Podezrele procesy ve Spravci uloh

Zpráva

Rostoff · #1 Příspěvek od **Rostoff** » 22 úno 2010 02:48

Prosím o kontrolu logu.
Za kontrolu předem děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by tester at 2010-02-22 02:45:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 668 MB (1%) free of 95 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:50, on 22.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe
C:\Install\RSIT.exe
C:\Program Files\trend micro\tester.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Altap Salamander 2.52.lnk = C:\Program Files\Altap Salamander 2.5\salamand.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6699800008
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - http://simcity.ea.com/play/classic/SimCityX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5360 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Altap Salamander 2.52.lnk - C:\Program Files\Altap Salamander 2.5\salamand.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-02-07 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-17 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe"="C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe:*:Enabled:Reversi v Internetu"
"C:\Games\Black And White\runblack.exe"="C:\Games\Black And White\runblack.exe:*:Disabled:lh"
"C:\Program Files\Radmin\radmin.exe"="C:\Program Files\Radmin\radmin.exe:*:Disabled:Remote Administrator viewer"
"C:\Games\State of War\State of War.exe"="C:\Games\State of War\State of War.exe:*:Disabled:State of WAR"
"C:\Games\ZDaemon\zlauncher.exe"="C:\Games\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Games\ZDaemon\zdaemon.exe"="C:\Games\ZDaemon\zdaemon.exe:*:Enabled:ZDaemon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd46d60-9751-11dc-b69c-00065be35204}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a16500-1b39-11dc-b67a-00065be35204}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

======File associations======

.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")

======List of files/folders created in the last 1 months======

2010-02-22 02:45:57 ----DC---- C:\Program Files\trend micro
2010-02-22 02:45:48 ----DC---- C:\rsit
2010-02-13 18:20:08 ----DC---- C:\Program Files\VS Revo Group
2010-02-10 15:47:20 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-04 03:27:13 ----DC---- C:\Program Files\PFPortChecker
2010-01-29 04:16:35 ----DC---- C:\Program Files\Intel
2010-01-28 03:12:53 ----DC---- C:\Program Files\Driver Genius
2010-01-24 04:03:33 ----AC---- C:\WINDOWS\system32\javaws.exe
2010-01-24 04:03:33 ----AC---- C:\WINDOWS\system32\javaw.exe
2010-01-24 04:03:32 ----AC---- C:\WINDOWS\system32\java.exe
2010-01-24 04:02:43 ----DC---- C:\Program Files\Java
2010-01-24 00:09:38 ----DC---- C:\Program Files\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-02-22 02:45:57 ----RDC---- C:\Program Files
2010-02-22 02:45:34 ----DC---- C:\Install
2010-02-22 02:44:14 ----DC---- C:\Documents and Settings\tester\Data aplikací\uTorrent
2010-02-22 02:29:49 ----DC---- C:\WINDOWS\system32
2010-02-22 02:26:14 ----DC---- C:\WINDOWS\Temp
2010-02-22 02:00:56 ----DC---- C:\WINDOWS\Prefetch
2010-02-22 01:43:40 ----DC---- C:\WINDOWS\system32\drivers
2010-02-19 03:15:15 ----HDC---- C:\WINDOWS\inf
2010-02-19 03:15:13 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-18 18:08:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 07:40:28 ----DC---- C:\Program Files\PeerGuardian2
2010-02-18 07:36:31 ----DC---- C:\WINDOWS
2010-02-17 10:11:47 ----DC---- C:\!
2010-02-17 01:29:48 ----ADC---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-15 00:02:23 ----DC---- C:\WINDOWS\system32\CatRoot
2010-02-15 00:01:25 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-14 23:11:36 ----DC---- C:\WINDOWS\Minidump
2010-02-14 18:43:16 ----DC---- C:\Documents and Settings\tester\Data aplikací\Skype
2010-02-12 14:06:40 ----DC---- C:\Documents and Settings\tester\Data aplikací\vlc
2010-02-10 16:52:09 ----DC---- C:\WINDOWS\security
2010-02-10 14:32:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 01:58:57 ----DC---- C:\Films
2010-02-07 17:40:44 ----DC---- C:\Program Files\SUPERAntiSpyware
2010-02-05 01:44:56 ----DC---- C:\Games
2010-02-04 11:34:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 03:27:53 ----SHDC---- C:\WINDOWS\Installer
2010-02-03 20:24:49 ----DC---- C:\Documents and Settings\tester\Data aplikací\Azureus
2010-02-01 20:26:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-29 18:46:10 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2010-01-29 04:15:05 ----HDC---- C:\Program Files\InstallShield Installation Information
2010-01-28 22:17:49 ----AC---- C:\WINDOWS\winamp.ini
2010-01-24 04:02:53 ----AC---- C:\WINDOWS\system32\deploytk.dll
2010-01-23 23:55:17 ----DC---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-10-23 18688]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-03 1133056]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 axcyg6jr;axcyg6jr; C:\WINDOWS\system32\drivers\axcyg6jr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DCamUSBNW800;TwinkleCam USB Camera; C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-29 238944]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-01-27 42512]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2008-01-15 459520]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 3072]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-03 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-10-23 118784]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-24 153376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

Unlimited_Killer

Dobré ráno, co myslíte těmi podezřelými procesy?

1) Zapojte do PC všechny výměnné disky

Například flash disky, mp3 přehrávače, externí disky...
Na některé z nich je totiž havěť!

2) Fixnutí v HJT

Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
Klikněte na 'Do a system scan only'.

U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

Kód: Vybrat vše

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - http://simcity.ea.com/play/classic/SimCityX.cab

Pokud by tam nějaká položka nebyla, vynechte ji.

3) OTMoveit3

Stáhněte OTM3 na Plochu.
Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.

Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd46d60-9751-11dc-b69c-00065be35204}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a16500-1b39-11dc-b67a-00065be35204}]

:files
D:\Recycled
E:\Recycled
F:\Recycled
G:\Recycled
G:\Recycled
I:\Recycled
J:\Recycled
C:\WINDOWS\system32\*.tmp.dll /s
c:\WINDOWS\system32\drivers\*.tmp.dll /s
c:\WINDOWS\system32\dllcache\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s 

:services
JavaQuickStarterService

:commands
[emptytemp]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
Pokud se zobrazí hláška k restartování, klikněte na Yes.
Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

4) Nový RSIT log

Rostoff · #3 Příspěvek od **Rostoff** » 22 úno 2010 18:03

Děkuji za pomoc. Podezřelými procesy myslím proces označený směsicí čísel a písmen končící .exe
Objevuje se to zřídka ale přeci. Také mi dělá vrásky svchost.exe, není jich tam příliš mnoho?
RootkitRevealer mi po scanu vyhodil, že jedna z nich je skrytá Windows API a že se snaží otevřít nějaký port. Jsem za routerem, který má povolený jen jeden port (konkrétně pro uTorrent, ten to ale není), tak snad je to v zatím v poho.
Také jsem měl jednou BSOD (do této doby jsem žádnou neměl) po instalaci MS záplaty MS10-015, což prý způsobuje Alureon Rootkit.
Také mám tři flashky a jeden externí HDD, ale jen 2 porty USB, mám tedy připojit ty dvě a pak postup zopakovat s dalšími dvěma?

