prosim o kontrolu logu

Zpráva

88ferdo881 · #1 Příspěvek od **88ferdo881** » 03 bře 2010 18:53

prosim o kontrolu logu, mam strasne spomaleny PC, procesor je po otvoreni panelu uloh vytaženy na 100%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:14, on 3.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "D:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Infium] "D:\Program Files\QIP Infium\infium.exe" /autorun /autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9415 bytes

#2 Příspěvek od **Caroprd111** » 03 bře 2010 18:55

Zdravím

Přečtěte si pravidla fóra a dejte log z RSIT.

88ferdo881 · #3 Příspěvek od **88ferdo881** » 03 bře 2010 19:13

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ferdo at 2010-03-03 19:11:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 2 GB (24%) free of 10 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:40, on 3.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\QIP\qip.exe
D:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\Ferdo\Desktop\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\Ferdo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "D:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Infium] "D:\Program Files\QIP Infium\infium.exe" /autorun /autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9437 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-10-18 949376]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"BigDogPath"=D:\WINDOWS\VM_STI.EXE [2005-03-14 40960]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"CanonSolutionMenu"=D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"DAEMON Tools"=D:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2004-11-14 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2004-11-14 86016]
"NokiaMServer"=D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=D:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-03 40448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"EA Core"=D:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Infium"=D:\Program Files\QIP Infium\infium.exe [2009-10-08 5662720]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2007-03-30 25264680]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

D:\Documents and Settings\Ferdo\Start Menu\Programs\Startup
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2007-03-06 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Program Files\Electronic Arts\EADM\Core.exe"="D:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f59c06a-bd91-11de-b3c9-001109c9b969}]
shell\AutoRun\command - G:\Autorun.exe

======List of files/folders created in the last 1 months======

2010-03-03 19:11:03 ----D---- D:\rsit
2010-03-03 18:45:34 ----D---- D:\Program Files\Trend Micro
2010-03-03 17:55:35 ----D---- D:\Program Files\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2010-03-03 19:11:21 ----D---- D:\WINDOWS\Prefetch
2010-03-03 19:11:09 ----D---- D:\WINDOWS\Temp
2010-03-03 18:54:46 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-03 18:45:34 ----RD---- D:\Program Files
2010-03-03 16:17:00 ----D---- D:\Documents and Settings\Ferdo\Application Data\Skype
2010-03-03 16:06:16 ----D---- D:\Program Files\Mozilla Firefox
2010-03-03 08:43:25 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-03-03 08:43:18 ----D---- D:\WINDOWS\system32
2010-03-02 17:56:11 ----D---- D:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-03-02 15:56:50 ----A---- D:\WINDOWS\NeroDigital.ini
2010-03-01 17:46:10 ----D---- D:\WINDOWS\system32\drivers
2010-02-17 12:44:36 ----D---- D:\Program Files\PhotoScape
2010-02-14 00:47:03 ----SHD---- D:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-10-21 35840]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2009-10-18 15424]
R1 PQNTDrv;PQNTDrv; D:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2009-10-18 512096]
R2 rspndr;Link-Layer Topology Discovery Responder; D:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-04-10 60800]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-10-20 25280]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-04-10 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-11-14 2826944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 acx51ld5;acx51ld5; D:\WINDOWS\system32\drivers\acx51ld5.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-03-06 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC302;VIMICRO USB PC Camera; D:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-03-14 91263]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-10-18 552064]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2004-11-14 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 ServiceLayer;ServiceLayer; D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player - služba zdieľania v sieti; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#4 Příspěvek od **Caroprd111** » 03 bře 2010 19:18

Odinstalujte Spybot - Search & Destroy.

Obrázek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Obrázek

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Obrázek

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Obrázek

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Obrázek

Během skenování může být počítač restartován.

88ferdo881 · #5 Příspěvek od **88ferdo881** » 03 bře 2010 19:38

ComboFix 10-03-03.02 - Ferdo 03.03.2010 19:31:17.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1710 [GMT 1:00]
Running from: d:\documents and settings\Ferdo\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\$recycle.bin\S-1-5-21-823916967-284567730-3834954066-1001
d:\documents and settings\Ferdo\Application Data\avdrn.dat
d:\documents and settings\Ferdo\Start Menu\Programs\Startup\winesm32.exe
d:\windows\system32\win32.dll

