Nejdu mi zobrazovat skryte subory

Zpráva

whistler4 · #1 Příspěvek od **whistler4** » 31 bře 2010 06:48

Mam problem, ze mi nejdu zobrazit skryte subory a priecinky. Ak dam klasicky v explorery zobrazovat skryte subory a priecinky a dam aplly nic sa nestane a opatovne mam zaskrtnute nezobrazovat tu je log z RSIT vie mi s tym niekto pomoct?
PS: Som totalna lama tak Vas poprosim aby ste sa v pripade, ze mi poskytnete pomoc, obrnili davkou trpezlivosti bo niektore veci budem potrebovat vysvetlit trocha polopate

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hellboy at 2010-03-31 07:44:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (16%) free of 15 GB
Total RAM: 1015 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:26, on 31. 3. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Mobility Manager\MobilityManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mobility Manager\jre\bin\javaw.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hellboy\Desktop\RSIT.exe
C:\Program Files\trend micro\Hellboy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?g ... uuuuuuuugl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.36.123:80
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Hellboy\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D546CB-B9DC-4A21-92D8-5254211937F9}: NameServer = 172.20.36.123,172.20.83.139
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7158 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-11 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"SigmatelSysTrayApp"=stsystra.exe []
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-01-14 949376]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"pdfFactory Pro Dispatcher v1"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [2003-06-14 376832]
"MobilityManager"=C:\Program Files\Mobility Manager\MobilityManager []
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2005-06-14 30208]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-14 68856]
"Google Update"=C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 133104]
"cdoosoft"=C:\DOCUME~1\Hellboy\LOCALS~1\Temp\herss.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\WINDOWS\system32\Notepad.exe %1
.js - open - C:\WINDOWS\system32\WScript.exe "%1" %*
.vbs - edit - C:\WINDOWS\system32\Notepad.exe %1
.vbs - open - C:\WINDOWS\system32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-31 07:44:08 ----D---- C:\Program Files\trend micro
2010-03-31 07:44:07 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-03-31 07:44:08 ----RD---- C:\Program Files
2010-03-31 07:44:07 ----D---- C:\WINDOWS\Prefetch
2010-03-31 07:13:40 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-31 07:12:28 ----D---- C:\WINDOWS\Temp
2010-03-31 07:12:18 ----D---- C:\Program Files\Mozilla Firefox
2010-03-30 15:51:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 14:44:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 08:05:28 ----D---- C:\WINDOWS\system32
2010-03-29 08:05:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 11:12:24 ----D---- C:\WINDOWS
2010-03-11 16:41:09 ----D---- C:\Documents and Settings\Hellboy\Application Data\Skype
2010-03-11 12:53:37 ----D---- C:\Documents and Settings\Hellboy\Application Data\skypePM
2010-03-09 12:32:09 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-10-15 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-01-14 15424]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2005-06-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-01-14 512096]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-15 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 FlrnUSB;Flarion USB Network Interface; C:\WINDOWS\system32\DRIVERS\FlrnUSB.sys [2008-05-14 41907]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-15 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-06-14 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-10-15 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-15 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2005-06-14 5888]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-04-27 1164600]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2008-01-14 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2008-01-14 7808]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-11 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-09-01 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-11 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 a0o6c5kq;a0o6c5kq; C:\WINDOWS\system32\drivers\a0o6c5kq.sys []
S3 AR5211;SMC Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-03-27 543712]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-02-17 70144]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2005-06-14 67584]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2005-06-14 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2005-06-14 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-06-14 26496]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 19472]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-01-14 552064]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-02-01 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2005-06-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-05-09 6656]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 31 bře 2010 07:17

Dobré ranko

Nějaké pozůstatky po viru tam vidím

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

whistler4 · #3 Příspěvek od **whistler4** » 31 bře 2010 08:44

Wow dakujeeeeeeeeeeeeem za radu. Zobrazovanie skrytych suborov uz fici, tu je este ten loh z combo fixu

