 13:42 -------- d-----r- c:\documents and settings\minarova\Nabídka Start
2010-02-04 10:03 . 2010-02-04 10:40 -------- d-----w- c:\documents and settings\minarova
2010-02-04 08:57 . 2010-02-04 08:57 -------- d-----w- c:\program files\MozBackup
2010-02-04 08:57 . 2010-02-04 09:09 -------- d-----w- C:\USMT2.UNC
2010-01-26 05:04 . 2010-01-26 05:05 -------- d-----w- c:\program files\Autodesk
2010-01-26 05:04 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-01-26 05:04 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-01-26 05:04 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-01-20 13:30 . 2010-01-20 13:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-20 13:21 . 2010-01-20 13:21 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 13:21 . 2010-01-20 13:21 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 15:36 . 2005-12-07 11:09 -------- d-----w- c:\program files\ESET
2010-02-07 14:39 . 2005-12-07 11:10 -------- d-----w- c:\program files\Radmin
2010-02-07 14:17 . 2004-08-18 12:00 488660 ----a-w- c:\windows\system32\perfh005.dat
2010-02-07 14:17 . 2004-08-18 12:00 106456 ----a-w- c:\windows\system32\perfc005.dat
2010-02-07 14:13 . 2010-02-07 14:13 -------- d-----w- c:\program files\MSBuild
2010-02-07 14:13 . 2010-02-07 14:13 -------- d-----w- c:\program files\Reference Assemblies
2010-01-20 13:22 . 2007-02-02 12:02 -------- d-----w- c:\program files\Google
2009-12-22 05:42 . 2004-08-18 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 05:02 . 2006-02-08 10:44 -------- d-----w- c:\program files\profibanka
2009-11-21 16:46 . 2004-08-18 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-02-06 13:19 . 2008-02-06 13:19 608 --sha-w- c:\windows\system32\winzvprt5.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"Gemini NCM Status"="c:\program files\Gemini\ncm\GNCMTray.exe" [2004-01-16 49257]
"Kontrola objednávek"="c:\program files\Kontrola objednávek\Kontrola nových objednávek.exe" [2005-11-29 45056]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-04 949376]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lidka^Nabídka Start^Programy^Po spuštění^Zástupce - tiskárna.lnk]
path=c:\documents and settings\Lidka\Nabídka Start\Programy\Po spuštění\Zástupce - tiskárna.lnk
backup=c:\windows\pss\Zástupce - tiskárna.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
2004-08-09 13:09 24576 ------w- c:\windows\system32\gemstrmw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2003-02-06 12:08 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-12-13 15:56 49152 ----a-w- c:\program files\Scansoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2003-02-06 11:42 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
2002-12-16 15:51 36864 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-23 14:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1ca99d37cb1cafa"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Přehled výroby\\PlanPrehled.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:Radmin

R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [7.12.2005 11:59 89610]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.2.2010 11:18 15424]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7.2.2010 20:27 47640]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe -sPROFIBANKA [?]
R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [16.12.2005 9:52 7168]
R2 UPSmartDB9;UPSmartDB9;c:\program files\UPSmart\UPServ.exe UPSmartDB9 --> c:\program files\UPSmart\UPServ.exe UPSmartDB9 [?]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [24.11.2009 5:44 87424]
S3 GNCM;Gemini Network Communication Manager;c:\program files\Gemini\ncm\GNCM.exe [16.1.2004 13:57 176225]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [13.2.2007 9:54 61776]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [6.2.2008 14:14 14336]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA;c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA --> c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE -i PROFIBANKA [?]
S4 gupdate1ca99d37cb1cafa;Služba Google Update (gupdate1ca99d37cb1cafa);c:\program files\Google\Update\GoogleUpdate.exe [20.1.2010 14:21 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 13:21]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 13:21]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
TCP: {1C9FB52B-FCF1-443D-8189-364355409B2D} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\swaczynova\Data aplikací\Mozilla\Firefox\Profiles\u3t0mc6g.default\
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 20:51
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:31,53,04,eb,fa,ed,2b,8d,6a,63,b6,7b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
c:\program files\Eset\nod32krn.exe
c:\program files\UPSmart\UPServ.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\UPSmart\UPSmart.EXE
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Celkový čas: 2010-02-07 20:56:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-07 19:56

Před spuštěním: Volných bajtů: 13 190 619 136
Po spuštění: Volných bajtů: 13 198 143 488

- - End Of File - - E57D503F0171A38F3549548B480ADD3A

#5 Příspěvek od **motji** » 07 úno 2010 22:12

A tento log je ten druhý z combofixu?
V logu Rsitu byli vidět stopnuté aktualizace a drivery pravděpodobně od rootkitu, ale v tomto logu rootkit není

.

Poprosím Vás o nový log ze Rsitu

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Stajda · #6 Příspěvek od **Stajda** » 08 úno 2010 01:36

Ano to byl ten druhý log z ComboFixu.

Nový log z RSITu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by swaczynova at 2010-02-08 00:42:39
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (33%) free of 38 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:42:42, on 8.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPSmart\UPServ.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\UPSmart\UPSmart.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gemini\ncm\GNCMTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\swaczynova\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\swaczynova.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\Gemini\ncm\GNCMTray.exe
O4 - HKLM\..\Run: [Kontrola objednávek] C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3955310921
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9FB52B-FCF1-443D-8189-364355409B2D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\Gemini\ncm\GNCM.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UPSmartDB9 - Unknown owner - C:\Program Files\UPSmart\UPServ.exe

--
End of file - 5899 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-04 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"Gemini NCM Status"=C:\Program Files\Gemini\ncm\GNCMTray.exe [2004-01-16 49257]
"Kontrola objednávek"=C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe [2005-11-29 45056]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-02-04 949376]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
C:\WINDOWS\system32\gemstrmw.exe [2004-08-09 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2003-02-06 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-12-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2003-02-06 45108]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lidka^Nabídka Start^Programy^Po spuštění^Zástupce - tiskárna.lnk]
C:\DOCUME~1\Lidka\Plocha\TISKRN~1.BAT [2008-11-24 55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"gupdate1ca99d37cb1cafa"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Přehled výroby\PlanPrehled.exe"="C:\Program Files\Přehled výroby\PlanPrehled.exe:*:Enabled:PlanPrehled"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-07 20:56:23 ----A---- C:\ComboFix.txt
2010-02-07 20:27:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2010-02-07 20:27:24 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-02-07 20:27:24 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-02-07 20:27:17 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-02-07 20:27:07 ----D---- C:\Program Files\LogMeIn
2010-02-07 16:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-02-07 16:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-07 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-02-07 16:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-02-07 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-07 16:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-07 16:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-07 16:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-02-07 16:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-02-07 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-02-07 16:17:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-07 16:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-02-07 16:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-02-07 16:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-02-07 16:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-02-07 16:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-02-07 16:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-07 16:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-02-07 16:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2010-02-07 16:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-02-07 16:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-07 16:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-07 16:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-02-07 16:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-07 16:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-02-07 16:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-07 16:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-02-07 16:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-07 16:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-02-07 16:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-02-07 16:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-07 16:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-07 16:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-02-07 16:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-02-07 16:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-02-07 16:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-07 16:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-02-07 16:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-02-07 16:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-02-07 16:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2010-02-07 16:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-02-07 16:11:21 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-07 16:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-02-07 16:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-07 16:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-02-07 16:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-02-07 16:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-07 16:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-07 16:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-02-07 16:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-07 16:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-07 16:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-02-07 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-02-07 16:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-02-07 16:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-07 16:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-07 16:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-02-07 16:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-07 16:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-02-07 16:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-02-07 16:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-02-07 16:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-02-07 16:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-02-07 16:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-07 16:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-07 16:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-02-07 16:07:34 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-07 16:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-07 16:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-07 16:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-07 16:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-02-07 16:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-02-07 16:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-02-07 16:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-07 16:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-02-07 16:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-02-07 16:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-02-07 16:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2010-02-07 16:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-07 16:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-07 16:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-02-07 15:13:42 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-07 15:13:39 ----D---- C:\Program Files\MSBuild
2010-02-07 15:13:37 ----D---- C:\WINDOWS\system32\en-US
2010-02-07 15:13:30 ----D---- C:\Program Files\Reference Assemblies
2010-02-07 15:13:03 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-02-07 15:13:02 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-02-07 15:13:02 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-02-07 15:13:02 ----D---- C:\fbb6a0a6fef5c061f4f1c0c5
2010-02-07 15:10:01 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-07 15:09:56 ----D---- C:\Program Files\MSXML 6.0
2010-02-07 15:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-07 15:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-07 15:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-07 15:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-07 15:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-07 14:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-07 14:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-07 14:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-07 14:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-07 14:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-07 14:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-07 14:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-07 14:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-07 14:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-07 14:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-07 14:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-07 14:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-07 14:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-07 14:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-07 14:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-07 14:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-07 14:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-07 14:28:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-07 14:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-07 14:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-07 14:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-07 14:20:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-07 14:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-07 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-07 14:19:58 ----D---- C:\Program Files\MSXML 4.0
2010-02-07 14:19:33 ----A---- C:\WINDOWS\imsins.BAK
2010-02-07 14:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-07 14:17:35 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Google
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-07 13:55:37 ----A---- C:\Boot.bak
2010-02-07 13:55:30 ----RASHD---- C:\cmdcons
2010-02-07 13:54:29 ----A---- C:\WINDOWS\zip.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\SWSC.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\SWREG.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\sed.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\PEV.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\MBR.exe
2010-02-07 13:54:29 ----A---- C:\WINDOWS\grep.exe
2010-02-07 13:54:23 ----D---- C:\WINDOWS\ERDNT
2010-02-07 13:53:58 ----D---- C:\Qoobox
2010-02-06 19:24:58 ----D---- C:\Program Files\trend micro
2010-02-06 19:24:57 ----D---- C:\rsit
2010-02-06 18:00:03 ----AD---- C:\WINDOWS\rundll16.exe
2010-02-06 18:00:03 ----AD---- C:\WINDOWS\logo1_.exe
2010-02-06 17:40:24 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Macromedia
2010-02-06 17:40:24 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Adobe
2010-02-06 17:34:51 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Mozilla
2010-02-06 17:25:38 ----D---- C:\Documents and Settings\swaczynova\Data aplikací\Identities
2010-02-06 17:25:29 ----SD---- C:\Documents and Settings\swaczynova\Data aplikací\Microsoft
2010-02-06 17:25:29 ----ASH---- C:\Documents and Settings\swaczynova\Data aplikací\desktop.ini
2010-02-04 12:34:32 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\VDLL.DLL
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\logo_1.exe
2010-02-04 12:21:31 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-02-04 12:21:30 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-02-04 12:21:29 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-02-04 12:21:26 ----A---- C:\WINDOWS\system32\T.COM
2010-02-04 12:21:26 ----A---- C:\WINDOWS\R.COM
2010-02-04 12:21:24 ----D---- C:\Program Files\Common Files\MicroWorld
2010-02-04 12:21:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-02-04 11:59:08 ----D---- C:\avenger
2010-02-04 11:58:39 ----A---- C:\avenger.txt
2010-02-04 11:40:06 ----D---- C:\Program Files\CCleaner
2010-02-04 11:18:47 ----A---- C:\WINDOWS\system32\imon.dll
2010-02-04 09:57:28 ----D---- C:\Program Files\MozBackup
2010-02-04 09:57:09 ----D---- C:\USMT2.UNC
2010-01-26 06:04:29 ----D---- C:\Program Files\Autodesk
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-01-26 06:04:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-01-26 06:03:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-01-20 14:21:25 ----D---- C:\Program Files\Common Files\Skype
2010-01-20 14:21:22 ----RD---- C:\Program Files\Skype
2010-01-20 14:21:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of files/folders modified in the last 1 months======

2010-02-08 00:42:12 ----D---- C:\WINDOWS\Prefetch
2010-02-08 00:05:50 ----D---- C:\WINDOWS\Temp
2010-02-07 20:56:25 ----D---- C:\WINDOWS\system32\drivers
2010-02-07 20:55:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-07 20:51:56 ----D---- C:\WINDOWS
2010-02-07 20:51:56 ----A---- C:\WINDOWS\system.ini
2010-02-07 20:43:27 ----D---- C:\WINDOWS\system32\config
2010-02-07 20:43:00 ----D---- C:\WINDOWS\system32
2010-02-07 20:41:35 ----D---- C:\WINDOWS\AppPatch
2010-02-07 20:41:33 ----D---- C:\Program Files\Common Files
2010-02-07 20:37:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-07 20:27:28 ----SHD---- C:\WINDOWS\Installer
2010-02-07 20:27:28 ----D---- C:\Config.Msi
2010-02-07 20:27:21 ----HD---- C:\WINDOWS\inf
2010-02-07 20:27:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-07 20:27:07 ----RD---- C:\Program Files
2010-02-07 20:25:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-07 16:36:18 ----D---- C:\Program Files\ESET
2010-02-07 16:20:37 ----D---- C:\WINDOWS\system32\wbem
2010-02-07 16:20:37 ----D---- C:\WINDOWS\msagent
2010-02-07 16:18:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-07 16:18:19 ----D---- C:\Program Files\Messenger
2010-02-07 16:16:50 ----D---- C:\WINDOWS\WinSxS
2010-02-07 16:14:28 ----D---- C:\Program Files\Windows Media Player
2010-02-07 16:13:48 ----D---- C:\Program Files\Outlook Express
2010-02-07 16:13:48 ----D---- C:\Program Files\Common Files\System
2010-02-07 16:13:09 ----D---- C:\WINDOWS\system32\Com
2010-02-07 15:51:04 ----RSD---- C:\WINDOWS\assembly
2010-02-07 15:48:16 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-07 15:39:00 ----D---- C:\Program Files\Radmin
2010-02-07 15:32:42 ----A---- C:\WINDOWS\TextSpy.ini
2010-02-07 15:17:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-07 15:13:35 ----RSD---- C:\WINDOWS\Fonts
2010-02-07 15:13:13 ----D---- C:\WINDOWS\system32\spool
2010-02-07 15:01:13 ----D---- C:\Program Files\Internet Explorer
2010-02-07 14:28:16 ----D---- C:\WINDOWS\Debug
2010-02-07 14:25:07 ----D---- C:\WINDOWS\Registration
2010-02-07 14:02:52 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-07 14:02:52 ----D---- C:\WINDOWS\Help
2010-02-07 13:55:37 ----RASH---- C:\boot.ini
2010-02-06 17:25:29 ----D---- C:\Documents and Settings
2010-02-04 17:40:48 ----D---- C:\Program Files\Mozilla Firefox
2010-02-04 12:50:44 ----A---- C:\WINDOWS\win.ini
2010-02-04 10:32:42 ----D---- C:\Program Files\NetMeeting
2010-02-04 10:14:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-28 09:17:44 ----D---- C:\PrikazKB
2010-01-26 06:04:18 ----D---- C:\WINDOWS\system32\DirectX
2010-01-20 14:30:58 ----SD---- C:\WINDOWS\Tasks
2010-01-20 14:22:54 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-02-04 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-02-04 512096]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 SpPortEx;Samsung Port Exclusion; C:\WINDOWS\System32\Drivers\SpPortEx.sys [1999-12-15 7168]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 catchme;catchme; \??\C:\Potvora\catchme.sys []
R3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-04-11 11264]
S3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-04-11 14336]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys []
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\SWACZY~1\LOCALS~1\Temp\mbr.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-02-04 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 UPSmartDB9;UPSmartDB9; C:\Program Files\UPSmart\UPServ.exe [2000-08-30 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\Gemini\ncm\GNCM.exe [2004-01-16 176225]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 311872]
S4 gupdate1ca99d37cb1cafa;Služba Google Update (gupdate1ca99d37cb1cafa); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-20 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

a log z MBAMu:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3703
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8.2.2010 1:28:09
mbam-log-2010-02-08 (01-27-56).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 244507
Uplynulý čas: 33 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 14

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\Radmin\AdmDll.dll (PUP.RemoteAdmin) -> No action taken.
C:\Program Files\Radmin\raddrv.dll (PUP.RemoteAdmin) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\Lidka\file.exe.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\admdll.dll.vir (PUP.RemoteAdmin) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\raddrv.dll.vir (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP1000\A0110553.dll (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP1000\A0110554.dll (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108383.exe (Trojan.Banker) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108409.exe (Trojan.Banker) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP991\A0108426.dll (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP993\A0108890.dll (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP993\A0108892.dll (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP997\A0109847.dll (PUP.RemoteAdmin) -> No action taken.
C:\System Volume Information\_restore{E98D2BDC-DFB8-49A6-8621-0CE5D514B8CC}\RP997\A0109850.dll (PUP.RemoteAdmin) -> No action taken.

#7 Příspěvek od **motji** » 08 úno 2010 10:21

Otestujte na www.virustotal.com
C:\Program Files\Radmin\AdmDll.dll

Jak to ted vypadá s počítačem? Log ze Rsitu je už v pořádku. Náhodou ten první log z combofixu asi už nenajdete?

Stajda · #8 Příspěvek od **Stajda** » 08 úno 2010 15:17

Virustotal:
http://www.virustotal.com/cs/analisis/d ... 1265638105
Na PC je Remote Administrátor vědomě.
Ten první log z ComboFixu bohužel nemám, PC pracuje normálně, ani předtím nevykazovalo nějaké zpomalení, jen jsem si při přidání nových uživatelů všiml, že nejde ten Nod, je vypnutý firewall i aktualizace a další průběh již znáte.

#9 Příspěvek od **motji** » 08 úno 2010 15:45

Ten program ale zrovna moc bezpečně nevypadá

.

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe

Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Stajda · #10 Příspěvek od **Stajda** » 12 úno 2010 14:27

Počítač se chová v pořádku. Úkony provedeny a zde je nový log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by maderova at 2010-02-12 14:24:25
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 15 GB (38%) free of 38 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:34, on 12.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPSmart\UPServ.exe
C:\Program Files\UPSmart\UPSmart.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gemini\ncm\GNCMTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\maderova\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\maderova.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Gemini NCM Status] C:\Program Files\Gemini\ncm\GNCMTray.exe
O4 - HKLM\..\Run: [Kontrola objednávek] C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3955310921
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9FB52B-FCF1-443D-8189-364355409B2D}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Gemini Network Communication Manager (GNCM) - BSC Praha, spol. s r.o. - C:\Program Files\Gemini\ncm\GNCM.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UPSmartDB9 - Unknown owner - C:\Program Files\UPSmart\UPServ.exe

--
End of file - 6013 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-04 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"Gemini NCM Status"=C:\Program Files\Gemini\ncm\GNCMTray.exe [2004-01-16 49257]
"Kontrola objednávek"=C:\Program Files\Kontrola objednávek\Kontrola nových objednávek.exe [2005-11-29 45056]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-02-04 949376]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gemstrmw]
C:\WINDOWS\system32\gemstrmw.exe [2004-08-09 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2003-02-06 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-12-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2003-02-06 45108]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lidka^Nabídka Start^Programy^Po spuštění^Zástupce - tiskárna.lnk]
C:\DOCUME~1\Lidka\Plocha\TISKRN~1.BAT [2008-11-24 55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"gupdate1ca99d37cb1cafa"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Přehled výroby\PlanPrehled.exe"="C:\Program Files\Přehled výroby\PlanPrehled.exe:*:Enabled:PlanPrehled"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-12 14:24:25 ----D---- C:\rsit
2010-02-12 14:24:25 ----D---- C:\Program Files\trend micro
2010-02-10 07:26:46 ----D---- C:\Documents and Settings\maderova\Data aplikací\skypePM
2010-02-08 15:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-08 15:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-08 15:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-08 15:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-08 07:03:07 ----SHD---- C:\RECYCLER
2010-02-08 00:46:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-08 00:46:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-07 20:27:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2010-02-07 20:27:24 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-02-07 20:27:24 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-02-07 20:27:17 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-02-07 20:27:07 ----D---- C:\Program Files\LogMeIn
2010-02-07 16:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-02-07 16:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-07 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-02-07 16:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-02-07 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-07 16:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-07 16:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-07 16:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-02-07 16:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-02-07 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-02-07 16:17:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-07 16:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-02-07 16:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-02-07 16:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-02-07 16:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-02-07 16:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-02-07 16:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-07 16:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-02-07 16:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2010-02-07 16:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-02-07 16:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-07 16:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-07 16:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-02-07 16:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-07 16:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-02-07 16:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-07 16:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-02-07 16:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-07 16:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-02-07 16:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-02-07 16:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-07 16:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-07 16:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-02-07 16:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-02-07 16:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-02-07 16:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-07 16:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-02-07 16:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-02-07 16:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-02-07 16:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2010-02-07 16:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-02-07 16:11:21 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-07 16:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-02-07 16:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-07 16:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-02-07 16:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-02-07 16:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-07 16:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-07 16:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-02-07 16:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-07 16:09:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-07 16:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-02-07 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-02-07 16:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-02-07 16:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-07 16:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-07 16:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-02-07 16:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-07 16:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-02-07 16:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-02-07 16:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-02-07 16:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-02-07 16:08:27 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-02-07 16:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-07 16:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-07 16:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-02-07 16:07:34 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-07 16:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-07 16:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-07 16:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-07 16:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-02-07 16:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-02-07 16:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-02-07 16:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-07 16:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-02-07 16:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-02-07 16:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-02-07 16:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2010-02-07 16:06:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-07 16:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-07 16:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-02-07 15:13:42 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-07 15:13:39 ----D---- C:\Program Files\MSBuild
2010-02-07 15:13:37 ----D---- C:\WINDOWS\system32\en-US
2010-02-07 15:13:30 ----D---- C:\Program Files\Reference Assemblies
2010-02-07 15:13:03 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-02-07 15:13:02 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-02-07 15:13:02 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-02-07 15:13:02 ----D---- C:\fbb6a0a6fef5c061f4f1c0c5
2010-02-07 15:10:01 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-07 15:09:56 ----D---- C:\Program Files\MSXML 6.0
2010-02-07 15:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-07 15:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-07 15:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-07 15:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-07 15:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-07 14:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-07 14:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-07 14:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-07 14:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-07 14:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-07 14:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-07 14:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-07 14:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-07 14:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-07 14:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-07 14:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-07 14:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-07 14:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-07 14:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-07 14:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-07 14:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-07 14:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-07 14:28:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-07 14:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-07 14:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-07 14:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-02-07 14:20:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-07 14:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-07 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-07 14:19:58 ----D---- C:\Program Files\MSXML 4.0
2010-02-07 14:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-02-07 14:02:47 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-07 13:55:37 ----A---- C:\Boot.bak
2010-02-07 13:55:30 ----RASHD---- C:\cmdcons
2010-02-04 17:30:00 ----D---- C:\Documents and Settings\maderova\Data aplikací\Skype
2010-02-04 15:12:50 ----D---- C:\Documents and Settings\maderova\Data aplikací\FastStone
2010-02-04 13:12:14 ----D---- C:\Documents and Settings\maderova\Data aplikací\BSC Praha
2010-02-04 12:34:32 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\VDLL.DLL
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-02-04 12:23:22 ----AD---- C:\WINDOWS\logo_1.exe
2010-02-04 12:21:29 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-02-04 12:19:44 ----D---- C:\Documents and Settings\maderova\Data aplikací\Sun
2010-02-04 12:16:15 ----D---- C:\Documents and Settings\maderova\Data aplikací\Macromedia
2010-02-04 12:16:15 ----D---- C:\Documents and Settings\maderova\Data aplikací\Adobe
2010-02-04 11:40:06 ----D---- C:\Program Files\CCleaner
2010-02-04 11:18:47 ----A---- C:\WINDOWS\system32\imon.dll
2010-02-04 10:14:48 ----D---- C:\Documents and Settings\maderova\Data aplikací\Mozilla
2010-02-04 10:14:32 ----D---- C:\Documents and Settings\maderova\Data aplikací\Google
2010-02-04 10:14:10 ----D---- C:\Documents and Settings\maderova\Data aplikací\Identities
2010-02-04 10:14:01 ----ASH---- C:\Documents and Settings\maderova\Data aplikací\desktop.ini
2010-02-04 10:14:00 ----SD---- C:\Documents and Settings\maderova\Data aplikací\Microsoft
2010-02-04 09:57:28 ----D---- C:\Program Files\MozBackup
2010-02-04 09:57:09 ----D---- C:\USMT2.UNC
2010-01-26 06:04:29 ----D---- C:\Program Files\Autodesk
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-01-26 06:04:16 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-01-26 06:04:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-01-26 06:03:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-01-20 14:21:25 ----D---- C:\Program Files\Common Files\Skype
2010-01-20 14:21:22 ----RD---- C:\Program Files\Skype
2010-01-20 14:21:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of files/folders modified in the last 1 months======

2010-02-12 14:24:32 ----D---- C:\WINDOWS\Prefetch
2010-02-12 14:24:25 ----RD---- C:\Program Files
2010-02-12 14:22:23 ----D---- C:\WINDOWS\Temp
2010-02-12 14:22:23 ----D---- C:\WINDOWS\Debug
2010-02-12 14:22:23 ----D---- C:\WINDOWS
2010-02-12 14:18:48 ----SHD---- C:\System Volume Information
2010-02-12 14:18:48 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 14:17:50 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 14:14:29 ----D---- C:\WINDOWS\system32
2010-02-12 14:14:29 ----D---- C:\Program Files\Common Files
2010-02-12 14:12:30 ----HD---- C:\WINDOWS\inf
2010-02-12 14:12:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-12 14:11:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 08:14:08 ----A---- C:\WINDOWS\TextSpy.ini
2010-02-11 06:00:48 ----SHD---- C:\WINDOWS\Installer
2010-02-11 06:00:48 ----D---- C:\Config.Msi
2010-02-09 17:36:35 ----A---- C:\WINDOWS\ODBC.INI
2010-02-09 16:57:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-09 07:00:35 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-09 07:00:08 ----RSD---- C:\WINDOWS\assembly
2010-02-08 15:35:24 ----D---- C:\WINDOWS\system32\drivers
2010-02-08 15:30:28 ----D---- C:\WINDOWS\WinSxS
2010-02-08 15:28:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-08 15:28:08 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-08 12:28:27 ----D---- C:\Program Files\Mozilla Firefox
2010-02-07 20:51:56 ----A---- C:\WINDOWS\system.ini
2010-02-07 20:43:27 ----D---- C:\WINDOWS\system32\config
2010-02-07 20:41:35 ----D---- C:\WINDOWS\AppPatch
2010-02-07 16:36:18 ----D---- C:\Program Files\ESET
2010-02-07 16:20:37 ----D---- C:\WINDOWS\system32\wbem
2010-02-07 16:20:37 ----D---- C:\WINDOWS\msagent
2010-02-07 16:18:19 ----D---- C:\Program Files\Messenger
2010-02-07 16:14:28 ----D---- C:\Program Files\Windows Media Player
2010-02-07 16:13:48 ----D---- C:\Program Files\Outlook Express
2010-02-07 16:13:48 ----D---- C:\Program Files\Common Files\System
2010-02-07 16:13:09 ----D---- C:\WINDOWS\system32\Com
2010-02-07 15:39:00 ----D---- C:\Program Files\Radmin
2010-02-07 15:13:35 ----RSD---- C:\WINDOWS\Fonts
2010-02-07 15:13:13 ----D---- C:\WINDOWS\system32\spool
2010-02-07 15:01:13 ----D---- C:\Program Files\Internet Explorer
2010-02-07 14:25:07 ----D---- C:\WINDOWS\Registration
2010-02-07 14:02:52 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-07 14:02:52 ----D---- C:\WINDOWS\Help
2010-02-07 13:55:37 ----RASH---- C:\boot.ini
2010-02-06 17:25:29 ----D---- C:\Documents and Settings
2010-02-04 12:50:44 ----A---- C:\WINDOWS\win.ini
2010-02-04 10:32:42 ----D---- C:\Program Files\NetMeeting
2010-02-04 10:14:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-28 09:17:44 ----D---- C:\PrikazKB
2010-01-26 06:04:18 ----D---- C:\WINDOWS\system32\DirectX
2010-01-20 14:30:58 ----SD---- C:\WINDOWS\Tasks
2010-01-20 14:22:54 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-02-04 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-02-04 512096]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 SpPortEx;Samsung Port Exclusion; C:\WINDOWS\System32\Drivers\SpPortEx.sys [1999-12-15 7168]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2002-10-04 61776]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-04-11 11264]
S3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-04-11 14336]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys []
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$PROFIBANKA;MSSQL$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-02-04 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 UPSmartDB9;UPSmartDB9; C:\Program Files\UPSmart\UPServ.exe [2000-08-30 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GNCM;Gemini Network Communication Manager; C:\Program Files\Gemini\ncm\GNCM.exe [2004-01-16 176225]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$PROFIBANKA;SQLAgent$PROFIBANKA; C:\Program Files\profibanka\System\BinnMSSQL$PROFIBANKA\Binn\sqlagent.EXE [2002-12-17 311872]
S4 gupdate1ca99d37cb1cafa;Služba Google Update (gupdate1ca99d37cb1cafa); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-20 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#11 Příspěvek od **motji** » 12 úno 2010 15:56

Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980

Nemáte sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

Log je v pořádku Obrázek

.
Kdyby byli problémy, víte kde nás najdete :guitar:

.

Stajda · #12 Příspěvek od **Stajda** » 13 úno 2010 21:00

Je tam použit integrovaný "pseudofirewall" od Microsoftu (při testech je vypnut), který sice neochrání kvalitně před spyware a odchozí komunikací, ale příchozí nechtěnou komunikaci zachytí předsazený HW firewall.

SP3 bohužel nemůže být nainstalován, protože pak nejede důležitá část informačního systému a ještě jeden program, avšak ostatní aktualizace by měly být nainstalovány.

Jinak samozřejmě velice děkuji za pomoc.

#13 Příspěvek od **motji** » 13 úno 2010 21:04

V tom případě je vše v pořádku

Není zač

VIRY.CZ

vir Trojan.Generic + log z MWAV a RSIT

vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT

Re: vir Trojan.Generic + log z MWAV a RSIT