Virus v Pc

[hladac]

Dobry vecer,
kamarat ma nejake problemy s Pc a typuje to na virus. Poziadal ma ci mu stim nepomozem tak sa obracam na Vas. Ak by sa niekto nasiel, skotrolujete tento log?

Dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by Zuzanka at 2010-03-20 19:28:04
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (16%) free of 38 GB
Total RAM: 502 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-09-02 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-04-04 94208]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2004-11-12 40960]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-08 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-08 512000]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-05-04 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-05-04 126976]
"ISS_Certtool"=C:\Program Files\IBM\Security\certtool.exe [2005-05-06 90112]
"IBM_PWMGR"=C:\Program Files\IBM\Password Manager\pwmgr.exe [2005-05-06 208896]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-09-02 127035]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2003-11-20 57344]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"ACU"=C:\Program Files\DrayTek Vigor600\ACU.exe [2005-11-22 335872]
"Belkin Storage Manager"=C:\Program Files\Belkin Storage Manager\StorageManager.exe [2008-08-30 855040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"diskperfxp.exe"=C:\DOCUME~1\Zuzanka\LOCALS~1\Temp\diskperfxp.exe [2010-03-20 691200]
"User Protection"=C:\Program Files\User Protection\usrprot.exe -noscan []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-05-04 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WordAutomat\WordAutomat.exe"="C:\Program Files\WordAutomat\WordAutomat.exe:*:Enabled:WordAutomat"
"C:\Program Files\FTP Software\NetSuite\wlpd32.exe"="C:\Program Files\FTP Software\NetSuite\wlpd32.exe:*:Enabled:32-Bit Windows TCP/IP Print Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\DrayTek Vigor600\ACU.exe"="C:\Program Files\DrayTek Vigor600\ACU.exe:*:Enabled:Vigor600 Super G Wireless Adapter Utility"
"C:\Program Files\Belkin Storage Manager\StorageManager.exe"="C:\Program Files\Belkin Storage Manager\StorageManager.exe:*:Enabled:Belkin Storage Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Documents and Settings\Zuzanka\Desktop\Counter-Strike 1.6\hlds.exe"="C:\Documents and Settings\Zuzanka\Desktop\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-20 19:28:09 ----D---- C:\Program Files\trend micro
2010-03-20 19:28:04 ----D---- C:\rsit
2010-03-20 16:58:23 ----A---- C:\TDSSKiller.2.2.8_20.03.2010_16.58.23_log.txt
2010-03-20 16:57:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-20 15:38:12 ----D---- C:\Documents and Settings\Zuzanka\Application Data\Malwarebytes
2010-03-20 15:37:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-20 15:37:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-20 15:28:16 ----A---- C:\TDSSKiller.2.2.8_20.03.2010_15.28.16_log.txt
2010-03-20 14:55:04 ----D---- C:\Documents and Settings\Zuzanka\Application Data\ESET
2010-03-20 14:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-03-20 14:48:08 ----A---- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
2010-03-20 14:32:01 ----A---- C:\WINDOWS\system32\_VOIDmfeklnmal.dll
2010-03-20 14:31:02 ----A---- C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll
2010-03-20 14:30:32 ----D---- C:\WINDOWS\_VOIDcxvpetxviq
2010-03-10 22:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-10 18:45:46 ----D---- C:\Program Files\Turbo Tube
2010-03-07 12:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-02-24 19:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-23 18:48:33 ----D---- C:\Documents and Settings\Zuzanka\Application Data\Facebook
2010-02-22 17:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-20 19:28:09 ----RD---- C:\Program Files
2010-03-20 19:26:16 ----D---- C:\WINDOWS\Temp
2010-03-20 18:28:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-20 18:28:10 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-20 18:28:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-20 18:28:05 ----HD---- C:\WINDOWS\inf
2010-03-20 18:14:17 ----D---- C:\Program Files\Common Files
2010-03-20 18:14:16 ----D---- C:\WINDOWS
2010-03-20 17:59:39 ----D---- C:\WINDOWS\system32\drivers
2010-03-20 17:30:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-20 17:09:41 ----SHD---- C:\WINDOWS\Installer
2010-03-20 17:09:39 ----D---- C:\WINDOWS\WinSxS
2010-03-20 17:09:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-20 16:30:56 ----D---- C:\Program Files\EA SPORTS
2010-03-20 16:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2010-03-20 15:37:22 ----D---- C:\WINDOWS\Prefetch
2010-03-20 15:35:44 ----D---- C:\WINDOWS\system32
2010-03-20 15:22:40 ----D---- C:\Program Files\ThinkPad
2010-03-20 15:19:34 ----D---- C:\Program Files\Image-Line
2010-03-20 14:57:53 ----D---- C:\Program Files\Eset
2010-03-18 22:19:59 ----D---- C:\Documents and Settings\Zuzanka\Application Data\gtk-2.0
2010-03-17 20:16:28 ----D---- C:\Documents and Settings\Zuzanka\Application Data\ICQ
2010-03-16 18:36:26 ----D---- C:\Documents and Settings\Zuzanka\Application Data\Audacity
2010-03-12 17:29:36 ----A---- C:\WINDOWS\SMWizard.INI
2010-03-10 22:24:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 22:24:25 ----D---- C:\Program Files\Movie Maker
2010-03-10 22:23:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 12:31:34 ----A---- C:\WINDOWS\imsins.BAK
2010-03-01 21:30:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-17 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-01-02 17801]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 IBMI2CPCD;IBMI2CPCD; \??\C:\Program Files\SMBUS\ibmi2cpcd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 smi2;smi2; \??\C:\WINDOWS\system32\drivers\smi2.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-09-02 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-09-02 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-09-02 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-09-02 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-09-02 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-09-02 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-09-02 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-09-02 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-09-02 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-25 207616]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-05-04 827996]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-11 10112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
R3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-08 177504]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2004-12-02 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-05-03 14336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
S3 AR5523;Vigor600 Super G Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-07-27 360256]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-11-10 1041664]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-08-19 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 IBM User Verification Manager;IBM User Verification Manager; C:\Program Files\IBM\Security\uvmserv.exe [2005-05-06 610304]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-11 73782]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 FTP Software FTP Server;FTP Software FTP Server; C:\PROGRA~1\FTPSOF~1\NetSuite\ftpd\ftpd.exe [2005-12-23 107008]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Dobrý večer
Můžu vidět obsah tohoto i toho druhého logu?
C:\TDSSKiller.2.2.8_20.03.2010_16.58.23_log.txt