Infected copy of d:\windows\system32\midimap.dll was found and disinfected
Restored copy from - d:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 18:35 . 2010-03-03 18:35 -------- d-----w- d:\windows\system32\wbem\snmp
2010-03-03 18:11 . 2010-03-03 18:11 -------- d-----w- D:\rsit
2010-03-03 17:45 . 2010-03-03 17:45 -------- d-----w- d:\program files\Trend Micro
2010-03-03 16:55 . 2010-03-03 18:20 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-02-02 16:49 . 2010-02-17 11:44 -------- d-----w- d:\program files\PhotoScape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 18:36 . 2009-10-18 21:26 -------- d-----w- d:\documents and settings\Ferdo\Application Data\Skype
2010-03-03 18:35 . 2010-03-03 18:35 -------- d-----w- d:\program files\microsoft frontpage
2010-03-03 18:25 . 2009-12-21 18:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-02 16:56 . 2009-10-19 10:54 -------- d-----w- d:\documents and settings\All Users\Application Data\CanonIJPLM
2010-03-01 16:45 . 2010-03-01 16:45 12 ----a-w- d:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-01-31 09:54 . 2009-10-28 17:31 -------- d-----w- d:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-31 09:54 . 2009-10-28 17:30 -------- d-----w- d:\program files\Electronic Arts
2010-01-22 17:58 . 2009-10-18 21:16 236536 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 16:29 . 2010-01-22 16:15 -------- d-----w- d:\documents and settings\Ferdo\Application Data\Nseries
2010-01-22 16:26 . 2010-01-22 16:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Nokia
2010-01-22 16:26 . 2010-01-22 16:03 -------- d-----w- d:\program files\Nokia
2010-01-22 16:24 . 2010-01-22 16:08 -------- d-----w- d:\documents and settings\Ferdo\Application Data\Nokia
2010-01-22 16:10 . 2010-01-22 16:08 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite
2010-01-22 16:09 . 2010-01-22 16:09 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-22 16:09 . 2010-01-22 16:09 0 ---ha-w- d:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-22 16:09 . 2009-10-20 15:29 48840 ----a-w- d:\documents and settings\Ferdo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 16:08 . 2010-01-22 16:08 -------- d-----w- d:\documents and settings\Ferdo\Application Data\PC Suite
2010-01-22 16:08 . 2010-01-22 16:05 -------- d-----w- d:\program files\Common Files\Nokia
2010-01-22 16:08 . 2010-01-22 16:08 -------- d-----w- d:\program files\MSXML 6.0
2010-01-22 16:07 . 2010-01-22 16:07 -------- d-----w- d:\documents and settings\All Users\Application Data\NokiaMusic
2010-01-22 16:06 . 2010-01-22 16:06 -------- d-----w- d:\program files\Common Files\muvee Technologies
2010-01-22 16:03 . 2010-01-22 16:03 -------- d-----w- d:\program files\DIFX
2010-01-15 13:09 . 2009-12-21 16:51 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-01-04 16:12 . 2010-01-04 16:12 -------- d-----w- d:\program files\MP3 Cutter
2010-01-04 16:10 . 2010-01-04 16:10 -------- d-----w- d:\program files\MP3Cutter
2010-01-04 11:48 . 2009-10-18 21:21 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-06 14:04 . 2009-12-06 14:04 10240 ----a-w- d:\documents and settings\Ferdo\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
.

------- Sigcheck -------

[-] 2007-03-18 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . d:\windows\system32\drivers\tcpip.sys

[7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-03 . 55ACA85EB80E2155E20211AAADDD711A . 541696 . . [5.1.2600.2180] . . d:\windows\system32\winlogon.exe

[7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-03 . 183AA2191E8522D0C61B53D6B8B6F356 . 116224 . . [5.4.3790.2180] . . d:\windows\system32\wuauclt.exe

[7] 2007-03-06 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2007-03-06 . 43A336FC1C015417D981B2D32B27B8FF . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll

[7] 2007-03-06 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2007-03-06 . CB80514EFD81270671ACA2D419AA57A3 . 3740672 . . [7.00.6000.16414] . . d:\windows\system32\mshtml.dll

[7] 2007-04-10 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2007-04-10 . 7C52987E2B5DD401DC57F306E19422F9 . 2344704 . . [5.1.2600.3093] . . d:\windows\system32\ntoskrnl.exe

[7] 2007-04-10 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2007-04-10 . 7A540726CA75E1E988D56AB69925BA79 . 577536 . . [5.1.2600.3099] . . d:\windows\system32\user32.dll

[7] 2007-03-06 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2007-03-06 . 3AB535603D78EB54608B6ED9515551C7 . 889344 . . [7.00.6000.16414] . . d:\windows\system32\wininet.dll