ComboFix 10-03-29.04 - Hellboy . 03. 2010 9:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1015.709 [GMT 2:00]
Running from: c:\documents and settings\Hellboy\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hellboy\Favorites\Online Security Test.url
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\system32\reboot.txt

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 07:18 . 2010-03-31 07:18 -------- d-----w- c:\program files\CCleaner
2010-03-31 05:44 . 2010-03-31 05:44 -------- d-----w- c:\program files\trend micro
2010-03-31 05:44 . 2010-03-31 05:44 -------- d-----w- C:\rsit
2010-03-29 12:01 . 2010-03-29 12:01 -------- d-----w- c:\documents and settings\Hellboy\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 14:41 . 2008-01-14 18:34 -------- d-----w- c:\documents and settings\Hellboy\Application Data\Skype
2010-03-11 10:53 . 2008-01-14 20:12 -------- d-----w- c:\documents and settings\Hellboy\Application Data\skypePM
2010-02-24 09:21 . 2008-01-14 17:48 24128 ----a-w- c:\documents and settings\Hellboy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 10:33 . 2008-03-13 16:24 -------- d-----w- c:\program files\VideoLAN
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Hellboy\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-03-06 19:49 . 2008-01-14 11:45 265216 ----a-w- c:\program files\ShutDownAt2.exe
2007-01-24 19:16 . 2008-01-14 11:44 628736 ----a-w- c:\program files\netscan_v3.1.exe
2005-04-22 06:04 . 2008-01-14 11:44 1850368 ----a-w- c:\program files\CHAT!!!.EXE
2002-11-14 23:07 . 2008-01-14 18:58 4722832 ----a-w- c:\program files\Sentinel.msstyles
.

------- Sigcheck -------

[-] 2006-10-15 . C218977C0E898118D92F9B487DA150DC . 1183744 . . [6.00.2900.2894] . . c:\windows\explorer.exe
[-] 2006-10-15 . C218977C0E898118D92F9B487DA150DC . 1183744 . . [6.00.2900.2894] . . c:\windows\system32\dllcache\explorer.exe
[7] 2006-10-15 . 42D32722B805D7DF42D30487A0BCBD78 . 1033216 . . [6.00.2900.2894] . . c:\windows\XPize\Backup\explorer.exe

[-] 2005-06-14 . DE8FA9CF18F95341079C7E6A215C226A . 30208 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2005-06-14 . DE8FA9CF18F95341079C7E6A215C226A . 30208 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
[7] 2005-06-14 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"Google Update"="c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobilityManager"="c:\program files\Mobility Manager\MobilityManager" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-14 949376]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2003-06-14 376832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2005-06-14 30208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Hellboy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Hellboy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 14:46 63352]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14. 1. 2008 21:41 15424]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [7. 8. 2008 9:40 40960]
R3 FlrnUSB;Flarion USB Network Interface;c:\windows\system32\drivers\FlrnUSB.sys [7. 8. 2008 9:40 41907]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [9. 8. 2006 15:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [9. 8. 2006 15:15 7808]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5. 6. 2008 8:50 611064]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [19. 6. 2007 7:51 81832]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{63MAD6M8-1MAD-81AD-JIM6-26OP5G1234585}]
2009-12-21 08:46 0 ----a-w- c:\doda\JENE\NeST.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003Core.job
- c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 13:05]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003UA.job
- c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 13:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pimpmysearch.com/home.html?gname=Guuuuuuuuuuuuuuugl
uInternet Settings,ProxyServer = 172.20.36.123:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {C4D546CB-B9DC-4A21-92D8-5254211937F9} = 172.20.36.123,172.20.83.139
FF - ProfilePath - c:\documents and settings\Hellboy\Application Data\Mozilla\Firefox\Profiles\xcwe1m8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\Hellboy\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - stsystra.exe
ActiveSetup-{08B0E5C0-4FCB-11CF-AAX5-00401C608512} - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D90938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf756cf10
\Driver\ACPI -> ACPI.sys @ 0xf73dfcb8
\Driver\atapi -> 0x86d90938
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058243a
ParseProcedure -> ntkrnlpa.exe @ 0x8058157a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058243a
ParseProcedure -> ntkrnlpa.exe @ 0x8058157a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-03-31 09:41:10
ComboFix-quarantined-files.txt 2010-03-31 07:41

Pre-Run: 4 497 059 840 bytes free
Post-Run: 5 721 976 832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot /bootlogo

- - End Of File - - 14C1D7948400F3F2916BB5891F240823

#4 Příspěvek od **motji** » 31 bře 2010 09:20

Otestujte na www.virustotal.com

c:\program files\CHAT!!!.EXE
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\doda\JENE\NeST.exe

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Používáte Daemon nebo alcohol?

whistler4 · #5 Příspěvek od **whistler4** » 31 bře 2010 09:34

Nuz tak tu to je

File CHAT___.EXE received on 2010.03.31 08:25:43 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)

File explorer.exe received on 2010.03.31 08:28:22 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)

File ctfmon.exe received on 2010.03.31 08:29:42 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/42 (2.39%)

Antiy-AVL 2.0.3.7 2010.03.31 Trojan/Win32.Agent2.gen

c:\doda\JENE\NeST.exe

0 bytes size received / Se ha recibido un archivo vacio

pouzivam deamon tool

#6 Příspěvek od **motji** » 31 bře 2010 09:49

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Restore::
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe

File::
c:\doda\JENE\NeST.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{63MAD6M8-1MAD-81AD-JIM6-26OP5G1234585}]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

whistler4 · #7 Příspěvek od **whistler4** » 31 bře 2010 10:22

Ok tu je log

ComboFix 10-03-29.04 - Hellboy . 03. 2010 11:11:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1015.707 [GMT 2:00]
Running from: c:\documents and settings\Hellboy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hellboy\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active

FILE ::
"c:\doda\JENE\NeST.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\doda\JENE\NeST.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\XPize\Backup\explorer.exe

Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\XPize\Backup\ctfmon.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 07:18 . 2010-03-31 07:18 -------- d-----w- c:\program files\CCleaner
2010-03-31 05:44 . 2010-03-31 05:44 -------- d-----w- c:\program files\trend micro
2010-03-31 05:44 . 2010-03-31 05:44 -------- d-----w- C:\rsit
2010-03-29 12:01 . 2010-03-29 12:01 -------- d-----w- c:\documents and settings\Hellboy\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 09:15 . 2010-03-31 09:15 0 ----a-w- c:\documents and settings\Hellboy\MobilityManager.tmp
2010-03-11 14:41 . 2008-01-14 18:34 -------- d-----w- c:\documents and settings\Hellboy\Application Data\Skype
2010-03-11 10:53 . 2008-01-14 20:12 -------- d-----w- c:\documents and settings\Hellboy\Application Data\skypePM
2010-02-24 09:21 . 2008-01-14 17:48 24128 ----a-w- c:\documents and settings\Hellboy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 10:33 . 2008-03-13 16:24 -------- d-----w- c:\program files\VideoLAN
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Hellboy\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-03-06 19:49 . 2008-01-14 11:45 265216 ----a-w- c:\program files\ShutDownAt2.exe
2007-01-24 19:16 . 2008-01-14 11:44 628736 ----a-w- c:\program files\netscan_v3.1.exe
2005-04-22 06:04 . 2008-01-14 11:44 1850368 ----a-w- c:\program files\CHAT!!!.EXE
2002-11-14 23:07 . 2008-01-14 18:58 4722832 ----a-w- c:\program files\Sentinel.msstyles
.

((((((((((((((((((((((((((((( SnapShot@2010-03-31_07.39.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-31 09:15 . 2010-03-31 09:15 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2005-06-14 12:00 . 2005-06-14 12:00 15360 c:\windows\system32\ctfmon.exe
+ 2006-10-15 18:48 . 2006-10-15 18:48 1033216 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"Google Update"="c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobilityManager"="c:\program files\Mobility Manager\MobilityManager" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 573440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-01-14 949376]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2003-06-14 376832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2005-06-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Hellboy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Hellboy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 14:46 63352]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14. 1. 2008 21:41 15424]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [7. 8. 2008 9:40 40960]
R3 FlrnUSB;Flarion USB Network Interface;c:\windows\system32\drivers\FlrnUSB.sys [7. 8. 2008 9:40 41907]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [9. 8. 2006 15:15 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [9. 8. 2006 15:15 7808]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [19. 6. 2007 7:51 81832]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5. 6. 2008 8:50 611064]
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003Core.job
- c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 13:05]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003UA.job
- c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 13:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pimpmysearch.com/home.html?gname=Guuuuuuuuuuuuuuugl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 172.20.36.123:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: {C4D546CB-B9DC-4A21-92D8-5254211937F9} = 172.20.36.123,172.20.83.139
FF - ProfilePath - c:\documents and settings\Hellboy\Application Data\Mozilla\Firefox\Profiles\xcwe1m8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\Hellboy\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Hellboy\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 11:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F90410]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf762cf10
\Driver\ACPI -> ACPI.sys @ 0xf749fcb8
\Driver\atapi -> 0x86f90410
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058243a
ParseProcedure -> ntkrnlpa.exe @ 0x8058157a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058243a
ParseProcedure -> ntkrnlpa.exe @ 0x8058157a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2940)
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mobility Manager\MobilityManager.exe
c:\program files\Mobility Manager\jre\bin\javaw.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2010-03-31 11:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-31 09:18
ComboFix2.txt 2010-03-31 07:41

Pre-Run: 5 647 675 392 bytes free
Post-Run: 5 611 937 792 bytes free

- - End Of File - - 2E1DFDDCEE8C01ECB8C19B7E523509D3

#8 Příspěvek od **motji** » 31 bře 2010 10:24

Ještě Vás budu chvilku trápit, potřebuji si něco ověřit.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

whistler4 · #9 Příspěvek od **whistler4** » 31 bře 2010 10:44

Nejde mi stiahnut to sptd, dam downloadnut spyta sa ci chcem ulozit dam yes okienko zmizne a to je vsetko nic nestiahne

#10 Příspěvek od **motji** » 31 bře 2010 10:48

Mě se stahnul

, máte ho v příloze v raru

whistler4 · #11 Příspěvek od **whistler4** » 31 bře 2010 11:43

Fuu to uz vela info na mna

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-31 12:30:13
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Hellboy\LOCALS~1\Temp\fxldqpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF7487000, 0xC58, 0x40000040]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA8609F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F538E0
Device \Driver\atapi \Device\Ide\IdePort0 86F538E0
Device \Driver\atapi \Device\Ide\IdePort1 86F538E0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86F538E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xA3 0x4F 0x5C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA8 0x1E 0x32 0x6A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x87 0x54 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xA3 0x4F 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA8 0x1E 0x32 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x87 0x54 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xA3 0x4F 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA8 0x1E 0x32 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x87 0x54 0x80 ...

---- EOF - GMER 1.0.15 ----

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

a daaal ?

#12 Příspěvek od **motji** » 31 bře 2010 11:47

tak dobře, já už Vás přestanu trápit

znáte tuto stránku?
hxxp://www.pimpmysearch.com/home.html?g ... uuuuuuuugl

Jak to vypadá s počítačem? Pokud je vše v pořádku, už jen uklidíme po použitých pogramech

whistler4 · #13 Příspěvek od **whistler4** » 31 bře 2010 11:52

Secenko ide dokonca aj vyhladavanie ktore mi predtym nezobrazovalo ziadny panel s nastrojmi uz fici .... tu stranku pimpmysearch poznam. Takze vyzera to ze uz je snad vsetko ako ma byt. Dokonca to vyriesilo aj problem so system restore bo predtym mi nesiel spustit

klaniam sa pred pocitacovymi senseimi zvlast ak su to zeny

#14 Příspěvek od **motji** » 31 bře 2010 11:53

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

whistler4 · #15 Příspěvek od **whistler4** » 31 bře 2010 12:08

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hellboy at 2010-03-31 13:05:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (42%) free of 15 GB
Total RAM: 1015 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:11, on 31. 3. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\Program Files\Mobility Manager\MobilityManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mobility Manager\jre\bin\javaw.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hellboy\Desktop\RSIT.exe
C:\Program Files\trend micro\Hellboy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?g ... uuuuuuuugl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.36.123:80
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D546CB-B9DC-4A21-92D8-5254211937F9}: NameServer = 172.20.36.123,172.20.83.139
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7122 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1801674531-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-31 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-11 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-03-31 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-31 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-04-17 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-01-14 949376]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"pdfFactory Pro Dispatcher v1"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [2003-06-14 376832]
"MobilityManager"=C:\Program Files\Mobility Manager\MobilityManager []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-14 68856]
"Google Update"=C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Hellboy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\WINDOWS\system32\Notepad.exe %1
.vbs - edit - C:\WINDOWS\system32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-31 13:05:56 ----D---- C:\rsit
2010-03-31 13:05:56 ----D---- C:\Program Files\trend micro
2010-03-31 11:28:21 ----SHD---- C:\RECYCLER
2010-03-31 09:36:10 ----A---- C:\Boot.bak
2010-03-31 09:36:05 ----RASHD---- C:\cmdcons
2010-03-31 09:18:13 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2010-03-31 13:05:56 ----RD---- C:\Program Files
2010-03-31 13:04:15 ----D---- C:\WINDOWS\Temp
2010-03-31 13:04:15 ----D---- C:\WINDOWS
2010-03-31 13:03:02 ----D---- C:\WINDOWS\Prefetch
2010-03-31 12:33:05 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 11:55:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-31 11:55:06 ----D---- C:\WINDOWS\system32\drivers
2010-03-31 11:54:30 ----SHD---- C:\WINDOWS\Installer
2010-03-31 11:54:27 ----D---- C:\Program Files\Google
2010-03-31 11:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-31 11:53:15 ----D---- C:\Program Files\Common Files
2010-03-31 11:33:47 ----HD---- C:\WINDOWS\inf
2010-03-31 11:16:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-31 11:15:55 ----A---- C:\WINDOWS\system.ini
2010-03-31 11:13:16 ----D---- C:\WINDOWS\system32
2010-03-31 11:13:16 ----D---- C:\WINDOWS\AppPatch
2010-03-31 11:11:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 11:05:43 ----D---- C:\WINDOWS\system32\config
2010-03-31 09:36:11 ----RASH---- C:\boot.ini
2010-03-31 09:23:32 ----D---- C:\WINDOWS\Minidump
2010-03-31 09:23:32 ----D---- C:\WINDOWS\Debug
2010-03-29 08:05:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-11 16:41:09 ----D---- C:\Documents and Settings\Hellboy\Application Data\Skype
2010-03-11 12:53:37 ----D---- C:\Documents and Settings\Hellboy\Application Data\skypePM
2010-03-09 12:32:09 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-10-15 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-01-14 15424]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2005-06-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-01-14 512096]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-15 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 FlrnUSB;Flarion USB Network Interface; C:\WINDOWS\system32\DRIVERS\FlrnUSB.sys [2008-05-14 41907]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-15 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-06-14 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-10-15 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-15 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2005-06-14 5888]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-04-27 1164600]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2008-01-14 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2008-01-14 7808]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-09-11 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-09-01 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-11 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2005-06-14 73472]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AR5211;SMC Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-03-27 543712]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Hellboy\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-02-17 70144]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2005-06-14 67584]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2005-06-14 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2005-06-14 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-06-14 26496]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2007-03-05 19472]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-01-14 552064]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-02-01 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2005-06-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-31 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-05-09 6656]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]

-----------------EOF-----------------

a pocitac sa ma skvele a ja vam moc dakujem a posielam velkyyyy boztek na nostek

VIRY.CZ

Nejdu mi zobrazovat skryte subory

Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory

Re: Nejdu mi zobrazovat skryte subory