To Vám poradil kdo, použít tento program.


Otestujte na www.virustotal.com

C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
C:\WINDOWS\system32\_VOIDmfeklnmal.dll
C:\Documents and Settings\All Users\Application Data\_VOIDmainqt.dll


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[hladac]

To Vám poradil kdo, použít tento program.

Ktory program mate na mysli? ten co spravil ten log?

Subory otestovane:
http://www.virustotal.com/analisis/7a11 ... 1269113194
http://www.virustotal.com/analisis/8346 ... 1269113631
http://www.virustotal.com/analisis/8346 ... 1269113631

Můžu vidět obsah tohoto i toho druhého logu?
C:\TDSSKiller.2.2.8_20.03.2010_16.58.23_log.txt

15:28:16:125 2668 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
15:28:16:125 2668 ================================================================================
15:28:16:125 2668 SystemInfo:

15:28:16:125 2668 OS Version: 5.1.2600 ServicePack: 2.0
15:28:16:125 2668 Product type: Workstation
15:28:16:125 2668 ComputerName: DRSR-4FD223749A
15:28:16:125 2668 UserName: Zuzanka
15:28:16:125 2668 Windows directory: C:\WINDOWS
15:28:16:125 2668 Processor architecture: Intel x86
15:28:16:125 2668 Number of processors: 1
15:28:16:125 2668 Page size: 0x1000
15:28:16:125 2668 Boot type: Normal boot
15:28:16:125 2668 ================================================================================
15:28:16:218 2668 UnloadDriverW: NtUnloadDriver error 2
15:28:16:218 2668 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:28:16:359 2668 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:28:16:359 2668 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:28:16:359 2668 wfopen_ex: Trying to KLMD file open
15:28:16:359 2668 wfopen_ex: File opened ok (Flags 2)
15:28:16:359 2668 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:28:16:359 2668 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:28:16:359 2668 wfopen_ex: Trying to KLMD file open
15:28:16:359 2668 wfopen_ex: File opened ok (Flags 2)
15:28:16:359 2668 Initialize success
15:28:16:359 2668
15:28:16:359 2668 Scanning Services ...
15:28:17:109 2668 GetAdvancedServicesInfo: Raw services enum returned 358 services
15:28:17:109 2668
15:28:17:109 2668 Hidden service detected!
15:28:17:109 2668 Service name: _VOIDcxvpetxviq
15:28:17:109 2668 Image path: \systemroot\_VOIDcxvpetxviq\_VOIDd.sys
15:28:17:109 2668 Type "delete" (without quotes) to delete it: 15:29:12:921 2668
15:29:12:921 2668 ScanTDL2Services: By user detect _VOIDcxvpetxviq
15:29:12:921 2668 RegNode HKLM\SYSTEM\ControlSet001\services\_VOIDcxvpetxviq infected by TDSS rootkit ... 15:29:12:921 2668 will be deleted on reboot
15:29:12:921 2668 DeleteTDL2Service: SafeBoot Minimal doesn't infected
15:29:12:921 2668 DeleteTDL2Service: SafeBoot Network doesn't infected
15:29:12:921 2668 RegNode HKLM\SYSTEM\ControlSet003\services\_VOIDcxvpetxviq infected by TDSS rootkit ... 15:29:12:921 2668 will be deleted on reboot
15:29:12:937 2668 DeleteTDL2Service: SafeBoot Minimal doesn't infected
15:29:12:937 2668 DeleteTDL2Service: SafeBoot Network doesn't infected
15:29:12:937 2668 File C:\WINDOWS\_VOIDcxvpetxviq\_VOIDd.sys infected by TDSS rootkit ... 15:29:12:937 2668 will be deleted on reboot
15:29:12:953 2668 ScanTDL2Services: DeleteEvilService(_VOIDcxvpetxviq) success