A tady jsou ty logy zatím s jednou flash a ext. HDD:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd46d60-9751-11dc-b69c-00065be35204}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fd46d60-9751-11dc-b69c-00065be35204}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a16500-1b39-11dc-b67a-00065be35204}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1a16500-1b39-11dc-b67a-00065be35204}\ not found.
========== FILES ==========
File/Folder D:\Recycled not found.
File/Folder E:\Recycled not found.
File/Folder F:\Recycled not found.
File/Folder G:\Recycled not found.
File/Folder G:\Recycled not found.
File/Folder I:\Recycled not found.
File/Folder J:\Recycled not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder c:\WINDOWS\system32\drivers\*.tmp.dll not found.
File/Folder c:\WINDOWS\system32\dllcache\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BB6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EF4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2FE9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3005.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30E4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3150.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP34A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP544.tmp folder moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3457100 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: tester
->Temp folder emptied: 222263 bytes
->Temporary Internet Files folder emptied: 25824568 bytes
->Java cache emptied: 12122153 bytes
->FireFox cache emptied: 125103570 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 23960 bytes

Total Files Cleaned = 159,00 mb

OTM by OldTimer - Version 3.1.9.0 log created on 02222010_174729

Files moved on Reboot...

Registry entries deleted on Reboot...

---------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by tester at 2010-02-22 18:01:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 842 MB (1%) free of 95 GB
Total RAM: 511 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:01, on 22.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Install\RSIT.exe
C:\Program Files\trend micro\tester.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Altap Salamander 2.52.lnk = C:\Program Files\Altap Salamander 2.5\salamand.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6699800008
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - http://support.f-secure.com/enu/home/on ... /fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 4893 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Altap Salamander 2.52.lnk - C:\Program Files\Altap Salamander 2.5\salamand.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-02-07 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-17 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe"="C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe:*:Enabled:Reversi v Internetu"
"C:\Games\Black And White\runblack.exe"="C:\Games\Black And White\runblack.exe:*:Disabled:lh"
"C:\Program Files\Radmin\radmin.exe"="C:\Program Files\Radmin\radmin.exe:*:Disabled:Remote Administrator viewer"
"C:\Games\State of War\State of War.exe"="C:\Games\State of War\State of War.exe:*:Disabled:State of WAR"
"C:\Games\ZDaemon\zlauncher.exe"="C:\Games\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Games\ZDaemon\zdaemon.exe"="C:\Games\ZDaemon\zdaemon.exe:*:Enabled:ZDaemon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")

======List of files/folders created in the last 1 months======

2010-02-22 17:47:29 ----DC---- C:\_OTM
2010-02-22 02:45:57 ----DC---- C:\Program Files\trend micro
2010-02-22 02:45:48 ----DC---- C:\rsit
2010-02-13 18:20:08 ----DC---- C:\Program Files\VS Revo Group
2010-02-10 15:47:20 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-02-04 03:27:13 ----DC---- C:\Program Files\PFPortChecker
2010-01-29 04:16:35 ----DC---- C:\Program Files\Intel
2010-01-28 03:12:53 ----DC---- C:\Program Files\Driver Genius
2010-01-24 04:03:33 ----AC---- C:\WINDOWS\system32\javaws.exe
2010-01-24 04:03:33 ----AC---- C:\WINDOWS\system32\javaw.exe
2010-01-24 04:03:32 ----AC---- C:\WINDOWS\system32\java.exe
2010-01-24 04:02:43 ----DC---- C:\Program Files\Java
2010-01-24 00:09:38 ----DC---- C:\Program Files\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-02-22 17:59:37 ----DC---- C:\Program Files\PeerGuardian2
2010-02-22 17:53:27 ----DC---- C:\WINDOWS\Temp
2010-02-22 17:50:03 ----DC---- C:\Documents and Settings\tester\Data aplikací\uTorrent
2010-02-22 17:49:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-22 17:47:47 ----DC---- C:\WINDOWS\Prefetch
2010-02-22 02:45:57 ----RDC---- C:\Program Files
2010-02-22 02:45:34 ----DC---- C:\Install
2010-02-22 02:29:49 ----DC---- C:\WINDOWS\system32
2010-02-22 01:43:40 ----DC---- C:\WINDOWS\system32\drivers
2010-02-19 03:15:15 ----HDC---- C:\WINDOWS\inf
2010-02-19 03:15:13 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-18 07:36:31 ----DC---- C:\WINDOWS
2010-02-17 10:11:47 ----DC---- C:\!
2010-02-17 01:29:48 ----ADC---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-15 00:02:23 ----DC---- C:\WINDOWS\system32\CatRoot
2010-02-15 00:01:25 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-14 23:11:36 ----DC---- C:\WINDOWS\Minidump
2010-02-14 18:43:16 ----DC---- C:\Documents and Settings\tester\Data aplikací\Skype
2010-02-12 14:06:40 ----DC---- C:\Documents and Settings\tester\Data aplikací\vlc
2010-02-10 16:52:09 ----DC---- C:\WINDOWS\security
2010-02-10 14:32:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 01:58:57 ----DC---- C:\Films
2010-02-07 17:40:44 ----DC---- C:\Program Files\SUPERAntiSpyware
2010-02-05 01:44:56 ----DC---- C:\Games
2010-02-04 11:34:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 03:27:53 ----SHDC---- C:\WINDOWS\Installer
2010-02-03 20:24:49 ----DC---- C:\Documents and Settings\tester\Data aplikací\Azureus
2010-02-01 20:26:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-29 18:46:10 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2010-01-29 04:15:05 ----HDC---- C:\Program Files\InstallShield Installation Information
2010-01-28 22:17:49 ----AC---- C:\WINDOWS\winamp.ini
2010-01-24 04:02:53 ----AC---- C:\WINDOWS\system32\deploytk.dll
2010-01-23 23:55:17 ----DC---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-10-23 18688]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-03 1133056]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 adto8mqy;adto8mqy; C:\WINDOWS\system32\drivers\adto8mqy.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DCamUSBNW800;TwinkleCam USB Camera; C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-29 238944]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-01-27 42512]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2008-01-15 459520]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 3072]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-03 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-10-23 118784]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

Unlimited_Killer

0K, pro jistotu to prověříme. ↓

1) Zapojte do PC všechny výměnná zařízení

Například flash disky, externí disky...
Jelikož máte jen 2 USB zdířky, tak nejdříve zapojte 2 zařízení a poté ostatní zbylé.
- Udělejte pouze u kroku číslo 2 - u jiných to nemá smysl).

2) UsbFix

Stáhněte a uložte na Plochu UsbFix.
Spusťte jej, chvíle bude trvat, než se program načte.
Po spuštění okna s černým pozadím stiskněte 'E' a potvrďte klávesou 'Enter'.
Nyní stiskněte '2' a opět potvrďte klávesou 'Enter'.
Program nyní bude pracovat a počítač bude restartován.
Po restartu program otevře Poznámkový blok s logem, jehož obsah sem ve formě textu vkopírujete.
Pokud se Vám log neotevře, naleznete jej v C:\UsbFix.txt.

3) ComboFix

Stáhněte a uložte na Plochu ComboFix.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Spusťte ho s administrátorským oprávněním.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt

Rostoff · #5 Příspěvek od **Rostoff** » 23 úno 2010 12:42

Nakonec jsem se rozhodl dvě ze tří flashek zformátovat, to by mělo případnou havěť odstranit?
Také jsem projel log ESET Firewallu a zjistil jsem, že od 10.2. probíhá velká aktivita u C:\WINDOWS\explorer.exe a C:\WINDOWS\system32\svchost.exe

Log se tedy týká jen jedné a ext. HDD.

############################## | UsbFix V6.097 |

User : tester (Administrators) # STARDUST-MOBILE
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 4:23:18 | 23.2.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) III Mobile CPU 1000MHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : ESET Smart Security 3.0 3.0 [ Enabled | Updated ]
FW : ESET Personal firewall[ Enabled ]3.0.669.0

C:\ -> Místní pevný disk # 93,16 Go (1,23 Go free) [Mobile] # NTFS
D:\ -> Vyměnitelný disk # 1,92 Go (8,78 Mo free) [FLASH 2GB] # FAT
E:\ -> Místní pevný disk # 931,51 Go (1,46 Go free) [Rosta] # NTFS
X:\ -> Disk CD-ROM
Y:\ -> Disk CD-ROM
Z:\ -> Disk CD-ROM

############################## | Active processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1482476501-436374069-854245398-1004
Deleted ! E:\Recycler\S-1-5-21-1292428093-1004336348-682003330-500
Deleted ! E:\Recycler\S-1-5-21-1482476501-436374069-854245398-1004

################## | Registry |

################## | Mountpoints2 |

################## | Listing of the present files |

[11.08.2006 22:00|---hsc---|211] C:\boot.ini
[18.08.2004 13:00|-rahsc---|4952] C:\Bootfont.bin
[11.08.2006 22:17|--a--c---|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[03.02.2008 05:29|-r-hsc---|101] C:\IO.IDX
[11.08.2006 22:17|-rahsc---|0] C:\IO.SYS
[11.08.2006 22:17|-rahsc---|0] C:\MSDOS.SYS
[18.08.2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[07.05.2008 21:46|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[23.02.2010 04:29|--a--c---|2632] C:\UsbFix.txt
[02.07.2008 12:47|--a------|948392] D:\hddh.exe
[06.03.2008 04:10|--a------|5935720] D:\libraryfiles.exe
[08.07.2008 23:12|--a------|335992] D:\Dial-a-fix-v0.60.0.24.zip
[07.08.2008 23:09|--a------|5003264] D:\28191-plna-taska-huleni.mp3
[10.08.2008 02:25|--a------|181605] D:\fr-041_debris.zip
[04.01.2009 22:21|--a------|376112] D:\GPU-Z.0.3.1.exe
[17.04.2009 21:15|--a------|166912] D:\CPUMark2.1.exe
[12.07.2009 22:34|--a------|618072] D:\PSISetup.exe
[06.01.2010 16:14|--a------|1792488] D:\cpuz.exe
[15.02.2010 04:10|--a------|12326] E:\classmateScreen.htm
[08.12.2009 15:18|--a------|363259735] E:\Machinarium_full_en.exe

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_STARDUST-MOBILE.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.097 ! |

--------------------------------
ComboFix 10-02-21.02 - tester 23.02.2010 4:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.246 [GMT 1:00]
Spuštěný z: c:\documents and settings\tester\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\ieuinit.inf
c:\windows\system32\log.html
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-23 do 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 03:29 . 2010-02-23 03:29 1789 -c--a-w- C:\UsbFix_Upload_Me_STARDUST-MOBILE.zip
2010-02-22 23:53 . 2010-02-23 03:29 -------- dc----w- C:\UsbFix
2010-02-22 16:47 . 2010-02-22 16:47 -------- dc----w- C:\_OTM
2010-02-22 01:45 . 2010-02-22 17:01 -------- dc----w- c:\program files\trend micro
2010-02-22 01:45 . 2010-02-22 01:46 -------- dc----w- C:\rsit
2010-02-13 17:20 . 2009-12-30 10:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-13 17:20 . 2010-02-13 17:20 -------- dc----w- c:\program files\VS Revo Group
2010-02-04 02:27 . 2010-02-04 02:27 -------- dc----w- c:\program files\PFPortChecker
2010-01-29 17:56 . 2002-08-08 12:10 89088 -c--a-w- c:\windows\system32\drivers\cwawdm.sys
2010-01-29 03:16 . 2010-01-29 03:16 -------- dc----w- c:\program files\Intel
2010-01-28 02:12 . 2010-02-04 11:50 -------- dc----w- c:\program files\Driver Genius

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 01:27 . 2007-11-25 16:21 -------- dc----w- c:\program files\PeerGuardian2
2010-02-07 16:40 . 2008-06-16 23:36 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-02-04 10:34 . 2004-08-18 12:00 88300 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 10:34 . 2004-08-18 12:00 454014 ----a-w- c:\windows\system32\perfh005.dat
2010-01-31 14:22 . 2004-08-18 12:00 361600 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-29 03:15 . 2006-08-12 15:29 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-24 03:02 . 2008-11-22 21:23 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-24 03:02 . 2010-01-24 03:02 -------- dc----w- c:\program files\Java
2010-01-23 23:10 . 2010-01-23 23:09 -------- dc----w- c:\program files\DAEMON Tools Lite
2010-01-23 23:10 . 2009-05-24 01:58 691696 -c--a-w- c:\windows\system32\drivers\sptd.sys
2010-01-22 16:22 . 2008-04-21 19:47 -------- dc----w- c:\program files\Microsoft Silverlight
2010-01-20 19:37 . 2008-02-13 03:18 -------- dc----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2004-08-18 12:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:09 . 2004-08-18 12:00 668160 -c--a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2006-08-11 21:09 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2191360 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 -c--a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 -c--a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 -c--a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 -c--a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 -c--a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 -c--a-w- c:\windows\system32\iyuv_32.dll
.

------- Sigcheck -------

[-] 2010-01-31 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Altap Salamander 2.52.lnk - c:\program files\Altap Salamander 2.5\salamand.exe [2009-9-6 1697288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-16 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-07 16:40 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Gaming Zone\\Windows\\Rvsezm.exe"=
"c:\\Games\\Black And White\\runblack.exe"=
"c:\\Games\\State of War\\State of War.exe"=
"c:\\Games\\ZDaemon\\zlauncher.exe"=
"c:\\Games\\ZDaemon\\zdaemon.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\tester\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.5.2009 2:58 691696]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [4.5.2008 0:54 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1.2.2008 12:48 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1.2.2008 12:48 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
S3 cpuz130;cpuz130;\??\c:\docume~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DCamUSBNW800;TwinkleCam USB Camera;c:\windows\system32\drivers\pcam800.sys [5.8.2008 22:30 238944]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13.2.2010 18:20 27064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 15:51 4096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-02-23 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
FF - ProfilePath - c:\documents and settings\tester\Data aplikací\Mozilla\Firefox\Profiles\2ctlwocv.default\
FF - component: c:\documents and settings\tester\Data aplikací\Mozilla\Firefox\Profiles\2ctlwocv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 04:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spoy.sys hal.dll >>UNKNOWN [0x82F8D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85fff28
\Driver\ACPI -> ACPI.sys @ 0xf8467cb8
\Driver\atapi -> atapi.sys @ 0xf8404b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compa -> SendCompleteHandler -> NDIS.sys @ 0xf830fb0a
PacketIndicateHandler -> NDIS.sys @ 0xf831aa21
SendHandler -> NDIS.sys @ 0xf830f949
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24E98B7E-22D5-7FDA-6157-755195C53C69}\InProcServer32*]
"oaalpjlejlbmjhmlafaeecamgeljpl"=hex:6a,61,63,6f,70,65,6a,6f,6f,66,69,66,70,65,
61,65,66,69,70,64,00,00
"naalnjjogcgljmkgccabclhfkkfb"=hex:6a,61,63,6f,65,66,61,6d,69,6d,62,64,68,63,
6b,6d,64,64,67,66,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="06AF7BFDBA9C446AE03A582970E4000370373123FABCED47529283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A9C6AECB7A5D1407EC276618C3198653C4DE1EEE65CA70BE8FAF0656461083905787AC17B1763EE40293F6BCC46DFC0869F1827F290D43B1C37BD23BA8DBC93F5C18477B0BB4E30A1EA66F994AB037496973A0601028C005BC3EE64B86402399AD4EC05179875144B3A02B3DC72882CE3E95FD19A225F1BA99B917271D2677873121D9708FD86C850E48F95A44DE5FB2B48D18D57CCC1535CEB6AC143EB862D89D0749D6F1544D23C7671E49DAA283F4F0985EE64F311DBD218265FA4D68323E7E7E38275CEBBE59D14ACF033A05587AE674B5BFDDA231812D697167C6EA6B4C3387C4A71DD443C572C23727A7DB7C08E0E2F37801392B0F6042758BB4B6467D7126814016098E6A40A87679F7C3C04B7C2CE7CCA5D099DCFC620C3D3A08AC2E3FE27480BDC489AE2BD29FDE97972AD12C19D09D4A88BFC19BA6C0720CDF402079CB17199E09CFDCF0A138E4057C73113479E16D85C213FAA66E154BF282D2794FF0D762D59AB2A1A7743DB8D555095FB0A043E3FD27BE29DB9D7E07CDF66CC3C46619539683371137319CAC2ECF0DF68D63114F7020A0CF4E1BE50A0C0AC76AB045300C271115A05EC2BA39CB5854F88C1E5C1DADDDCC5765D3275E34CBD540C02B674C61D3392C2C15ECF8FC2069E8C3ADA7E29953890D5B3615B05F9039FAF2B6FC7CB3A0C270851DFE2A252009AC1E756B572B37CE21BEB672D1BAEFC9331C0D23A4A112881124CB3030BB0FA511D7DD935671044E2773CCFB3686C69367E3587EF23F041293949E32914BEC64C484CF81E08A7A68982F735A771AB5D4F645442B3A38971BE237912F79737C9DDA0839881A2B1D3452FCAAB1D1DC1F022A9101366FCAB294CDBFA73EB6E743DFCC1D8E6F4A1BB27D923BF695A6CC2CC2286A44A02D497DA384B863F03CEF0B6DF250C5F3DCB84741FE1E5F8F7BFA49717FC9C5E1B09867A1A07E52C9A1E661BA0E0659C46271A83321ABEE9C778DA69FA0F9C2635CB41E989AC17F3F20BB1AF0C271C6078DCB6B38E2BD36AD68BCB88EE19BFB83362C194B51877E3D18F0CA6F969D1451B75FE56C160448A840D6B5B7FBA13515679E91AC072762228C1FCCC576E7C331DC58339EEF813D64123C1C458C54375B3F4584E662CE46C0A2F03F3A308264A61B7732CE080C313098E1AA9794D0CF14ADE931D36D7F4961A7260347787202A4378F0836D9CFC24BAE52E5417A834FE9C9E82008180D0BBD0990BF19E6122F939A0B98BD47C9166C57AA178A073309014EB597C3B1A13185D819DE11749004CF4E649285144E52BB361B"
"OODEFRAG10.00.00.01WORKSTATION"="D3CEB4025067E40A4C1A483610A0AD48F7530846A959DEDDFE3248D6C1570BFC84845F9AB05C13FC97F5E390AD96ED84A39A7A1D1752FE0605D2346AC008FA0B997C00A15A315F53F371A66E5F747C411356D84D9A18049228C04DB9B451B671F7A1741CDF5818CC430BAF8F0051350ABDBB237775087AFC9A8416E368F49BB4AC735EC3B295099C8759E06DCA19F6603F169EEFCCD1F2B2B23ED23889870BD2658524862905856AE98262B1DE88253ADAC1D13DAAF90297691F0C3BABF1EA39747D70058192E4D234449EBA43B32AFE742E889AFCD640805D6D0FA6436FA54CD118301659810266FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A6171C11EC38DE3D6CD557164F30CE357FB47215F50F8D8B59AB0C0CEBA72E59130E55797F360DE04D29D664B2EF626489392054572279F991A983134812793CF725E5C2293EB5451E769FC038609CFB503565DC31CAA3AF6F4D4DD9C18C5B852CCA58458AEDF5B5D27A949C2E357E1422DAC6BC7BC27FF2B95F30AB9976574912FAD42A4DE882B30608DF1B48770E3E7272903492178302DCBBB785F3017411AB48C64BFD289436F486EE951C0555FB59D6CFB9332C290B68D1B21BD73541DAA357DEB810F6E5A7026EF298A40E61448EF5D5F782B4703410A63453B3EBC99546E0903657F4BA65B2CE60633F17C483F2D53A4A09BBDA13AC5394C756D4A4A806B2153A0E94D542B14AF06D2F7814978A8BD5C32F9F7035B903ECC675F2E76AF5AE687251A00002CC1721DB9AE0E95379C247A9C7913A1B56F61D54A71DAE2A5049C9BBA232066174FD330D8B4FE2FE8D3AF17404964838470249266B7C1AA7F08CBD2CE73A388D40DFAB91F098A154B3477AD27A0A2D73F48D58262091CD1958148C89E8FA6C28E92DD3AC1D65CA037ECECA2729987E2AE816F4F2092EEF26AD93434FD30F7A47CD6CB7D84734092EA6CD9204ED44D62C562B8D60D07AAD6CB7CE30AE3ADF3EF4EFB82B4108540A6C86D243B58C63563D0E7157F403EF357D641F690A92AF99AE75BEBF475F6A7EC81C8192382C1E1F158AA047E88F5EBBDD44F046F7B40F7067A6C252FD2EEF1D420B917A3E5874D6DF6686992D4BE6F8860C486246DEE62C06F3997C2FBC321ECC1A4CBAAB80B6A9BE60814EE2ED01A6E394B79DF2B2F439626E2EA2D633CFC04EB392539CF70BC5C4DE0726E0957885585B699DB1B34608CB4B7EE7A6A2C0C52367D78C5B766BDC7AE81F2A32C06B5938019B4A6ACDC08D04E41CB5027BCAF218E7A2EE6C97A4A55BA965A51554CB6ACCC99E4EB84D1B41C1B8AFB901940C91730D0FC803595ADB57718BA77C196203D19F589BEA63E0A12E69F06571A87570E8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\bmnet.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\netdde.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2010-02-23 04:59:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-23 03:59

Před spuštěním: 1 239 330 816
Po spuštění: 1 148 473 344

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5ACDA029A1774E23DE02DA27BFACD033

Unlimited_Killer

Pokračujeme. ↓

1) The Avenger

Stáhněte The Avenger na Plochu.
Dvojklikem program spusťte a klikněte na OK.
Otevře se Vám samotné okno programu. Následující skript v zeleném poli vkopírujte do okna 'Input Script Here'.
Kód: Vybrat vše
```
Files to move:
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
```
Klikněte na 'Execute'. Následně potvrdíte spuštění skriptu a restart.
Po restartu Vám program otevře log v notepadu, ten mi sem vkopírujete ve formě textu.
- Pokud se neotevře Poznámkový blok s logem, najdete jej v C:\avenger.txt

2) Odinstalace virtuálních mechanik

Odinstalujte všechny virtuální mechaniky - například Alcohol, DeamonTools atd.

3) Odinstalace SPTD

Přejděte na tento odkaz.
Zde si stáhněte verzi SPTD dle Vašeho operačního systému (XP/Vista/W7 - 32/64bit).
Stažený soubor dvojklikem spusťte.
Klikněte na prostřední tlačítko 'Uninstall'.
Restartujte PC.

4) MBR.exe

Stáhněte MBR.exe na Plochu.
Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:
Kód: Vybrat vše
```
"%userprofile%\plocha\mbr" -t
```
Nyní stiskněte 'Enter'.
Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.

5) GMER

Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
Několik sekund bude skenovat.
Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.

Rostoff · #7 Příspěvek od **Rostoff** » 25 úno 2010 04:58

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\windows\system32\dllcache\tcpip.sys|c:\windows\system32\drivers\tcpip.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
----------------------

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
-------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-25 03:46:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\tester\LOCALS~1\Temp\fxtorpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 04:57:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\tester\LOCALS~1\Temp\fxtorpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\tester\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[280] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Altap Salamander 2.5\salamand.exe[2184] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c76469992
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c76469992@000ad9e6b922 0x3F 0x51 0xB9 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167828ebe
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167828ebe@001b5938727d 0xB3 0x50 0xA3 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167828ebe@000ad9e6b922 0xD2 0xAB 0x90 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c3d4f041077
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c3d4f041077@001b5938727d 0x8B 0x7A 0x42 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0xE7 0x7A 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0x49 0x56 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x3B 0x51 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8C 0xD2 0x7D 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000c76469992 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000c76469992@000ad9e6b922 0x3F 0x51 0xB9 0x98 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167828ebe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167828ebe@001b5938727d 0xB3 0x50 0xA3 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167828ebe@000ad9e6b922 0xD2 0xAB 0x90 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\2c3d4f041077 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\2c3d4f041077@001b5938727d 0x8B 0x7A 0x42 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0xE7 0x7A 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x34 0x49 0x56 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x3B 0x51 0xBF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8C 0xD2 0x7D 0x45 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 06AF7BFDBA9C446AE03A582970E4000370373123FABCED47529283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A9C6AECB7A5D1407EC276618C3198653C4DE1EEE65CA70BE8FAF0656461083905787AC17B1763EE40293F6BCC46DFC0869F1827F290D43B1C37BD23BA8DBC93F5C18477B0BB4E30A1EA66F994AB037496973A0601028C005BC3EE64B86402399AD4EC05179875144B3A02B3DC72882CE3E95FD19A225F1BA99B917271D2677873121D9708FD86C850E48F95A44DE5FB2B48D18D57CCC1535CEB6AC143EB862D89D0749D6F1544D23C7671E49DAA283F4F0985EE64F311DBD218265FA4D68323E7E7E38275CEBBE59D14ACF033A05587AE674B5BFDDA231812D697167C6EA6B4C3387C4A71DD443C572C23727A7DB7C08E0E2F37801392B0F6042758BB4B6467D7126814016098E6A40A87679F7C3C04B7C2CE7CCA5D099DCFC620C3D3A08AC2E3FE27480BDC489AE2BD29FDE97972AD12C19D09D4A88BFC19BA6C0720CDF402079CB17199E09CFDCF0A138E4057C73113479E16D85C213FAA66E154BF282D2794FF0D762D59AB2A1A7743DB8D555095FB0A043E3FD27BE29DB9D7E07CDF66CC3C46619539683371137319CAC2ECF0DF68D63114F7020A0CF4E1BE50A0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION D3CEB4025067E40A4C1A483610A0AD48F7530846A959DEDDFE3248D6C1570BFC84845F9AB05C13FC97F5E390AD96ED84A39A7A1D1752FE0605D2346AC008FA0B997C00A15A315F53F371A66E5F747C411356D84D9A18049228C04DB9B451B671F7A1741CDF5818CC430BAF8F0051350ABDBB237775087AFC9A8416E368F49BB4AC735EC3B295099C8759E06DCA19F6603F169EEFCCD1F2B2B23ED23889870BD2658524862905856AE98262B1DE88253ADAC1D13DAAF90297691F0C3BABF1EA39747D70058192E4D234449EBA43B32AFE742E889AFCD640805D6D0FA6436FA54CD118301659810266FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A6171C11EC38DE3D6CD557164F30CE357FB47215F50F8D8B59AB0C0CEBA72E59130E55797F360DE04D29D664B2EF626489392054572279F991A983134812793CF725E5C2293EB5451E769FC038609CFB503565DC31CAA3AF6F4D4DD9C18C5B852CCA58458AEDF5B5D27A949C2E357E1422DAC6BC7BC27FF2B95F30AB9976574912FAD42A4DE882B30608DF1B48770E3E7272903492178302DCBBB785F3017411AB48C64BFD289436F486EE951C0555FB59D6CFB9332C290B68D1B21BD73541DAA357DEB810F6E5A7026EF298A40E614
Reg HKLM\SOFTWARE\Classes\CLSID\{24E98B7E-22D5-7FDA-6157-755195C53C69}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{24E98B7E-22D5-7FDA-6157-755195C53C69}\InProcServer32@oaalpjlejlbmjhmlafaeecamgeljpl 0x6A 0x61 0x63 0x6F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{24E98B7E-22D5-7FDA-6157-755195C53C69}\InProcServer32@naalnjjogcgljmkgccabclhfkkfb 0x6A 0x61 0x63 0x6F ...

---- EOF - GMER 1.0.15 ----

Unlimited_Killer

Zkuste nový ComboFix (bez skriptu).

Rostoff · #9 Příspěvek od **Rostoff** » 26 úno 2010 03:51

ComboFix 10-02-25.02 - tester 26.02.2010 2:44.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.233 [GMT 1:00]
Spuštěný z: c:\documents and settings\tester\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srchasst\nls302en.lex
.
---- Předchozí spuštění -------
.
c:\windows\srchasst\nls302en.lex

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-23 03:29 . 2010-02-23 03:29 1789 -c--a-w- C:\UsbFix_Upload_Me_STARDUST-MOBILE.zip
2010-02-22 23:53 . 2010-02-23 03:29 -------- dc----w- C:\UsbFix
2010-02-22 16:47 . 2010-02-22 16:47 -------- dc----w- C:\_OTM
2010-02-22 01:45 . 2010-02-22 17:01 -------- dc----w- c:\program files\trend micro
2010-02-22 01:45 . 2010-02-22 01:46 -------- dc----w- C:\rsit
2010-02-13 17:20 . 2009-12-30 10:20 27064 -c--a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-13 17:20 . 2010-02-13 17:20 -------- dc----w- c:\program files\VS Revo Group
2010-01-29 17:56 . 2002-08-08 12:10 89088 -c--a-w- c:\windows\system32\drivers\cwawdm.sys
2010-01-29 03:16 . 2010-01-29 03:16 -------- dc----w- c:\program files\Intel
2010-01-28 02:12 . 2010-02-04 11:50 -------- dc----w- c:\program files\Driver Genius

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 01:47 . 2007-11-25 16:21 -------- dc----w- c:\program files\PeerGuardian2
2010-02-04 10:34 . 2004-08-18 12:00 88300 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 10:34 . 2004-08-18 12:00 454014 ----a-w- c:\windows\system32\perfh005.dat
2010-01-29 03:15 . 2006-08-12 15:29 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-24 03:02 . 2008-11-22 21:23 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-24 03:02 . 2010-01-24 03:02 -------- dc----w- c:\program files\Java
2010-01-22 16:22 . 2008-04-21 19:47 -------- dc----w- c:\program files\Microsoft Silverlight
2010-01-20 19:37 . 2008-02-13 03:18 -------- dc----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2004-08-18 12:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:09 . 2004-08-18 12:00 668160 -c----w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-18 12:00 81920 -c--a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2006-08-11 21:09 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2191360 -c----w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 -c----w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-23_03.54.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-18 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
- 2004-08-18 12:00 . 2010-01-31 14:22 361600 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Altap Salamander 2.52.lnk - c:\program files\Altap Salamander 2.5\salamand.exe [2009-9-6 1697288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Gaming Zone\\Windows\\Rvsezm.exe"=
"c:\\Games\\Black And White\\runblack.exe"=
"c:\\Games\\State of War\\State of War.exe"=
"c:\\Games\\ZDaemon\\zlauncher.exe"=
"c:\\Games\\ZDaemon\\zdaemon.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\tester\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [4.5.2008 0:54 14464]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
S3 cpuz130;cpuz130;\??\c:\docume~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DCamUSBNW800;TwinkleCam USB Camera;c:\windows\system32\drivers\pcam800.sys [5.8.2008 22:30 238944]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 13:20 12648]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [13.2.2010 18:20 27064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job
- c:\windows\system32\mobsync.exe [2004-08-18 06:52]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
FF - ProfilePath - c:\documents and settings\tester\Data aplikací\Mozilla\Firefox\Profiles\2ctlwocv.default\
FF - component: c:\documents and settings\tester\Data aplikací\Mozilla\Firefox\Profiles\2ctlwocv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 02:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24E98B7E-22D5-7FDA-6157-755195C53C69}\InProcServer32*]
"oaalpjlejlbmjhmlafaeecamgeljpl"=hex:6a,61,63,6f,70,65,6a,6f,6f,66,69,66,70,65,
61,65,66,69,70,64,00,00
"naalnjjogcgljmkgccabclhfkkfb"=hex:6a,61,63,6f,65,66,61,6d,69,6d,62,64,68,63,
6b,6d,64,64,67,66,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="06AF7BFDBA9C446AE03A582970E4000370373123FABCED47529283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A9C6AECB7A5D1407EC276618C3198653C4DE1EEE65CA70BE8FAF0656461083905787AC17B1763EE40293F6BCC46DFC0869F1827F290D43B1C37BD23BA8DBC93F5C18477B0BB4E30A1EA66F994AB037496973A0601028C005BC3EE64B86402399AD4EC05179875144B3A02B3DC72882CE3E95FD19A225F1BA99B917271D2677873121D9708FD86C850E48F95A44DE5FB2B48D18D57CCC1535CEB6AC143EB862D89D0749D6F1544D23C7671E49DAA283F4F0985EE64F311DBD218265FA4D68323E7E7E38275CEBBE59D14ACF033A05587AE674B5BFDDA231812D697167C6EA6B4C3387C4A71DD443C572C23727A7DB7C08E0E2F37801392B0F6042758BB4B6467D7126814016098E6A40A87679F7C3C04B7C2CE7CCA5D099DCFC620C3D3A08AC2E3FE27480BDC489AE2BD29FDE97972AD12C19D09D4A88BFC19BA6C0720CDF402079CB17199E09CFDCF0A138E4057C73113479E16D85C213FAA66E154BF282D2794FF0D762D59AB2A1A7743DB8D555095FB0A043E3FD27BE29DB9D7E07CDF66CC3C46619539683371137319CAC2ECF0DF68D63114F7020A0CF4E1BE50A0C0AC76AB045300C271115A05EC2BA39CB5854F88C1E5C1DADDDCC5765D3275E34CBD540C02B674C61D3392C2C15ECF8FC2069E8C3ADA7E29953890D5B3615B05F9039FAF2B6FC7CB3A0C270851DFE2A252009AC1E756B572B37CE21BEB672D1BAEFC9331C0D23A4A112881124CB3030BB0FA511D7DD935671044E2773CCFB3686C69367E3587EF23F041293949E32914BEC64C484CF81E08A7A68982F735A771AB5D4F645442B3A38971BE237912F79737C9DDA0839881A2B1D3452FCAAB1D1DC1F022A9101366FCAB294CDBFA73EB6E743DFCC1D8E6F4A1BB27D923BF695A6CC2CC2286A44A02D497DA384B863F03CEF0B6DF250C5F3DCB84741FE1E5F8F7BFA49717FC9C5E1B09867A1A07E52C9A1E661BA0E0659C46271A83321ABEE9C778DA69FA0F9C2635CB41E989AC17F3F20BB1AF0C271C6078DCB6B38E2BD36AD68BCB88EE19BFB83362C194B51877E3D18F0CA6F969D1451B75FE56C160448A840D6B5B7FBA13515679E91AC072762228C1FCCC576E7C331DC58339EEF813D64123C1C458C54375B3F4584E662CE46C0A2F03F3A308264A61B7732CE080C313098E1AA9794D0CF14ADE931D36D7F4961A7260347787202A4378F0836D9CFC24BAE52E5417A834FE9C9E82008180D0BBD0990BF19E6122F939A0B98BD47C9166C57AA178A073309014EB597C3B1A13185D819DE11749004CF4E649285144E52BB361B"
"OODEFRAG10.00.00.01WORKSTATION"="D3CEB4025067E40A4C1A483610A0AD48F7530846A959DEDDFE3248D6C1570BFC84845F9AB05C13FC97F5E390AD96ED84A39A7A1D1752FE0605D2346AC008FA0B997C00A15A315F53F371A66E5F747C411356D84D9A18049228C04DB9B451B671F7A1741CDF5818CC430BAF8F0051350ABDBB237775087AFC9A8416E368F49BB4AC735EC3B295099C8759E06DCA19F6603F169EEFCCD1F2B2B23ED23889870BD2658524862905856AE98262B1DE88253ADAC1D13DAAF90297691F0C3BABF1EA39747D70058192E4D234449EBA43B32AFE742E889AFCD640805D6D0FA6436FA54CD118301659810266FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A6171C11EC38DE3D6CD557164F30CE357FB47215F50F8D8B59AB0C0CEBA72E59130E55797F360DE04D29D664B2EF626489392054572279F991A983134812793CF725E5C2293EB5451E769FC038609CFB503565DC31CAA3AF6F4D4DD9C18C5B852CCA58458AEDF5B5D27A949C2E357E1422DAC6BC7BC27FF2B95F30AB9976574912FAD42A4DE882B30608DF1B48770E3E7272903492178302DCBBB785F3017411AB48C64BFD289436F486EE951C0555FB59D6CFB9332C290B68D1B21BD73541DAA357DEB810F6E5A7026EF298A40E61448EF5D5F782B4703410A63453B3EBC99546E0903657F4BA65B2CE60633F17C483F2D53A4A09BBDA13AC5394C756D4A4A806B2153A0E94D542B14AF06D2F7814978A8BD5C32F9F7035B903ECC675F2E76AF5AE687251A00002CC1721DB9AE0E95379C247A9C7913A1B56F61D54A71DAE2A5049C9BBA232066174FD330D8B4FE2FE8D3AF17404964838470249266B7C1AA7F08CBD2CE73A388D40DFAB91F098A154B3477AD27A0A2D73F48D58262091CD1958148C89E8FA6C28E92DD3AC1D65CA037ECECA2729987E2AE816F4F2092EEF26AD93434FD30F7A47CD6CB7D84734092EA6CD9204ED44D62C562B8D60D07AAD6CB7CE30AE3ADF3EF4EFB82B4108540A6C86D243B58C63563D0E7157F403EF357D641F690A92AF99AE75BEBF475F6A7EC81C8192382C1E1F158AA047E88F5EBBDD44F046F7B40F7067A6C252FD2EEF1D420B917A3E5874D6DF6686992D4BE6F8860C486246DEE62C06F3997C2FBC321ECC1A4CBAAB80B6A9BE60814EE2ED01A6E394B79DF2B2F439626E2EA2D633CFC04EB392539CF70BC5C4DE0726E0957885585B699DB1B34608CB4B7EE7A6A2C0C52367D78C5B766BDC7AE81F2A32C06B5938019B4A6ACDC08D04E41CB5027BCAF218E7A2EE6C97A4A55BA965A51554CB6ACCC99E4EB84D1B41C1B8AFB901940C91730D0FC803595ADB57718BA77C196203D19F589BEA63E0A12E69F06571A87570E8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\bmnet.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\netdde.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 02:59:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 01:59

Před spuštěním: 872 468 480
Po spuštění: 1 064 689 664

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9BBACD3360C16696BC604B666A6C3678

Unlimited_Killer

Pokračujeme. ↓

1) Odinstalace UsbFix-u

Spusťte znovu UsbFix.
Po spuštění okna s černým pozadím stiskněte'E' a potvrďte klávesou 'Enter'.
Nyní stiskněte '6' a opět stiskněte klávesu 'Enter'.
Prosem se nyní odstranil veškeré své součásti a soubory.

2) Odinstalace ComboFixu

Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
Do textového pole napište:
Kód: Vybrat vše
```
ComboFix /Uninstall
```
Stiskněte Enter.
Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

3) OTCleaner

Stáhněte OTC a dvojklikem ho spusťte.
Vyskočí okénko, kde kliknete na 'CleanUp!'.
Potvrdíte kliknutím na 'Yes'.
Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

4) Nový RSIT log

Rostoff · #11 Příspěvek od **Rostoff** » 01 bře 2010 01:12

Logfile of random's system information tool 1.06 (written by random/random)
Run by tester at 2010-03-01 01:11:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 811 MB (1%) free of 95 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:50, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Install\RSIT.exe
C:\Program Files\trend micro\tester.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Altap Salamander 2.52.lnk = C:\Program Files\Altap Salamander 2.5\salamand.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6699800008
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - http://support.f-secure.com/enu/home/on ... /fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 4873 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Altap Salamander 2.52.lnk - C:\Program Files\Altap Salamander 2.5\salamand.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe"="C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe:*:Enabled:Reversi v Internetu"
"C:\Games\Black And White\runblack.exe"="C:\Games\Black And White\runblack.exe:*:Disabled:lh"
"C:\Games\State of War\State of War.exe"="C:\Games\State of War\State of War.exe:*:Disabled:State of WAR"
"C:\Games\ZDaemon\zlauncher.exe"="C:\Games\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Games\ZDaemon\zdaemon.exe"="C:\Games\ZDaemon\zdaemon.exe:*:Enabled:ZDaemon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")

======List of files/folders created in the last 1 months======

2010-03-01 01:11:32 ----DC---- C:\rsit
2010-02-26 20:32:58 ----SHDC---- C:\RECYCLER
2010-02-26 02:59:15 ----DC---- C:\WINDOWS\temp
2010-02-26 02:42:30 ----AC---- C:\Boot.bak
2010-02-26 02:42:25 ----RASHDC---- C:\cmdcons
2010-02-23 04:40:49 ----RASHC---- C:\Boot.ini
2010-02-23 04:37:07 ----DC---- C:\WINDOWS\ERDNT
2010-02-23 02:34:28 ----RADC---- C:\autorun.inf
2010-02-22 02:45:57 ----DC---- C:\Program Files\trend micro
2010-02-13 18:20:08 ----DC---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2010-03-01 01:11:40 ----DC---- C:\WINDOWS\Prefetch
2010-03-01 01:09:18 ----DC---- C:\Program Files\PeerGuardian2
2010-03-01 00:44:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-01 00:42:33 ----DC---- C:\Documents and Settings\tester\Data aplikací\uTorrent
2010-03-01 00:40:37 ----DC---- C:\WINDOWS
2010-02-26 02:59:17 ----DC---- C:\WINDOWS\system32\drivers
2010-02-26 02:55:18 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-26 02:52:20 ----AC---- C:\WINDOWS\system.ini
2010-02-26 02:50:46 ----DC---- C:\WINDOWS\srchasst
2010-02-26 02:47:29 ----DC---- C:\WINDOWS\system32
2010-02-26 02:47:29 ----DC---- C:\WINDOWS\AppPatch
2010-02-26 02:47:24 ----DC---- C:\Program Files\Common Files
2010-02-26 02:36:36 ----DC---- C:\WINDOWS\Minidump
2010-02-26 02:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 03:53:16 ----RDC---- C:\Program Files
2010-02-25 02:53:05 ----DC---- C:\Documents and Settings\tester\Data aplikací\SUPERAntiSpyware.com
2010-02-25 02:52:35 ----SHDC---- C:\WINDOWS\Installer
2010-02-25 01:35:21 ----HDC---- C:\WINDOWS\inf
2010-02-23 19:20:56 ----DC---- C:\!
2010-02-23 04:52:03 ----DC---- C:\WINDOWS\system32\config
2010-02-23 04:37:23 ----SHD---- C:\System Volume Information
2010-02-23 04:37:23 ----DC---- C:\WINDOWS\system32\Restore
2010-02-23 04:13:30 ----DC---- C:\Films
2010-02-23 04:10:35 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-23 04:10:09 ----DC---- C:\Install
2010-02-23 04:03:31 ----DC---- C:\WINDOWS\Debug
2010-02-17 01:29:48 ----ADC---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-15 00:02:23 ----DC---- C:\WINDOWS\system32\CatRoot
2010-02-14 18:43:16 ----DC---- C:\Documents and Settings\tester\Data aplikací\Skype
2010-02-12 14:06:40 ----DC---- C:\Documents and Settings\tester\Data aplikací\vlc
2010-02-10 16:52:09 ----DC---- C:\WINDOWS\security
2010-02-05 01:44:56 ----DC---- C:\Games
2010-02-04 12:50:24 ----DC---- C:\Program Files\Driver Genius
2010-02-04 11:34:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-03 20:24:49 ----DC---- C:\Documents and Settings\tester\Data aplikací\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-10-23 18688]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-03 1133056]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DCamUSBNW800;TwinkleCam USB Camera; C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-29 238944]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2008-01-15 459520]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 3072]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-03 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-10-23 118784]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

Unlimited_Killer

Ještě klasické dočištění.

1) CCleaner

Stáhněte si program jménem CCleaner.
Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
Spusťte ho.
- Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
- Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

2) Defragmentace

Defragmentujte disk.
Lze to udělat několika způsoby ↓
- Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
- Přes jednoduchý a přehledný program jménem Defraggler.
- Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

3) FileHippo.com UpdateChecker

Během procesu čištění jsem zvyklý odstraňovat zbytečné aplikace spouštěné po startu.
Mezi ně patří například Java Update. Nesmyslně užírá RAM paměť jelikož neustále sonduje, zda není novější verze.
Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
- Běžně ho nainstalujte.
- Spouštějte ho například jednou až dvakrát týdně.
- Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).

4) Nový RSIT log

Rostoff · #13 Příspěvek od **Rostoff** » 01 bře 2010 20:56

Děkuji za všechny rady a vyčištění PC. Nyní by tedy již měl být PC bez malware a rootkitů?
Jinak také nemám rád, že se při startu OS spouští spousta nepotřebného balastu, viz Update Java. Ten odstraňuji pravidelně, nicméně se tam po každé aktualizaci znovu vecpe. Také nevím, zda vidím všechny aplikace, které se spouští, používám na to Regcleaner, nebo právě CCleaner.

Logfile of random's system information tool 1.06 (written by random/random)
Run by tester at 2010-03-01 20:53:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 875 MB (1%) free of 95 GB
Total RAM: 511 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:57, on 1.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Altap Salamander 2.5\salamand.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe
C:\Install\RSIT.exe
C:\Program Files\trend micro\tester.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Altap Salamander 2.52.lnk = C:\Program Files\Altap Salamander 2.5\salamand.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6699800008
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - http://support.f-secure.com/enu/home/on ... /fscax.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

--
End of file - 4944 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_STARDUST-MOBILE_Halucinace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Altap Salamander 2.52.lnk - C:\Program Files\Altap Salamander 2.5\salamand.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-03 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe"="C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe:*:Enabled:Reversi v Internetu"
"C:\Games\Black And White\runblack.exe"="C:\Games\Black And White\runblack.exe:*:Disabled:lh"
"C:\Games\State of War\State of War.exe"="C:\Games\State of War\State of War.exe:*:Disabled:State of WAR"
"C:\Games\ZDaemon\zlauncher.exe"="C:\Games\ZDaemon\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Games\ZDaemon\zdaemon.exe"="C:\Games\ZDaemon\zdaemon.exe:*:Enabled:ZDaemon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\tester\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -
.js - open - "C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe" /OPEN("%1")

======List of files/folders created in the last 1 months======

2010-03-01 01:11:32 ----DC---- C:\rsit
2010-02-26 20:32:58 ----SHDC---- C:\RECYCLER
2010-02-26 02:59:15 ----DC---- C:\WINDOWS\temp
2010-02-26 02:42:30 ----AC---- C:\Boot.bak
2010-02-26 02:42:25 ----RASHDC---- C:\cmdcons
2010-02-23 04:40:49 ----RASHC---- C:\Boot.ini
2010-02-23 04:37:07 ----DC---- C:\WINDOWS\ERDNT
2010-02-23 02:34:28 ----RADC---- C:\autorun.inf
2010-02-22 02:45:57 ----DC---- C:\Program Files\trend micro
2010-02-13 18:20:08 ----DC---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2010-03-01 20:53:45 ----DC---- C:\Program Files\PeerGuardian2
2010-03-01 20:53:42 ----DC---- C:\Documents and Settings\tester\Data aplikací\uTorrent
2010-03-01 20:52:46 ----DC---- C:\Install
2010-03-01 20:14:22 ----DC---- C:\WINDOWS\Minidump
2010-03-01 20:14:22 ----DC---- C:\WINDOWS
2010-03-01 20:12:34 ----DC---- C:\WINDOWS\Prefetch
2010-03-01 08:06:24 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-26 02:59:17 ----DC---- C:\WINDOWS\system32\drivers
2010-02-26 02:55:18 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-02-26 02:52:20 ----AC---- C:\WINDOWS\system.ini
2010-02-26 02:50:46 ----DC---- C:\WINDOWS\srchasst
2010-02-26 02:47:29 ----DC---- C:\WINDOWS\system32
2010-02-26 02:47:29 ----DC---- C:\WINDOWS\AppPatch
2010-02-26 02:47:24 ----DC---- C:\Program Files\Common Files
2010-02-26 02:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 03:53:16 ----RDC---- C:\Program Files
2010-02-25 02:53:05 ----DC---- C:\Documents and Settings\tester\Data aplikací\SUPERAntiSpyware.com
2010-02-25 02:52:35 ----SHDC---- C:\WINDOWS\Installer
2010-02-25 01:35:21 ----HDC---- C:\WINDOWS\inf
2010-02-23 19:20:56 ----DC---- C:\!
2010-02-23 04:52:03 ----DC---- C:\WINDOWS\system32\config
2010-02-23 04:37:23 ----SHD---- C:\System Volume Information
2010-02-23 04:37:23 ----DC---- C:\WINDOWS\system32\Restore
2010-02-23 04:13:30 ----DC---- C:\Films
2010-02-23 04:10:35 ----HDC---- C:\WINDOWS\$hf_mig$
2010-02-23 04:03:31 ----DC---- C:\WINDOWS\Debug
2010-02-17 01:29:48 ----ADC---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-15 00:02:23 ----DC---- C:\WINDOWS\system32\CatRoot
2010-02-14 18:43:16 ----DC---- C:\Documents and Settings\tester\Data aplikací\Skype
2010-02-12 14:06:40 ----DC---- C:\Documents and Settings\tester\Data aplikací\vlc
2010-02-10 16:52:09 ----DC---- C:\WINDOWS\security
2010-02-05 01:44:56 ----DC---- C:\Games
2010-02-04 12:50:24 ----DC---- C:\Program Files\Driver Genius
2010-02-04 11:34:35 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-03 20:24:49 ----DC---- C:\Documents and Settings\tester\Data aplikací\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-10-23 18688]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-03 1133056]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2002-08-08 89088]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\system32\DRIVERS\ptserial.sys [2003-02-24 135292]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\tester\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DCamUSBNW800;TwinkleCam USB Camera; C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-29 238944]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2008-01-15 459520]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-09 3072]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-03 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-18 19456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-10-23 118784]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

Unlimited_Killer

Ano, CCleaner by měl zobrazit všechny, jinak jsem Vám snad všechny zbytečné odstranil.

1) Reg soubor

Spusťte Poznámkový blok [Start → Spustit → notepad → Enter].

Do něj vkopírujte následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Uložte tento soubor například na Plochu jako oprava.reg (vizte obrázek).
Dvojklikem tento soubor spusťte.
Restartujte PC a po restartu tento soubor smažte.

2) Malwarebytes' Anti-Malware

Stáhněte MbAM a postupujte podle popisu.
Zatím nic nemažte, MbAM má občas falešné detekce.
Poté mi sem vložte log ve formě textu.

Rostoff · #15 Příspěvek od **Rostoff** » 02 bře 2010 17:40

Dá se tenhle celý postup (myslím základní pokyny) použít i jinde? Mám ještě NTB s Win Vista.

Log je asi v pořádku, bic to nenašlo...

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3814
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2.3.2010 17:35:40
mbam-log-2010-03-02 (17-35-40).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 119628
Uplynulý čas: 11 minute(s), 25 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

VIRY.CZ

Podezrele procesy ve Spravci uloh

Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh

Re: Podezrele procesy ve Spravci uloh