Nod32 našel trojské koně

[luvec]

Dobrý den, prosím o pomoc s vyčištěním počítače, Nod32 mi našel toto:

26.2.2010 3:57:59 Rezidentní ochrana soubor C:\WINDOWS\system32\drivers\aec.sys varianta infiltrace Win32/Rootkit.Kryptik.AF trojský kůň nelze léčit NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\Program Files\Mozilla Firefox\firefox.exe.
26.2.2010 4:01:56 Rezidentní ochrana soubor C:\WINDOWS\system32\fjhdyfhsn.bat BAT/Agent.NFC trojský kůň vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\system32\cmd.exe.

Přeinstaloval jsem Firefox, projel počítač pomocí Ad-aware SE a Spybot Search (nic pořádného nenašli), ale kdoví co všechno tam ještě zůstalo.

Log z RSI:

Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-02-26 14:02:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (35%) free of 80 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:33, on 26.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\ARCHIV\3_ANTIVIR\RSIT\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\ARCHIV\3_ANTIVIR\HijackThis\root.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O4 - Startup: MonacoReminder.lnk = ?
O4 - Startup: winesm32.exe
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124383457453
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7018 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2004-09-17 552960]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-08-25 86016]
"Phase One Media Reader"=C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart []
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-08-25 4554752]
"nwiz"=nwiz.exe /install []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe

C:\Documents and Settings\root\Nabídka Start\Programy\Po spuštění
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
MonacoReminder.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{948a0a20-9c55-11dc-afbe-001109db7d4f}]
shell\AutoRun\command - F:\Seagate\Installer\InstallSeagateManager.exe
shell\Install\command - F:\Seagate\Installer\InstallSeagateManager.exe


======List of files/folders created in the last 1 months======

2010-02-26 12:35:04 ----D---- C:\Documents and Settings\root\Data aplikací\Uniblue
2010-01-31 21:35:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-31 21:35:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-31 16:42:08 ----D---- C:\Program Files\The KMPlayer
2010-01-31 12:41:35 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2010-11-20 20:17:53 ----SD---- C:\WINDOWS\Tasks
2010-02-26 14:01:49 ----D---- C:\WINDOWS
2010-02-26 14:01:33 ----D---- C:\WINDOWS\Temp
2010-02-26 13:59:34 ----D---- C:\Documents and Settings\root\Data aplikací\Skype
2010-02-26 13:57:19 ----D---- C:\WINDOWS\system32
2010-02-26 13:55:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-26 13:55:23 ----RD---- C:\Program Files
2010-02-26 13:35:43 ----D---- C:\rsit
2010-02-26 13:34:25 ----D---- C:\WINDOWS\Prefetch
2010-02-26 12:49:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-26 12:47:53 ----D---- C:\WINDOWS\system32\Restore
2010-02-26 11:56:43 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 11:30:46 ----D---- C:\Documents and Settings\root\Data aplikací\skypePM
2010-02-26 05:13:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-26 05:06:50 ----D---- C:\WINDOWS\Minidump
2010-02-26 05:04:56 ----D---- C:\Program Files\CCleaner
2010-02-26 04:01:12 ----D---- C:\WINDOWS\system32\drivers
2010-02-26 03:58:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 03:57:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 15:06:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-14 11:58:08 ----D---- C:\FOTO
2010-02-02 14:31:30 ----HD---- C:\WINDOWS\inf
2010-01-31 21:36:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-31 21:34:37 ----D---- C:\Program Files\Windows Media Player
2010-01-31 21:34:32 ----D---- C:\WINDOWS\Help
2010-01-31 21:31:43 ----SHD---- C:\System Volume Information
2010-01-31 16:34:39 ----A---- C:\WINDOWS\winzip32.ini
2010-01-31 13:43:25 ----D---- C:\Program Files\TTDX
2010-01-31 12:42:26 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 io.sys;IO.DLL Driver; \??\C:\WINDOWS\system32\drivers\io.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-08-26 9728]
R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
R3 GVTDrv;GVTDrv; C:\WINDOWS\system32\drivers\GVTDrv.sys [2010-02-26 23524]
R3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-25 2975136]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S1 c680836e;c680836e; C:\WINDOWS\System32\drivers\c680836e.sys []
S3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-04-12 1264320]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTictwl.sys [2005-07-11 12569]
S3 Mspicy;Mspicy; C:\WINDOWS\system32\drivers\Mspicy.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X-Rite;X-Rite USB Service; C:\WINDOWS\system32\DRIVERS\XrUsb.sys [2003-11-06 14936]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2002-11-25 49152]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-08-25 127043]
R2 P1C1394;Phase One 1394 Camera Driver; C:\WINDOWS\System32\Drivers\p1c1394.sys [2005-11-21 23168]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-22 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Lanmpro;Lanmpro; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Odinstalujte Spybot - Search & Destroy a ewido anti-spyware 4.0


Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\drivers\aec.sys
C:\WINDOWS\System32\drivers\c680836e.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)


Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[luvec]

Tak aec.sys je podle virustotal.com v poradku (zadny z antiviru nic nenasel), soubor c680836e.sys ma nulovou velikost.

Zde je log z MBAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3795
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.2.2010 16:51:09
mbam-log-2010-02-26 (16-50-51).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 320821
Uplynulý èas: 1 hour(s), 9 minute(s), 16 second(s)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 6
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáøe: 0
Infikované soubory: 4

Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíèe registru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované adresáøe:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\root\Nabídka Start\Programy\Po spuštìní\winesm32.exe (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\drivers\npohrna.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\root\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\root\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[Caroprd111]

Vše, co našel MBAM smažte a restartujte PC.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[luvec]

Takze log z ComboFix:

ComboFix 10-02-25.02 - root 26.02.2010 17:35:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.656 [GMT 1:00]
Spuštěný z: c:\documents and settings\root\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\root\Dokumenty\ZbThumbnail.info
c:\windows\srchasst\nls302en.lex
c:\windows\system32\ieuinit.inf
c:\windows\system32\twain_32.dll
c:\windows\system32\wl.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-01-31 15:42 . 2010-01-31 15:42 -------- d-----w- c:\program files\The KMPlayer
2010-01-31 11:41 . 2010-01-31 11:41 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 16:30 . 2005-08-11 21:19 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-02-26 14:08 . 2009-05-24 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 13:56 . 2005-09-06 20:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-26 04:04 . 2006-09-14 17:26 -------- d-----w- c:\program files\CCleaner
2010-01-31 12:43 . 2005-12-25 11:20 -------- d-----w- c:\program files\TTDX
2010-01-07 15:07 . 2009-05-24 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-05-24 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 20:50 . 2009-06-08 20:54 327782432 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-18 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 552960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-08-25 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-25 4554752]
"nwiz"="nwiz.exe" [2004-08-25 921600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

c:\documents and settings\root\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MonacoGamma.lnk - c:\program files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe [2005-8-30 102400]
MonacoReminder.lnk - c:\program files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe [2005-8-30 196608]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MonacoGamma.lnk - c:\program files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe [2005-8-30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"nod32kui"="c:\program files\Eset\nod32kui.exe" /WAITSERVICE
"Zástupce stránky vlastností sběrnice High Definition Audio"=HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 9:02 468224]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [1.2.2007 23:36 5152]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys [22.1.2006 21:58 23168]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [11.8.2005 22:19 23524]
S0 npohrna;npohrna; [x]
S1 c680836e;c680836e;c:\windows\system32\drivers\c680836e.sys --> c:\windows\system32\drivers\c680836e.sys [?]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [12.8.2005 8:11 1264320]
S3 Mspicy;Mspicy; [x]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\drivers\XrUsb.sys [30.8.2005 19:30 14936]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\www
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\root\Data aplikací\Mozilla\Firefox\Profiles\q79w3okv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Phase One Media Reader - c:\progra~1\PHASEO~1\CAPTUR~1\DCIMImp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 17:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-02-26 17:41:15
ComboFix-quarantined-files.txt 2010-02-26 16:41

Před spuštěním: Volných bajtů: 29 125 672 960
Po spuštění: Volných bajtů: 29 093 257 216

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E62C06A27CA43D70E63DC19E9BA4811C

[Caroprd111]

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\appmgmts.dll
c:\windows\ServicePackFiles\i386\atapi.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

[luvec]

Prvni dva naprosto ciste, u posledniho je jedno podezreni na vir Win32.Rootkit od eSafe:
http://www.virustotal.com/cs/analisis/b ... 1267204706

[Caroprd111]

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[luvec]

Maly log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-27 01:52:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\root\LOCALS~1\Temp\uwldypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

Velky log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 01:56:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\root\LOCALS~1\Temp\uwldypog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1648] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

Akorat ze pri prochazeni souboru to vzdycky krachlo, nejaka chyba pri zapisu na disk. Pak jsem to rozdelil, nejdriv gmerem projel vsechno az na soubory (to je ten velky log), pak zvlast jen soubory - tam to hodilo hlasku, ze nic nenaslo a dalsi hlasku, ze chyba zapisu na disk.

[Caroprd111]

Jak to vypadá s PC

[luvec]

PC funguje naprosto bez problemu. Sice po ComboFixu nasledovalo nejak hodne automatickych aktualizaci Windows, ale nyni uz je to snad vsechno. Zadne zaseky, zadne divnosti, PC krachovalo jen pri pouziti gmeru.

[Caroprd111]

Dejte nový log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

[luvec]

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-02-28 02:49:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (13%) free of 80 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:50, on 28.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\ARCHIV\3_ANTIVIR\RSIT\RSIT.exe
D:\ARCHIV\3_ANTIVIR\HijackThis\root.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O4 - Startup: MonacoReminder.lnk = ?
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4383457453
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5795 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2004-09-17 552960]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-01-06 1657448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe

C:\Documents and Settings\root\Nabídka Start\Programy\Po spuštění
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
MonacoReminder.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-28 02:38:43 ----SHD---- C:\Config.Msi
2010-02-28 02:35:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters Inc
2010-02-28 02:32:46 ----D---- C:\Documents and Settings\root\Data aplikací\GetRightToGo
2010-02-28 01:56:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2010-02-28 01:56:52 ----A---- C:\WINDOWS\system32\nvuninst.exe
2010-02-28 01:56:50 ----D---- C:\Program Files\NVIDIA Corporation
2010-02-28 01:40:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-27 19:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-27 19:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-27 19:01:09 ----A---- C:\WINDOWS\imsins.BAK
2010-02-27 19:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-27 00:11:52 ----D---- C:\0842d2a726f3938dd4
2010-02-27 00:11:35 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-27 00:08:07 ----SHD---- C:\RECYCLER
2010-02-26 23:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-26 23:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-26 23:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-26 23:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-26 23:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-26 23:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-26 23:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-26 23:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-26 23:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-26 23:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-26 23:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-26 23:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-26 23:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-26 23:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-26 23:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-26 23:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-26 23:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-26 23:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-26 23:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-26 23:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-26 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-26 23:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-26 23:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-26 23:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-26 23:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-26 23:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-26 23:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-26 23:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-26 23:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-26 23:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-26 23:41:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-26 23:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-26 18:43:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-26 18:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-26 18:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-26 18:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-26 18:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-26 18:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-26 18:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-26 17:41:15 ----A---- C:\ComboFix.txt
2010-02-26 17:32:55 ----A---- C:\Boot.bak
2010-02-26 17:32:49 ----RASHD---- C:\cmdcons
2010-02-26 17:31:49 ----A---- C:\WINDOWS\zip.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\SWREG.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\sed.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\PEV.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\MBR.exe
2010-02-26 17:31:49 ----A---- C:\WINDOWS\grep.exe
2010-02-26 17:31:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-26 17:31:48 ----A---- C:\WINDOWS\SWSC.exe
2010-02-26 17:31:39 ----D---- C:\WINDOWS\ERDNT
2010-02-26 17:31:19 ----D---- C:\Qoobox
2010-02-26 12:35:04 ----D---- C:\Documents and Settings\root\Data aplikací\Uniblue
2010-01-31 21:35:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-31 21:35:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-31 16:42:08 ----D---- C:\Program Files\The KMPlayer
2010-01-31 12:41:35 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2010-11-20 20:17:53 ----SD---- C:\WINDOWS\Tasks
2010-02-28 02:49:35 ----D---- C:\WINDOWS\Prefetch
2010-02-28 02:48:54 ----D---- C:\WINDOWS\Temp
2010-02-28 02:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-28 02:38:47 ----SHD---- C:\WINDOWS\Installer
2010-02-28 02:38:47 ----RD---- C:\Program Files
2010-02-28 02:35:35 ----RSD---- C:\WINDOWS\assembly
2010-02-28 02:22:54 ----HD---- C:\WINDOWS\inf
2010-02-28 02:22:53 ----D---- C:\WINDOWS\system32\drivers
2010-02-28 02:12:51 ----D---- C:\Documents and Settings\root\Data aplikací\Skype
2010-02-28 02:11:21 ----D---- C:\WINDOWS\system32
2010-02-28 02:11:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 02:11:18 ----D---- C:\WINDOWS
2010-02-28 02:10:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 01:56:59 ----D---- C:\WINDOWS\Help
2010-02-28 01:56:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-28 01:52:41 ----D---- C:\WINDOWS\system32\cs-cz
2010-02-28 01:52:39 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-28 01:43:55 ----D---- C:\Documents and Settings\root\Data aplikací\skypePM
2010-02-28 01:40:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-27 19:35:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-27 19:12:55 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-27 19:03:52 ----D---- C:\WINDOWS\WinSxS
2010-02-27 01:01:49 ----D---- C:\WINDOWS\Debug
2010-02-27 00:12:38 ----D---- C:\WINDOWS\system32\en-us
2010-02-27 00:12:33 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 00:02:58 ----D---- C:\Program Files\Internet Explorer
2010-02-26 23:56:28 ----HDC---- C:\WINDOWS\ie7
2010-02-26 23:48:11 ----D---- C:\WINDOWS\AppPatch
2010-02-26 18:43:39 ----D---- C:\Program Files\Outlook Express
2010-02-26 17:39:16 ----A---- C:\WINDOWS\system.ini
2010-02-26 17:38:45 ----D---- C:\WINDOWS\srchasst
2010-02-26 17:37:24 ----D---- C:\Program Files\Common Files
2010-02-26 17:32:56 ----RASH---- C:\boot.ini
2010-02-26 17:31:47 ----SHD---- C:\System Volume Information
2010-02-26 17:31:47 ----D---- C:\WINDOWS\system32\Restore
2010-02-26 17:12:19 ----D---- C:\WINDOWS\l2schemas
2010-02-26 15:08:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-26 14:56:10 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-26 14:56:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-26 14:50:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-26 14:03:11 ----D---- C:\rsit
2010-02-26 11:56:43 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 05:06:50 ----D---- C:\WINDOWS\Minidump
2010-02-26 05:04:56 ----D---- C:\Program Files\CCleaner
2010-02-14 15:06:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-14 11:58:08 ----D---- C:\FOTO
2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 21:34:37 ----D---- C:\Program Files\Windows Media Player
2010-01-31 16:34:39 ----A---- C:\WINDOWS\winzip32.ini
2010-01-31 13:43:25 ----D---- C:\Program Files\TTDX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 io.sys;IO.DLL Driver; \??\C:\WINDOWS\system32\drivers\io.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2003-08-26 9728]
R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
R3 GVTDrv;GVTDrv; C:\WINDOWS\system32\drivers\GVTDrv.sys [2010-02-28 23524]
R3 HdAudAddService;Ovladač funkcí Microsoft UAA pro služby sběrnice High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-06-16 180480]
S1 c680836e;c680836e; C:\WINDOWS\System32\drivers\c680836e.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\root\LOCALS~1\Temp\catchme.sys []
S3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-04-12 1264320]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTictwl.sys [2005-07-11 12569]
S3 Mspicy;Mspicy; C:\WINDOWS\system32\drivers\Mspicy.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 X-Rite;X-Rite USB Service; C:\WINDOWS\system32\DRIVERS\XrUsb.sys [2003-11-06 14936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2002-11-25 49152]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 P1C1394;Phase One 1394 Camera Driver; C:\WINDOWS\System32\Drivers\p1c1394.sys [2005-11-21 23168]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-08-25 127043]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-22 68096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Lanmpro;Lanmpro; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Dejte sem prosím nový log z RSIT bez přidání do "code, quote", špatně se to čte.