15:29:12:953 2668 ScanTDL2Services: Heur detect _VOIDd.sys
15:29:12:953 2668 RegNode HKLM\SYSTEM\ControlSet001\services\_VOIDd.sys infected by TDSS rootkit ... 15:29:12:953 2668 will be deleted on reboot
15:29:12:953 2668 DeleteTDL2Service: SafeBoot Minimal doesn't infected
15:29:12:953 2668 DeleteTDL2Service: SafeBoot Network doesn't infected
15:29:12:953 2668 RegNode HKLM\SYSTEM\ControlSet003\services\_VOIDd.sys infected by TDSS rootkit ... 15:29:12:953 2668 will be deleted on reboot
15:29:12:953 2668 DeleteTDL2Service: SafeBoot Minimal doesn't infected
15:29:12:953 2668 DeleteTDL2Service: SafeBoot Network doesn't infected
15:29:12:953 2668 File C:\WINDOWS\system32\drivers\_VOIDyrqqakftap.sys infected by TDSS rootkit ... 15:29:12:953 2668 will be deleted on reboot
15:29:12:968 2668 DeleteTDL2Service: Module enum: Name: _VOIDc. Type: 1
15:29:12:968 2668 File C:\WINDOWS\system32\_VOIDyfdremptxe.dll infected by TDSS rootkit ... 15:29:12:968 2668 will be deleted on reboot
15:29:12:968 2668 DeleteTDL2Service: Module enum: Name: _VOIDd. Type: 1
15:29:12:968 2668 DeleteTDL2Service: Module clone ImagePath, skipping
15:29:12:968 2668 DeleteTDL2Service: Module enum: Name: _VOIDsrcr. Type: 1
15:29:12:968 2668 File C:\WINDOWS\system32\_VOIDmkxgtklfmp.dat infected by TDSS rootkit ... 15:29:12:968 2668 will be deleted on reboot
15:29:12:968 2668 DeleteTDL2Service: Module enum: Name: _voidserf. Type: 1
15:29:12:968 2668 File C:\WINDOWS\system32\_VOIDrkdjuoduen.dll infected by TDSS rootkit ... 15:29:12:968 2668 will be deleted on reboot
15:29:12:984 2668 DeleteTDL2Service: Module enum: Name: _voidbbr. Type: 1
15:29:12:984 2668 File C:\WINDOWS\system32\_VOIDktvgcgxykh.dll infected by TDSS rootkit ... 15:29:12:984 2668 will be deleted on reboot
15:29:12:984 2668 ScanTDL2Services: DeleteEvilService(_VOIDd.sys) success
15:29:12:984 2668
15:29:12:984 2668 Scanning Kernel memory ...
15:29:12:984 2668 Devices to scan: 5
15:29:12:984 2668
15:29:12:984 2668 Driver Name: Disk
15:29:12:984 2668 IRP_MJ_CREATE : F84BAC30
15:29:12:984 2668 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:29:12:984 2668 IRP_MJ_CLOSE : F84BAC30
15:29:12:984 2668 IRP_MJ_READ : F84B4D9B
15:29:12:984 2668 IRP_MJ_WRITE : F84B4D9B
15:29:12:984 2668 IRP_MJ_QUERY_INFORMATION : 804F3418
15:29:12:984 2668 IRP_MJ_SET_INFORMATION : 804F3418
15:29:12:984 2668 IRP_MJ_QUERY_EA : 804F3418
15:29:12:984 2668 IRP_MJ_SET_EA : 804F3418
15:29:12:984 2668 IRP_MJ_FLUSH_BUFFERS : F84B5366
15:29:12:984 2668 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:29:12:984 2668 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:29:12:984 2668 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:29:12:984 2668 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:29:12:984 2668 IRP_MJ_DEVICE_CONTROL : F84B544D
15:29:12:984 2668 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84B8FC3
15:29:12:984 2668 IRP_MJ_SHUTDOWN : F84B5366
15:29:12:984 2668 IRP_MJ_LOCK_CONTROL : 804F3418
15:29:12:984 2668 IRP_MJ_CLEANUP : 804F3418
15:29:12:984 2668 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:29:12:984 2668 IRP_MJ_QUERY_SECURITY : 804F3418
15:29:12:984 2668 IRP_MJ_SET_SECURITY : 804F3418
15:29:12:984 2668 IRP_MJ_POWER : F84B6EF3
15:29:12:984 2668 IRP_MJ_SYSTEM_CONTROL : F84BBA24
15:29:12:984 2668 IRP_MJ_DEVICE_CHANGE : 804F3418
15:29:12:984 2668 IRP_MJ_QUERY_QUOTA : 804F3418
15:29:12:984 2668 IRP_MJ_SET_QUOTA : 804F3418
15:29:13:015 2668 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:29:13:015 2668
15:29:13:015 2668 Driver Name: USBSTOR
15:29:13:015 2668 IRP_MJ_CREATE : F8849218
15:29:13:015 2668 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:29:13:015 2668 IRP_MJ_CLOSE : F8849218
15:29:13:015 2668 IRP_MJ_READ : F884923C
15:29:13:015 2668 IRP_MJ_WRITE : F884923C
15:29:13:015 2668 IRP_MJ_QUERY_INFORMATION : 804F3418
15:29:13:015 2668 IRP_MJ_SET_INFORMATION : 804F3418
15:29:13:015 2668 IRP_MJ_QUERY_EA : 804F3418
15:29:13:015 2668 IRP_MJ_SET_EA : 804F3418
15:29:13:015 2668 IRP_MJ_FLUSH_BUFFERS : 804F3418
15:29:13:015 2668 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:29:13:015 2668 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:29:13:015 2668 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:29:13:015 2668 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:29:13:015 2668 IRP_MJ_DEVICE_CONTROL : F8849180
15:29:13:015 2668 IRP_MJ_INTERNAL_DEVICE_CONTROL : F88449E6
15:29:13:015 2668 IRP_MJ_SHUTDOWN : 804F3418
15:29:13:015 2668 IRP_MJ_LOCK_CONTROL : 804F3418
15:29:13:015 2668 IRP_MJ_CLEANUP : 804F3418
15:29:13:015 2668 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:29:13:015 2668 IRP_MJ_QUERY_SECURITY : 804F3418
15:29:13:015 2668 IRP_MJ_SET_SECURITY : 804F3418
15:29:13:015 2668 IRP_MJ_POWER : F88485F0
15:29:13:015 2668 IRP_MJ_SYSTEM_CONTROL : F8846A6E
15:29:13:015 2668 IRP_MJ_DEVICE_CHANGE : 804F3418
15:29:13:015 2668 IRP_MJ_QUERY_QUOTA : 804F3418
15:29:13:015 2668 IRP_MJ_SET_QUOTA : 804F3418
15:29:13:031 2668 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
15:29:13:031 2668
15:29:13:031 2668 Driver Name: Disk
15:29:13:031 2668 IRP_MJ_CREATE : F84BAC30
15:29:13:031 2668 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:29:13:031 2668 IRP_MJ_CLOSE : F84BAC30
15:29:13:031 2668 IRP_MJ_READ : F84B4D9B
15:29:13:031 2668 IRP_MJ_WRITE : F84B4D9B
15:29:13:031 2668 IRP_MJ_QUERY_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_SET_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_EA : 804F3418
15:29:13:031 2668 IRP_MJ_SET_EA : 804F3418
15:29:13:031 2668 IRP_MJ_FLUSH_BUFFERS : F84B5366
15:29:13:031 2668 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_DEVICE_CONTROL : F84B544D
15:29:13:031 2668 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84B8FC3
15:29:13:031 2668 IRP_MJ_SHUTDOWN : F84B5366
15:29:13:031 2668 IRP_MJ_LOCK_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_CLEANUP : 804F3418
15:29:13:031 2668 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_SECURITY : 804F3418
15:29:13:031 2668 IRP_MJ_SET_SECURITY : 804F3418
15:29:13:031 2668 IRP_MJ_POWER : F84B6EF3
15:29:13:031 2668 IRP_MJ_SYSTEM_CONTROL : F84BBA24
15:29:13:031 2668 IRP_MJ_DEVICE_CHANGE : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_QUOTA : 804F3418
15:29:13:031 2668 IRP_MJ_SET_QUOTA : 804F3418
15:29:13:031 2668 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:29:13:031 2668
15:29:13:031 2668 Driver Name: Disk
15:29:13:031 2668 IRP_MJ_CREATE : F84BAC30
15:29:13:031 2668 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
15:29:13:031 2668 IRP_MJ_CLOSE : F84BAC30