[-] 2004-08-03 . A8E5C63DC67BD7B78F72FB3819EB07C2 . 1539072 . . [6.00.2900.2180] . . d:\windows\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2007-03-06 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . d:\windows\system32\sfcfiles.dll

[7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 . E00DFA816FA5521EB44C5D63109DE2A9 . 40448 . . [5.1.2600.2180] . . d:\windows\system32\ctfmon.exe

[7] 2007-04-10 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2007-04-10 . 1A6FDC143311FA03DDDBBD56D5C9ED62 . 2221952 . . [5.1.2600.3093] . . d:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Infium"="d:\program files\QIP Infium\infium.exe" [2009-10-08 5662720]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2007-03-30 25264680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="d:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-10-18 949376]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"BigDogPath"="d:\windows\VM_STI.EXE" [2005-03-14 40960]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2004-11-14 4620288]
"nwiz"="nwiz.exe" [2004-11-14 921600]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2004-11-14 86016]
"Nokia FastStart"="d:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="d:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-03-06 12451]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"nltide_3"="advpack.dll" [2007-03-06 124928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [20.10.2009 16:25 639224]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [18.10.2009 22:20 15424]
S3 ZSMC302;VIMICRO USB PC Camera;d:\windows\system32\drivers\usbvm31b.sys [19.10.2009 11:46 91263]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\progra~1\PCTRAN~1\webie.dll
LSP: d:\windows\system32\imon.dll
FF - ProfilePath - d:\documents and settings\Ferdo\Application Data\Mozilla\Firefox\Profiles\omw0ynpy.default\
FF - prefs.js: browser.startup.homepage - hxxp://pokec.azet.sk/

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - d:\program files\Electronic Arts\EADM\Core.exe
AddRemove-NVIDIA nView Desktop Manager - d:\program files\NVIDIA Corporation\nView\nViewSetup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 19:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys sptd.sys >>UNKNOWN [0x89E037AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e90cb8
\Driver\atapi -> 0x89de01d8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
ParseProcedure -> ntkrnlpa.exe @ 0x80576ec4
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578262
ParseProcedure -> ntkrnlpa.exe @ 0x80576ec4
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d07ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7d14b21
SendHandler -> NDIS.sys @ 0xb7cf287b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(868)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\psbase.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2968)
d:\windows\system32\msctfime.ime
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\SOUNDMAN.EXE
d:\windows\system32\RUNDLL32.EXE
d:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
d:\program files\Canon\IJPLM\IJPLMSVC.EXE
d:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\windows\system32\wscntfy.exe
d:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-03-03 19:38:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-03 18:37

Pre-Run: 2 485 235 712 bytes free
Post-Run: 2 552 111 104 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 93EC88FC859E3F87DE21F91CC8F5FCAC

#6 Příspěvek od **Caroprd111** » 03 bře 2010 19:57

Tohle otestujte na http://www.virustotal.com/cs/
d:\windows\system32\drivers\tcpip.sys
d:\windows\system32\winlogon.exe
d:\windows\system32\wuauclt.exe
d:\windows\system32\comctl32.dll
d:\windows\system32\mshtml.dll
d:\windows\system32\ntoskrnl.exe
d:\windows\system32\user32.dll
d:\windows\system32\wininet.dll
d:\windows\explorer.exe
d:\windows\system32\sfcfiles.dll
d:\windows\system32\ctfmon.exe
d:\windows\system32\ntkrnlpa.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

Obrázek

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

88ferdo881 · #7 Příspěvek od **88ferdo881** » 03 bře 2010 20:31

Soubor tcpip.sys přijatý 2010.03.03 19:00:34 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor winlogon.exe přijatý 2010.03.03 19:02:37 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor wuauclt.exe přijatý 2010.03.03 19:04:23 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor comctl32.dll přijatý 2010.03.03 19:05:50 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor mshtml.dll přijatý 2010.03.03 19:09:48 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)

Soubor ntoskrnl.exe přijatý 2010.03.03 19:13:28 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor wininet.dll přijatý 2010.03.03 19:19:29 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/42 (2.39%)

Soubor explorer.exe přijatý 2010.03.03 19:29:27 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/42 (2.39%)

Soubor sfcfiles.dll přijatý 2010.03.03 19:25:00 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor ctfmon.exe přijatý 2010.03.03 19:26:09 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor ntkrnlpa.exe přijatý 2010.03.03 19:27:37 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

Soubor user32.dll přijatý 2010.03.03 19:30:55 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)

idem urobit tie dalsie testy

#8 Příspěvek od **Caroprd111** » 03 bře 2010 20:34

Dávejte sem odkazy na výsledky, potřebuji vidět, které antiviry vir detekovaly.

88ferdo881 · #9 Příspěvek od **88ferdo881** » 03 bře 2010 20:39

Soubor explorer.exe přijatý 2010.03.03 19:36:35 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/42 (2.39%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.03 -
AhnLab-V3 5.0.0.2 2010.03.03 -
AntiVir 8.2.1.180 2010.03.03 -
Antiy-AVL 2.0.3.7 2010.03.03 -
Authentium 5.2.0.5 2010.03.03 -
Avast 4.8.1351.0 2010.03.03 -
Avast5 5.0.332.0 2010.03.03 -
AVG 9.0.0.730 2010.03.03 -
BitDefender 7.2 2010.03.03 -
CAT-QuickHeal 10.00 2010.03.03 -
ClamAV 0.96.0.0-git 2010.03.03 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.03 -
eSafe 7.0.17.0 2010.03.03 -
eTrust-Vet 35.2.7337 2010.03.03 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.03 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.03 -
Ikarus T3.1.1.80.0 2010.03.03 -
Jiangmin 13.0.900 2010.03.03 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.03 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.03 -
Microsoft 1.5502 2010.03.03 -
NOD32 4913 2010.03.03 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.03 -
Panda 10.0.2.2 2010.03.02 -
PCTools 7.0.3.5 2010.03.03 -
Prevx 3.0 2010.03.03 -
Rising 22.37.02.04 2010.03.03 -
Sophos 4.51.0 2010.03.03 -
Sunbelt 5741 2010.03.03 -
Symantec 20091.2.0.41 2010.03.03 Suspicious.Insight
TheHacker 6.5.1.7.218 2010.03.03 -
TrendMicro 9.120.0.1004 2010.03.03 -
VBA32 3.12.12.2 2010.03.02 -
ViRobot 2010.3.3.2210 2010.03.03 -
VirusBuster 5.0.27.0 2010.03.03 -

Soubor wininet.dll přijatý 2010.03.03 19:38:32 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/42 (2.39%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.03 -
AhnLab-V3 5.0.0.2 2010.03.03 -
AntiVir 8.2.1.180 2010.03.03 -
Antiy-AVL 2.0.3.7 2010.03.03 -
Authentium 5.2.0.5 2010.03.03 -
Avast 4.8.1351.0 2010.03.03 -
Avast5 5.0.332.0 2010.03.03 -
AVG 9.0.0.730 2010.03.03 -
BitDefender 7.2 2010.03.03 -
CAT-QuickHeal 10.00 2010.03.03 -
ClamAV 0.96.0.0-git 2010.03.03 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.03 -
eSafe 7.0.17.0 2010.03.03 -
eTrust-Vet 35.2.7337 2010.03.03 -
F-Prot 4.5.1.85 2010.03.03 -
F-Secure 9.0.15370.0 2010.03.03 -
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.03.03 -
Ikarus T3.1.1.80.0 2010.03.03 -
Jiangmin 13.0.900 2010.03.03 -
K7AntiVirus 7.10.989 2010.03.03 -
Kaspersky 7.0.0.125 2010.03.03 -
McAfee 5909 2010.03.03 -
McAfee+Artemis 5909 2010.03.03 -
McAfee-GW-Edition 6.8.5 2010.03.03 -
Microsoft 1.5502 2010.03.03 -
NOD32 4913 2010.03.03 -
Norman 6.04.08 2010.03.03 -
nProtect 2009.1.8.0 2010.03.03 -
Panda 10.0.2.2 2010.03.02 -
PCTools 7.0.3.5 2010.03.03 -
Prevx 3.0 2010.03.03 -
Rising 22.37.02.04 2010.03.03 -
Sophos 4.51.0 2010.03.03 -
Sunbelt 5741 2010.03.03 -
Symantec 20091.2.0.41 2010.03.03 Suspicious.Insight
TheHacker 6.5.1.7.218 2010.03.03 -
TrendMicro 9.120.0.1004 2010.03.03 -
VBA32 3.12.12.2 2010.03.02 -
ViRobot 2010.3.3.2210 2010.03.03 -
VirusBuster 5.0.27.0 2010.03.03 -

88ferdo881 · #10 Příspěvek od **88ferdo881** » 03 bře 2010 20:43

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#11 Příspěvek od **Caroprd111** » 03 bře 2010 20:47

Jak to vypadá s PC

88ferdo881 · #12 Příspěvek od **88ferdo881** » 03 bře 2010 21:00

no po tom teste combofix ide PC ako predtym, neviem ani ako....a uz to islo dobre...dakujem, hrozí mojmu PC niečo podobné alebo nejaké iné nebezpečenstvo ?

#13 Příspěvek od **Caroprd111** » 03 bře 2010 21:03

Hrozbám se bohužel nevyhnete, ale můžete je velmi omezit, když nebudete stahovat cracky a podobně.

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Dejte nový log z RSIT.

88ferdo881 · #14 Příspěvek od **88ferdo881** » 03 bře 2010 21:24

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ferdo at 2010-03-03 21:24:11
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 4 GB (35%) free of 10 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:22, on 3.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\QIP Infium\infium.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Ferdo\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Ferdo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "D:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "D:\Program Files\QIP Infium\infium.exe" /autorun /autorun
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7583 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-10-18 949376]
"SoundMan"=D:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"BigDogPath"=D:\WINDOWS\VM_STI.EXE [2005-03-14 40960]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"CanonSolutionMenu"=D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=D:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2004-11-14 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2004-11-14 86016]
"NokiaMServer"=D:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=D:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Infium"=D:\Program Files\QIP Infium\infium.exe [2009-10-08 5662720]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2007-03-30 25264680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2007-03-06 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="D:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-03 21:24:11 ----D---- D:\rsit
2010-03-03 21:20:32 ----D---- D:\Program Files\CCleaner
2010-03-03 19:40:12 ----SHD---- D:\RECYCLER
2010-03-03 19:35:25 ----D---- D:\Program Files\xerox
2010-03-03 19:35:23 ----D---- D:\WINDOWS\system32\xircom
2010-03-03 19:35:23 ----D---- D:\Program Files\microsoft frontpage
2010-03-03 19:34:10 ----D---- D:\WINDOWS\temp
2010-03-03 18:45:34 ----D---- D:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-03-03 21:24:23 ----D---- D:\WINDOWS\Prefetch
2010-03-03 21:21:52 ----D---- D:\WINDOWS\Debug
2010-03-03 21:21:52 ----D---- D:\WINDOWS
2010-03-03 21:20:32 ----RD---- D:\Program Files
2010-03-03 21:17:59 ----D---- D:\Program Files\QIP Infium
2010-03-03 21:17:12 ----D---- D:\WINDOWS\system32\Restore
2010-03-03 21:17:11 ----SHD---- D:\System Volume Information
2010-03-03 21:15:52 ----N---- D:\WINDOWS\SchedLgU.Txt
2010-03-03 21:14:25 ----D---- D:\WINDOWS\Minidump
2010-03-03 20:34:22 ----D---- D:\Documents and Settings\Ferdo\Application Data\Skype
2010-03-03 20:32:41 ----D---- D:\WINDOWS\system32\drivers
2010-03-03 19:59:13 ----D---- D:\Program Files\DAEMON Tools
2010-03-03 19:36:48 ----D---- D:\WINDOWS\system32\CatRoot2
2010-03-03 19:35:39 ----A---- D:\WINDOWS\system.ini
2010-03-03 19:35:25 ----D---- D:\WINDOWS\system32\wbem
2010-03-03 19:35:25 ----D---- D:\WINDOWS\ime
2010-03-03 19:35:23 ----D---- D:\WINDOWS\system32
2010-03-03 19:33:09 ----D---- D:\WINDOWS\AppPatch
2010-03-03 19:33:07 ----D---- D:\Program Files\Common Files
2010-03-03 19:25:18 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-03 16:06:16 ----D---- D:\Program Files\Mozilla Firefox
2010-03-02 17:56:11 ----D---- D:\Documents and Settings\All Users\Application Data\CanonIJPLM
2010-03-02 15:56:50 ----A---- D:\WINDOWS\NeroDigital.ini
2010-02-17 12:44:36 ----D---- D:\Program Files\PhotoScape
2010-02-14 00:47:03 ----SHD---- D:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-10-21 35840]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2009-10-18 15424]
R1 PQNTDrv;PQNTDrv; D:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2009-10-18 512096]
R2 rspndr;Link-Layer Topology Discovery Responder; D:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-04-10 60800]
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-10-20 25280]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-04-10 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-11-14 2826944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; D:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; D:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-03-06 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC302;VIMICRO USB PC Camera; D:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-03-14 91263]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-10-18 552064]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2004-11-14 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 ServiceLayer;ServiceLayer; D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player - služba zdieľania v sieti; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#15 Příspěvek od **Caroprd111** » 03 bře 2010 21:31

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.

Obrázek

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

Obrázek

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Jinak je to v pořádku.

VIRY.CZ

prosim o kontrolu logu

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu