prosim o preventivni kontrolu

[keesy]

Logfile of random's system information tool 1.06 (written by random/random)
Run by jirkaxxxl at 2010-02-14 21:44:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (49%) free of 40 GB
Total RAM: 767 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:12, on 14.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\DOCUME~1\JIRKAX~1\LOCALS~1\Temp\Xxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Software new\novinky software\RSIT.exe
C:\Program Files\trend micro\jirkaxxxl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jirkaxxxl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\DOCUME~1\JIRKAX~1\LOCALS~1\Temp\Xxx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5116 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-507921405-1343024091-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-507921405-1343024091-1003UA.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-26 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Google Update"=C:\Documents and Settings\jirkaxxxl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
"BMIMZMHMFM"=C:\DOCUME~1\JIRKAX~1\LOCALS~1\Temp\Xxx.exe [2010-02-03 128512]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7e94c20-10a9-11df-81ca-806d6172696f}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2010-02-14 21:44:51 ----D---- C:\rsit
2010-02-14 21:44:51 ----D---- C:\Program Files\trend micro
2010-02-08 13:43:39 ----D---- C:\WINDOWS\Minidump
2010-02-07 15:55:39 ----D---- C:\temp
2010-02-03 23:25:54 ----D---- C:\Documents and Settings\jirkaxxxl\Data aplikací\ArcSoft
2010-02-03 23:24:39 ----D---- C:\Program Files\Common Files\ArcSoft
2010-02-03 23:23:29 ----A---- C:\WINDOWS\PCDLIB32.DLL
2010-02-03 23:23:28 ----D---- C:\Program Files\ArcSoft
2010-02-03 22:57:50 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-02-03 22:57:50 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-02-03 22:52:43 ----D---- C:\Program Files\EMUSB2.0
2010-02-03 22:52:43 ----D---- C:\Program Files\eMPIA
2010-02-03 22:52:43 ----A---- C:\WINDOWS\emMON.exe
2010-02-03 10:53:25 ----A---- C:\WINDOWS\msb.exe
2010-02-03 02:57:13 ----D---- C:\Program Files\GIF to AVI SWF Converter
2010-02-03 02:57:13 ----D---- C:\Program Files\Common Files\ArmDic
2010-02-03 02:57:13 ----A---- C:\WINDOWS\GIF to AVI SWF Converter Uninstaller.exe
2010-02-03 02:48:42 ----A---- C:\WINDOWS\msa.exe
2010-02-03 02:48:28 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-02-03 00:13:12 ----D---- C:\Program Files\AVI MPEG RM WMV Splitter
2010-02-02 17:40:11 ----D---- C:\Program Files\AVI-GIF
2010-01-30 06:53:01 ----D---- C:\Program Files\JDownloader
2010-01-28 11:07:15 ----D---- C:\Program Files\Acoustica Mixcraft 4
2010-01-26 18:56:16 ----SHD---- C:\found.000
2010-01-26 06:40:35 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-26 06:40:35 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-26 06:40:35 ----A---- C:\WINDOWS\system32\java.exe
2010-01-26 06:40:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-26 06:39:25 ----D---- C:\Program Files\Java
2010-01-26 06:37:28 ----D---- C:\Documents and Settings\jirkaxxxl\Data aplikací\Sun
2010-01-25 21:46:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2010-01-25 21:42:35 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-01-25 21:21:58 ----D---- C:\Program Files\DIFX
2010-01-25 21:21:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-25 21:21:53 ----D---- C:\Program Files\USB TV
2010-01-25 21:21:25 ----D---- C:\Program Files\ATI Technologies
2010-01-25 03:07:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2010-01-25 03:04:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-01-25 03:04:58 ----D---- C:\Program Files\Common Files\Ahead
2010-01-25 02:04:22 ----D---- C:\Program Files\Acoustica Shared Effects
2010-01-25 01:42:22 ----A---- C:\WINDOWS\system32\eSellerateEngine.dll
2010-01-19 04:01:22 ----D---- C:\Program Files\Xilisoft
2010-01-17 04:13:45 ----D---- C:\Vypinac
2010-01-16 21:14:43 ----D---- C:\Program Files\Rapget.RS_Public_v1.0.4.0_cz
2010-01-16 03:23:07 ----A---- C:\WINDOWS\system32\reboot.txt
2010-01-16 03:20:43 ----D---- C:\Program Files\vso
2010-01-16 03:20:15 ----D---- C:\Program Files\LG Software Innovations

======List of files/folders modified in the last 1 months======

2010-02-14 21:44:59 ----D---- C:\WINDOWS\Prefetch
2010-02-14 21:44:51 ----RD---- C:\Program Files
2010-02-14 21:33:07 ----SD---- C:\WINDOWS\Tasks
2010-02-14 21:16:25 ----D---- C:\WINDOWS\Temp
2010-02-14 20:40:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-14 20:09:17 ----D---- C:\WINDOWS\system32
2010-02-14 20:09:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-14 20:06:45 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 20:04:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-14 20:02:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 22:09:57 ----SHD---- C:\WINDOWS\Installer
2010-02-10 22:09:56 ----A---- C:\WINDOWS\ODBC.INI
2010-02-10 13:22:08 ----D---- C:\WINDOWS
2010-02-09 00:57:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-09 00:55:22 ----D---- C:\Program Files\Acoustica Mixcraft 3
2010-02-09 00:54:38 ----D---- C:\Program Files\Acez 3D Pic Cube Screen Saver 1.2
2010-02-08 08:45:37 ----A---- C:\WINDOWS\VFO.INI
2010-02-08 04:34:54 ----A---- C:\WINDOWS\system32\libssl32.dll
2010-02-08 04:34:52 ----D---- C:\OpenSSL
2010-02-07 16:15:25 ----A---- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-80651102}.BAK
2010-02-06 20:38:38 ----D---- C:\Documents and Settings\jirkaxxxl\Data aplikací\Vso
2010-02-06 13:17:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\InterVideo
2010-02-03 23:24:43 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 23:24:39 ----D---- C:\Program Files\Common Files
2010-02-03 22:58:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-03 22:57:31 ----HD---- C:\WINDOWS\inf
2010-02-03 22:52:50 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-02 15:20:50 ----SD---- C:\Documents and Settings\jirkaxxxl\Data aplikací\Microsoft
2010-02-02 14:27:03 ----D---- C:\Documents and Settings\jirkaxxxl\Data aplikací\Ulead Systems
2010-01-29 12:58:43 ----A---- C:\WINDOWS\wincmd.ini
2010-01-28 00:13:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2010-01-27 11:04:42 ----D---- C:\WINDOWS\system32\Restore
2010-01-25 21:46:16 ----D---- C:\Documents and Settings\jirkaxxxl\Data aplikací\ATI
2010-01-25 21:44:31 ----RSD---- C:\WINDOWS\assembly
2010-01-25 21:44:22 ----D---- C:\WINDOWS\WinSxS
2010-01-25 02:03:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\River Past G4
2010-01-25 02:02:34 ----D---- C:\Program Files\Celestia
2010-01-24 20:12:21 ----A---- C:\WINDOWS\win.ini
2010-01-19 04:06:06 ----D---- C:\Encyklopedie rocku
2010-01-16 03:23:31 ----D---- C:\WINDOWS\twain_32
2010-01-15 14:09:30 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-15 14:09:20 ----SHD---- C:\RECYCLER
2010-01-15 14:05:16 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-28 20747]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-02-23 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS []
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 emAudio;USB EMP Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2007-01-12 22912]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-01-04 47360]
R3 RT61;Belkin RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-08-26 352768]
R3 USB28xxBGA;USB 2861 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 361728]
R3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 39680]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-26 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

díky

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

K čemu používáte disk F:


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[keesy]

disk F - ten už dlouho v počítači není. Ale bývaly na něm nejspíš uložený filmy apod.
Nevím přesně něco z warez



ComboFix 10-02-12.01 - jirkaxxxl 16.02.2010 2:28.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.542 [GMT 1:00]
Spuštěný z: e:\staženo firefox\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\JIRKAX~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\JIRKAX~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\reboot.txt
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-14 20:44 . 2010-02-14 20:45 -------- d-----w- C:\rsit
2010-02-14 20:44 . 2010-02-14 20:45 -------- d-----w- c:\program files\trend micro
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- c:\temp\tmp
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- c:\temp\pre
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- c:\temp\peak
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- c:\temp\img
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- c:\temp\Alternate
2010-02-07 14:55 . 2010-02-07 14:55 -------- d-----w- C:\temp
2010-02-03 22:24 . 2005-02-23 13:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-02-03 22:24 . 2010-02-03 22:24 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-03 22:23 . 1995-08-01 03:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-02-03 22:23 . 2010-02-03 22:23 -------- d-----w- c:\program files\ArcSoft
2010-02-03 21:57 . 2004-08-17 14:49 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-03 21:57 . 2004-08-17 14:49 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-03 21:57 . 2004-08-17 14:49 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-03 21:57 . 2004-08-17 14:49 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-02-03 21:57 . 2004-08-03 22:10 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-02-03 21:57 . 2004-08-03 22:10 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-02-03 21:52 . 2010-02-03 21:52 -------- d-----w- c:\program files\EMUSB2.0
2010-02-03 21:52 . 2010-02-03 21:52 -------- d-----w- c:\program files\eMPIA
2010-02-03 21:52 . 2007-01-29 19:20 361728 ----a-w- c:\windows\system32\drivers\emBDA.sys
2010-02-03 21:52 . 2007-01-29 19:19 39680 ----a-w- c:\windows\system32\drivers\emOEM.sys
2010-02-03 21:52 . 2007-01-12 15:55 22912 ----a-w- c:\windows\system32\drivers\emAudio.sys
2010-02-03 21:52 . 2006-12-15 14:54 61440 ----a-w- c:\windows\emMON.exe
2010-02-03 21:51 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-03 21:51 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-03 01:57 . 2010-02-03 02:00 -------- d-----w- c:\program files\GIF to AVI SWF Converter
2010-02-03 01:57 . 2010-02-03 01:57 -------- d-----w- c:\program files\Common Files\ArmDic
2010-02-03 01:57 . 2010-02-03 01:57 273959 ----a-w- c:\windows\GIF to AVI SWF Converter Uninstaller.exe
2010-02-02 23:13 . 2010-02-02 23:13 -------- d-----w- c:\program files\AVI MPEG RM WMV Splitter
2010-02-02 16:40 . 2010-02-02 16:40 -------- d-----w- c:\program files\AVI-GIF
2010-01-30 05:53 . 2010-02-06 13:57 -------- d-----w- c:\program files\JDownloader
2010-01-28 10:07 . 2010-01-28 10:12 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2010-01-26 17:56 . 2010-01-26 17:56 -------- d-----w- C:\found.000
2010-01-26 07:55 . 2010-01-26 08:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 05:40 . 2010-01-26 05:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 05:39 . 2010-01-26 05:39 -------- d-----w- c:\program files\Java
2010-01-25 20:45 . 2010-01-25 20:45 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-25 20:42 . 2009-09-29 20:15 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-01-25 20:21 . 2010-01-25 20:21 -------- d-----w- c:\program files\DIFX
2010-01-25 20:21 . 2010-01-25 20:21 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-25 20:21 . 2010-01-25 20:21 -------- d-----w- c:\program files\USB TV
2010-01-25 20:21 . 2010-01-25 20:44 -------- d-----w- c:\program files\ATI Technologies
2010-01-25 06:56 . 2010-01-25 06:56 -------- d-----w- c:\documents and settings\jirkaxxxl\Dokumen
2010-01-25 02:04 . 2010-01-25 02:06 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-25 01:04 . 2010-01-28 10:08 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-01-25 00:42 . 2003-08-15 13:55 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-01-19 03:01 . 2010-01-19 03:01 -------- d-----w- c:\program files\Xilisoft
2010-01-17 03:13 . 2010-01-17 03:13 -------- d-----w- C:\Vypinac

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 01:39 . 2001-10-25 12:00 78134 ----a-w- c:\windows\system32\perfc005.dat
2010-02-16 01:39 . 2001-10-25 12:00 429200 ----a-w- c:\windows\system32\perfh005.dat
2010-02-16 01:36 . 2009-12-28 11:23 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
2010-02-16 01:36 . 2009-12-28 11:23 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
2010-02-08 23:57 . 2009-12-28 08:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 23:55 . 2010-01-04 14:36 -------- d-----w- c:\program files\Acoustica Mixcraft 3
2010-02-08 23:54 . 2010-01-12 12:48 -------- d-----w- c:\program files\Acez 3D Pic Cube Screen Saver 1.2
2010-02-08 03:34 . 2010-01-10 12:33 155648 ----a-w- c:\windows\system32\libssl32.dll
2010-01-26 08:06 . 2009-12-28 22:56 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-25 01:02 . 2010-01-07 12:21 -------- d-----w- c:\program files\Celestia
2010-01-16 20:37 . 2010-01-16 20:14 -------- d-----w- c:\program files\Rapget.RS_Public_v1.0.4.0_cz
2010-01-16 02:20 . 2010-01-16 02:20 -------- d-----w- c:\program files\vso
2010-01-16 02:20 . 2010-01-16 02:20 -------- d-----w- c:\program files\LG Software Innovations
2010-01-14 21:39 . 2010-01-14 21:39 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-12 14:32 . 2010-01-12 14:32 -------- d-----w- c:\program files\Google
2010-01-12 13:50 . 2010-01-12 13:50 -------- d-----w- c:\program files\River Past
2010-01-12 13:00 . 2010-01-12 13:00 -------- d-----w- c:\program files\3D Space Tour
2010-01-12 12:59 . 2010-01-12 12:59 -------- d-----w- c:\program files\Perpetual Disco
2010-01-11 11:38 . 2010-01-11 11:38 -------- d-----w- c:\program files\Microsoft.NET
2010-01-11 02:01 . 2009-12-28 09:03 -------- d-----w- c:\program files\CyberLink
2010-01-07 12:38 . 2010-01-07 12:38 -------- d-----w- c:\program files\linguatec
2010-01-07 04:31 . 2009-12-28 09:38 -------- d-----w- c:\program files\Ulead Systems
2010-01-07 04:28 . 2009-12-28 09:38 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-01-06 06:24 . 2010-01-06 06:18 -------- d-----w- c:\program files\RegCleaner
2010-01-04 19:37 . 2010-01-04 19:15 -------- d-----w- c:\program files\DVDFab Platinum 3
2010-01-04 19:15 . 2010-01-04 19:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-31 13:57 . 2009-12-28 09:39 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-31 03:06 . 2009-12-31 03:06 -------- d-----w- c:\program files\Webteh
2009-12-31 02:47 . 2009-12-31 02:43 -------- d-----w- c:\program files\Winamp
2009-12-31 00:26 . 2009-12-31 00:26 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-30 12:59 . 2009-12-30 12:59 -------- d-----w- c:\program files\MediaCoder
2009-12-28 23:15 . 2009-12-28 23:15 -------- d-----w- c:\program files\Nero
2009-12-28 23:05 . 2009-12-28 08:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-28 23:05 . 2009-12-28 08:24 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-28 23:04 . 2009-12-28 08:24 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-28 14:56 . 2009-12-28 14:56 -------- d-----w- c:\program files\MSBuild
2009-12-28 14:56 . 2009-12-28 14:56 -------- d-----w- c:\program files\Reference Assemblies
2009-12-28 14:43 . 2009-12-28 14:43 -------- d-----w- c:\program files\MSXML 6.0
2009-12-28 14:35 . 2009-12-28 14:35 -------- d-----w- c:\program files\Nufsoft
2009-12-28 14:32 . 2009-12-28 14:32 -------- d-----w- c:\program files\ACD Systems
2009-12-28 14:32 . 2009-12-28 14:32 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-12-28 11:21 . 2009-12-28 10:58 -------- d-----w- c:\program files\Pinnacle
2009-12-28 11:15 . 2009-12-28 11:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-28 10:53 . 2009-12-28 10:53 -------- d-----w- c:\program files\Creative
2009-12-28 10:49 . 2009-12-28 10:49 -------- d-----w- c:\program files\Alcohol Soft
2009-12-28 10:19 . 2009-12-28 09:39 -------- d-----w- c:\program files\DivX
2009-12-28 10:10 . 2009-12-28 10:10 -------- d-----w- c:\program files\SmartSound Software
2009-12-28 10:10 . 2009-12-28 10:10 -------- d-----w- c:\program files\QuickTime
2009-12-28 10:09 . 2009-12-28 10:09 -------- d-----w- c:\program files\Windows Media Components
2009-12-28 10:09 . 2009-12-28 08:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-28 09:40 . 2009-12-28 09:40 -------- d-----w- c:\program files\Common Files\InterVideo
2009-12-28 09:21 . 2009-12-28 09:21 0 ----a-w- c:\windows\nsreg.dat
2009-12-28 09:03 . 2009-12-28 09:03 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-28 08:34 . 2009-12-28 08:34 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-12-28 08:34 . 2009-12-28 08:34 -------- d-----w- c:\program files\Belkin
2009-12-28 08:25 . 2009-12-28 08:25 -------- d-----w- c:\program files\microsoft frontpage
2009-12-28 08:21 . 2009-12-28 08:21 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\jirkaxxxl\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-02-04 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-26 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Belkin Wireless Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2009-12-28 1523712]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [28.12.2009 11:49 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [28.12.2009 11:49 5504]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [28.12.2009 9:34 17149]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jirkaxxxl\Data aplikací\Mozilla\Firefox\Profiles\fp4rgakv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 02:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82D96DA8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7572fc3
\Driver\ACPI -> ACPI.sys @ 0xf74c2cb8
\Driver\atapi -> 0x82d96da8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-02-16 02:41:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-16 01:41

Před spuštěním: Volných bajtů: 20 512 374 784
Po spuštění: Volných bajtů: 24 271 683 584

- - End Of File - - 2715B6B7EE8591074DD7597C2CF92011

[Caroprd111]

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[keesy]

Nejde mi poslat ten log.Rozběhne se to a pak se objeví tabulka,že vznikly potíže v aplikaci Gmer a zavře se tabulka

[Caroprd111]

Zkuste to v nouzovém režimu.

[keesy]

ahoj,omlouvám se,ale musím pořád odbíhat(pracovně)tak se to zdržuje.
Píšu ted z druhýho počítače.Ten který prohlížíte,tak sice spustím,ale nereaguje myš ani klávesnice,tak vůbec nevím co s tím. Ani v nouzovém režimu nehnu s ničím.

navíc koukam,že píšu text a když ho odešlu,tak ve výsledku mám v textu přeházený slova nebo i úplně jiný slovo než který sem psala.
Nejsem si vůbec jistá co tam můžete vidět Vy.Je to možný,aby se takhle PC zcvoknul?

[Caroprd111]

Jakou máte myš a klávesnici (USB nebo PS/2)

[keesy]

myš -USB
klávesnice -PS / 2

našla sem trojan...už je v karanténě a všechna slova jsou tak,jak mají být

Tak zas k tomu druhýmu ,ano?
Začala reagovat myš,tak mám spustit ten Gmer ?



I v nouzovým režimu - rozběhne se to a pak se objeví tabulka,že vznikly potíže v aplikaci Gmer a zavře se tabulka.

[Caroprd111]

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Být Vámi, nechám si zkontrolovat log i z druhého PC, jestli tam něco nezůstalo (založte si nové téma).

[keesy]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82FD7540]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82fd7540
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !




až bude tenhle hotový, tak nechám zkontrolovat i ten druhý ....pak ještě třetí

[Caroprd111]

Nabootujte z instalačního CD a vstupte do konzoly pro zotavení. Pro tuto operaci musíte znát heslo k účtu Administrator. Do příkazového řádku napište:

Kód: Vybrat vše

fixmbr

Stskněte >Enter< a potvrďte. Pak napište

Kód: Vybrat vše

exit

opět stiskněte >Enter< . PC se restartuje.


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\drivers\atapi.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)


Používáte nějaké emulátory virtuálních mechanik (DAEMON Tools, Alcohol 120%)

[keesy]

Používám Alcohol 120%.
Všechno udělám přesně podle pokynů,ale musím ted odejít, tak budu pokračovat později.
Zatím díky za pomoc a trpělivost


Váš avatar je skvělej
Nick taky

[Caroprd111]

OK, zatím neděkujte, ještě jsme nic nevyřešili