15:29:13:031 2668 IRP_MJ_READ : F84B4D9B
15:29:13:031 2668 IRP_MJ_WRITE : F84B4D9B
15:29:13:031 2668 IRP_MJ_QUERY_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_SET_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_EA : 804F3418
15:29:13:031 2668 IRP_MJ_SET_EA : 804F3418
15:29:13:031 2668 IRP_MJ_FLUSH_BUFFERS : F84B5366
15:29:13:031 2668 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
15:29:13:031 2668 IRP_MJ_DIRECTORY_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_DEVICE_CONTROL : F84B544D
15:29:13:031 2668 IRP_MJ_INTERNAL_DEVICE_CONTROL : F84B8FC3
15:29:13:031 2668 IRP_MJ_SHUTDOWN : F84B5366
15:29:13:031 2668 IRP_MJ_LOCK_CONTROL : 804F3418
15:29:13:031 2668 IRP_MJ_CLEANUP : 804F3418
15:29:13:031 2668 IRP_MJ_CREATE_MAILSLOT : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_SECURITY : 804F3418
15:29:13:031 2668 IRP_MJ_SET_SECURITY : 804F3418
15:29:13:031 2668 IRP_MJ_POWER : F84B6EF3
15:29:13:031 2668 IRP_MJ_SYSTEM_CONTROL : F84BBA24
15:29:13:031 2668 IRP_MJ_DEVICE_CHANGE : 804F3418
15:29:13:031 2668 IRP_MJ_QUERY_QUOTA : 804F3418
15:29:13:031 2668 IRP_MJ_SET_QUOTA : 804F3418
15:29:13:031 2668 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:29:13:031 2668
15:29:13:031 2668 Driver Name: atapi
15:29:13:031 2668 IRP_MJ_CREATE : 82152640
15:29:13:031 2668 IRP_MJ_CREATE_NAMED_PIPE : 82152640
15:29:13:031 2668 IRP_MJ_CLOSE : 82152640
15:29:13:031 2668 IRP_MJ_READ : 82152640
15:29:13:031 2668 IRP_MJ_WRITE : 82152640
15:29:13:031 2668 IRP_MJ_QUERY_INFORMATION : 82152640
15:29:13:031 2668 IRP_MJ_SET_INFORMATION : 82152640
15:29:13:031 2668 IRP_MJ_QUERY_EA : 82152640
15:29:13:031 2668 IRP_MJ_SET_EA : 82152640
15:29:13:031 2668 IRP_MJ_FLUSH_BUFFERS : 82152640
15:29:13:031 2668 IRP_MJ_QUERY_VOLUME_INFORMATION : 82152640
15:29:13:031 2668 IRP_MJ_SET_VOLUME_INFORMATION : 82152640
15:29:13:031 2668 IRP_MJ_DIRECTORY_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_FILE_SYSTEM_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_DEVICE_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_SHUTDOWN : 82152640
15:29:13:031 2668 IRP_MJ_LOCK_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_CLEANUP : 82152640
15:29:13:031 2668 IRP_MJ_CREATE_MAILSLOT : 82152640
15:29:13:031 2668 IRP_MJ_QUERY_SECURITY : 82152640
15:29:13:031 2668 IRP_MJ_SET_SECURITY : 82152640
15:29:13:031 2668 IRP_MJ_POWER : 82152640
15:29:13:031 2668 IRP_MJ_SYSTEM_CONTROL : 82152640
15:29:13:031 2668 IRP_MJ_DEVICE_CHANGE : 82152640
15:29:13:031 2668 IRP_MJ_QUERY_QUOTA : 82152640
15:29:13:031 2668 IRP_MJ_SET_QUOTA : 82152640
15:29:13:046 2668 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
15:29:13:046 2668 Reboot required for cure complete..
15:29:13:093 2668 Cure on reboot scheduled successfully
15:29:13:093 2668
15:29:13:093 2668 Completed
15:29:13:093 2668
15:29:13:093 2668 Results:
15:29:13:093 2668 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
15:29:13:093 2668 Registry objects infected / cured / cured on reboot: 4 / 0 / 4
15:29:13:093 2668 File objects infected / cured / cured on reboot: 6 / 0 / 6
15:29:13:125 2668
15:29:13:125 2668 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:29:13:125 2668 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:29:13:125 2668 KLMD(ARK) unloaded successfully


Dufam, ze je to, co ste potrebovali

[motji]

Ano, je . Myslela jsem ten TDSSkiller, jak jste přišel na to, že ho máte použít (a správně, opravdu máte rootkita z rodiny TDSS)


Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[hladac]

Posielam log.
Co sa tyka toho programu, kamarat to nasiel na internete, ktory mal odstranit problem.

ComboFix 10-03-19.08 - uzivatel 20.03.2010 21:25:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.502.262 [GMT 1:00]
Running from: c:\documents and settings\Zuzanka\Desktop\Potvora.com
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_VOIDmainqt.dll
c:\documents and settings\All Users\Application Data\fiosejgfse.dll
c:\documents and settings\Zuzanka\Application Data\Microsoft\Internet Explorer\Quick Launch\User Protection.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\About.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\Activate.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\Buy.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\Scan.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\Settings.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\Update.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\User Protection Support.lnk
c:\documents and settings\Zuzanka\Start Menu\Programs\User Protection\User Protection.lnk
c:\program files\User Protection
c:\recycler\S-1-5-21-3447452825-602411687-2800460166-500
c:\recycler\S-1-5-21-3650243686-1497328209-1185192998-500
c:\recycler\S-1-5-21-789336058-1770027372-725345543-1003
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\_VOIDmfeklnmal.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 20:25 . 2010-03-20 20:25 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\ESET
2010-03-20 18:28 . 2010-03-20 18:28 -------- d-----w- c:\program files\trend micro
2010-03-20 18:28 . 2010-03-20 18:28 -------- d-----w- C:\rsit
2010-03-20 16:55 . 2010-03-20 16:55 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\Threat Expert
2010-03-20 15:57 . 2010-03-20 17:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-20 15:04 . 2010-03-20 15:04 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Malwarebytes
2010-03-20 14:38 . 2010-03-20 14:38 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Malwarebytes
2010-03-20 14:37 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 14:37 . 2010-03-20 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 14:37 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 14:37 . 2010-03-20 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 14:35 . 2010-03-20 14:35 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\ESET
2010-03-20 13:58 . 2010-03-20 13:58 -------- d-----w- c:\documents and settings\uzivatel\Application Data\ESET
2010-03-20 13:58 . 2010-03-20 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-20 13:55 . 2010-03-20 13:55 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\ESET
2010-03-20 13:53 . 2010-03-20 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-20 13:30 . 2010-03-20 14:29 -------- d-----w- c:\windows\_VOIDcxvpetxviq
2010-03-10 17:49 . 2010-03-10 17:49 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\Turbo_Tube
2010-03-10 17:45 . 2010-03-10 17:45 -------- d-----w- c:\program files\Turbo Tube
2010-02-23 17:48 . 2010-02-23 17:48 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Facebook
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 15:30 . 2006-02-12 11:30 -------- d-----w- c:\program files\EA SPORTS
2010-03-20 14:22 . 2006-01-02 11:40 -------- d-----w- c:\program files\ThinkPad
2010-03-20 14:19 . 2009-12-05 20:05 -------- d-----w- c:\program files\Image-Line
2010-03-20 13:57 . 2006-01-02 12:00 -------- d-----w- c:\program files\Eset
2010-03-18 21:19 . 2009-04-19 10:17 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\gtk-2.0
2010-03-17 19:16 . 2009-03-07 20:49 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\ICQ
2010-03-16 17:36 . 2009-10-10 12:14 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Audacity
2010-03-10 17:45 . 2010-03-10 17:45 9662 ----a-r- c:\documents and settings\Zuzanka\Application Data\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_E171EDC3E7A8E0A63A75D1.exe
2010-03-10 17:45 . 2010-03-10 17:45 9662 ----a-r- c:\documents and settings\Zuzanka\Application Data\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_0BC52E6C9B231563F232D9.exe
2010-02-23 17:48 . 2010-02-23 17:48 50354 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\uninstall.exe
2010-02-02 14:00 . 2009-03-11 16:34 85192 ----a-w- c:\documents and settings\Zuzanka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 14:00 . 2010-02-02 14:00 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Sibelius Software
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-09 14:20 . 2010-01-09 14:18 5 ----a-w- c:\windows\system32\SySatm.dat
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-12-31 16:14 . 2004-08-04 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-22 18:39 . 2004-08-04 12:00 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976]
"ISS_Certtool"="c:\program files\IBM\Security\certtool.exe" [2005-05-06 90112]
"IBM_PWMGR"="c:\program files\IBM\Password Manager\pwmgr.exe" [2005-05-06 208896]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"ACU"="c:\program files\DrayTek Vigor600\ACU.exe" [2005-11-22 335872]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2008-08-29 855040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\uzivatel\Start Menu\Programs\Startup\
wlpd32.lnk - c:\program files\FTP Software\NetSuite\wlpd32.exe [2005-12-23 241152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WordAutomat\\WordAutomat.exe"=
"c:\\Program Files\\FTP Software\\NetSuite\\wlpd32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\DrayTek Vigor600\\ACU.exe"=
"c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22.2.2006 14:16 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22.2.2006 14:16 5248]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2.1.2006 12:41 14208]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 IBMI2CPCD;IBMI2CPCD;c:\program files\SMBUS\ibmi2cpcd.sys [2.1.2006 12:51 12288]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.3.2009 21:50 222456]
R2 smi2;smi2;c:\windows\system32\drivers\smi2.sys [2.1.2006 12:51 3968]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2.1.2006 12:41 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [3.5.2005 19:23 14336]
S3 FTP Software FTP Server;FTP Software FTP Server;c:\progra~1\FTPSOF~1\NetSuite\ftpd\ftpd.exe [23.12.2005 9:10 107008]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-02 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 194.1.122.145:3128
uInternet Settings,ProxyOverride = 194.1.*;10.*;172.*;*.drsr.sk;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{930F1200-F5F1-4870-BAC6-E233EC8E7023} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 21:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81F102E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84b8fc3
\Driver\ACPI -> ACPI.sys @ 0xf8325cb8
\Driver\atapi -> 0x81f102e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\Security\uvmserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\IBM\Security\TssCore.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pelmiced.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-20 21:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 20:46

Pre-Run: 6 267 514 880 bytes free
Post-Run: 8 151 027 712 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 806533ADE618342AB0FB839B83B5B10F

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\windows\_VOIDcxvpetxviq

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.


Budu tu až večer a kouknu na to

[hladac]

Combofix

ComboFix 10-03-19.08 - Zuzanka 21.03.2010 12:56:49.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.502.190 [GMT 1:00]
Running from: c:\documents and settings\Zuzanka\Desktop\Potvora.com
Command switches used :: c:\docume~1\Zuzanka\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\_VOIDcxvpetxviq

.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-20 22:04 . 2010-03-20 22:04 -------- d-----w- c:\program files\ESET
2010-03-20 21:20 . 2010-03-20 21:20 -------- d-----w- c:\windows\system32\scripting
2010-03-20 21:20 . 2010-03-20 21:20 -------- d-----w- c:\windows\l2schemas
2010-03-20 21:20 . 2010-03-20 21:20 -------- d-----w- c:\windows\system32\en
2010-03-20 21:20 . 2010-03-20 21:20 -------- d-----w- c:\windows\system32\bits
2010-03-20 20:25 . 2010-03-20 20:25 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\ESET
2010-03-20 19:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-20 18:28 . 2010-03-20 18:28 -------- d-----w- c:\program files\trend micro
2010-03-20 18:28 . 2010-03-20 18:28 -------- d-----w- C:\rsit
2010-03-20 16:55 . 2010-03-20 16:55 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\Threat Expert
2010-03-20 15:57 . 2010-03-20 17:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-20 15:04 . 2010-03-20 15:04 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Malwarebytes
2010-03-20 14:38 . 2010-03-20 14:38 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Malwarebytes
2010-03-20 14:37 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 14:37 . 2010-03-20 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 14:37 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 14:37 . 2010-03-20 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 14:35 . 2010-03-20 14:35 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\ESET
2010-03-20 13:58 . 2010-03-20 13:58 -------- d-----w- c:\documents and settings\uzivatel\Application Data\ESET
2010-03-20 13:58 . 2010-03-20 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-20 13:55 . 2010-03-20 13:55 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\ESET
2010-03-20 13:53 . 2010-03-20 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-10 17:49 . 2010-03-10 17:49 -------- d-----w- c:\documents and settings\Zuzanka\Local Settings\Application Data\Turbo_Tube
2010-03-10 17:45 . 2010-03-10 17:45 9662 ----a-r- c:\documents and settings\Zuzanka\Application Data\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_E171EDC3E7A8E0A63A75D1.exe
2010-03-10 17:45 . 2010-03-10 17:45 9662 ----a-r- c:\documents and settings\Zuzanka\Application Data\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_0BC52E6C9B231563F232D9.exe
2010-03-10 17:45 . 2010-03-10 17:45 -------- d-----w- c:\program files\Turbo Tube
2010-02-23 17:48 . 2010-02-23 17:48 50354 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\uninstall.exe
2010-02-23 17:48 . 2010-02-23 17:48 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Facebook
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 11:04 . 2009-04-19 10:17 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\gtk-2.0
2010-03-21 10:37 . 2009-03-11 16:34 85192 ----a-w- c:\documents and settings\Zuzanka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 21:24 . 2006-01-02 10:59 6494 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-20 21:24 . 2006-01-02 10:59 167191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-20 15:30 . 2006-02-12 11:30 -------- d-----w- c:\program files\EA SPORTS
2010-03-20 14:22 . 2006-01-02 11:40 -------- d-----w- c:\program files\ThinkPad
2010-03-20 14:19 . 2009-12-05 20:05 -------- d-----w- c:\program files\Image-Line
2010-03-17 19:16 . 2009-03-07 20:49 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\ICQ
2010-03-16 17:36 . 2009-10-10 12:14 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Audacity
2010-02-02 14:00 . 2010-02-02 14:00 -------- d-----w- c:\documents and settings\Zuzanka\Application Data\Sibelius Software
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Zuzanka\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-09 14:20 . 2010-01-09 14:18 5 ----a-w- c:\windows\system32\SySatm.dat
2010-01-08 07:13 . 2010-01-08 07:13 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976]
"ISS_Certtool"="c:\program files\IBM\Security\certtool.exe" [2005-05-06 90112]
"IBM_PWMGR"="c:\program files\IBM\Password Manager\pwmgr.exe" [2005-05-06 208896]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"ACU"="c:\program files\DrayTek Vigor600\ACU.exe" [2005-11-22 335872]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2008-08-29 855040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\uzivatel\Start Menu\Programs\Startup\
wlpd32.lnk - c:\program files\FTP Software\NetSuite\wlpd32.exe [2005-12-23 241152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 19:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WordAutomat\\WordAutomat.exe"=
"c:\\Program Files\\FTP Software\\NetSuite\\wlpd32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\DrayTek Vigor600\\ACU.exe"=
"c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2.1.2006 12:41 14208]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 IBMI2CPCD;IBMI2CPCD;c:\program files\SMBUS\ibmi2cpcd.sys [2.1.2006 12:51 12288]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.3.2009 21:50 222456]
R2 smi2;smi2;c:\windows\system32\drivers\smi2.sys [2.1.2006 12:51 3968]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2.1.2006 12:41 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [3.5.2005 19:23 14336]
S3 FTP Software FTP Server;FTP Software FTP Server;c:\progra~1\FTPSOF~1\NetSuite\ftpd\ftpd.exe [23.12.2005 9:10 107008]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-02 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-User Protection - c:\program files\User Protection\usrprot.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 13:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(1276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
Completion time: 2010-03-21 13:08:46
ComboFix-quarantined-files.txt 2010-03-21 12:08
ComboFix2.txt 2010-03-20 20:47

Pre-Run: 6 498 074 624 bytes free
Post-Run: 6 521 618 432 bytes free

- - End Of File - - 467934F2B93F67147A545232CD7F341E




GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-21 13:30:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Zuzanka\LOCALS~1\Temp\pwdyraog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:572] 8289F930

---- EOF - GMER 1.0.15 ----

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


MBAM

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3890
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.3.2010 14:36:25
mbam-log-2010-03-21 (14-35-59).txt

Typ kontroly: Úplná (C:\|D:\|E:\|)
Objektov kontrolovaných: 252960
Uplynutý cas: 52 minute(s), 52 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 3
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 19

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020293.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020299.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020302.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020303.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020305.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020308.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP287\A0020309.dll (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0020423.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0020424.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0020425.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021447.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021448.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021449.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021460.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021461.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021462.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021498.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021499.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{3AC5DF61-3217-48E3-8762-7F6574F61D04}\RP288\A0021500.exe (Malware.Packer.Gen) -> No action taken.

[motji]

V mbamu vše smažte.
Ještě poprosím o druhý log z Gmeru.
jak to vypadá s počítačem ted?

[hladac]

Pc uz vypada byt v dobrom stave za co Vam velmi dakujem. Posielam este log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-22 01:10:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Zuzanka\LOCALS~1\Temp\pwdyraog.sys


---- System - GMER 1.0.15 ----

SSDT 825528A0 ZwAssignProcessToJobObject
SSDT 82551CB0 ZwOpenProcess
SSDT 825520D0 ZwOpenThread
SSDT 825526D0 ZwSuspendProcess
SSDT 825524F0 ZwSuspendThread
SSDT 82551EE0 ZwTerminateProcess
SSDT 82552310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

? lqcebbq.sys Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[724] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom A9393D20

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\00000097 F8921218

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\USBSTOR \Device\00000098 F8921218
Device \FileSystem\Fastfat \Fat A9393D20

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:584] 82550930

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Zuzanka\Cookies\zuzanka@facebook[2].txt 1161 bytes

---- EOF - GMER 1.0.15 ----

[motji]

Můžu si ještě něco ověřit? Pravděpodobně jen pozůstatek viru, ale pro jistotu

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, pak drivers, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem