Prosím o kontrolu logu

[malamala]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[Caroprd111]

Jak to vypadá s PC

[malamala]

Google Chrome již jde a NOD 32 neukazuje žádné hlášky o zablokování adresy. Asi vše v pořádku. Velmi, ale opravdu velmi děkuji. M.
Jakým způsobem jsem to svinstvo dopravil do počítače? NOD 32 je pořád zapnut.

[Caroprd111]

Poprosím o nový log z RSIT. Asi z nějakého škodlivého webu, cracku, přílohy e-mailu atp. Žádný antivir není všemocný.

[malamala]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Milan at 2010-04-10 13:44:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (22%) free of 76 GB
Total RAM: 758 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:24, on 10.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
c:\Dowl\Antivir-HIJACK\RSIT.exe
C:\Program Files\trend micro\Milan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.flashget.com/index_en.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\webgencz\602FSVC8.EXE (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 4938 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-04-24 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-04-24 610304]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2002-12-02 32768]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2003-01-09 57418]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2002-10-23 163840]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2003-01-09 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-08-01 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\Advanced SystemCare 3\AWC.exe [2009-04-27 2329936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-02-14 88107]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-08-01 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLAN Monitor]
C:\Program Files\GPRS WLAN dongle\Wlan.exe [2004-05-12 2359296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Milan^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-05-15 384512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Dowl\Adobe Acrobat\P._Foxit_PDF_Editor_by_yd.exe"="C:\Dowl\Adobe Acrobat\P._Foxit_PDF_Editor_by_yd.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-10 13:40:01 ----SHD---- C:\RECYCLER
2010-04-10 13:22:47 ----D---- C:\Avenger
2010-04-10 13:22:46 ----A---- C:\avenger.txt
2010-04-10 13:03:02 ----A---- C:\ComboFix.txt
2010-04-10 08:18:30 ----D---- C:\Documents and Settings\Milan\Data aplikací\Google Chrome Backup
2010-04-10 08:18:17 ----D---- C:\Program Files\Google Chrome Backup
2010-04-09 22:46:11 ----D---- C:\Program Files\VS Revo Group
2010-04-09 21:31:17 ----A---- C:\WINDOWS\MBR.exe
2010-04-09 21:31:16 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-09 21:31:11 ----A---- C:\WINDOWS\PEV.exe
2010-04-09 21:31:10 ----A---- C:\WINDOWS\zip.exe
2010-04-09 21:31:10 ----A---- C:\WINDOWS\SWREG.exe
2010-04-09 21:31:10 ----A---- C:\WINDOWS\grep.exe
2010-04-09 21:31:09 ----A---- C:\WINDOWS\sed.exe
2010-04-09 21:31:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-09 21:31:08 ----A---- C:\WINDOWS\SWSC.exe
2010-04-09 21:30:46 ----D---- C:\WINDOWS\ERDNT
2010-04-09 21:29:01 ----D---- C:\Qoobox
2010-04-09 21:06:31 ----D---- C:\_OTL
2010-04-09 20:18:53 ----D---- C:\Program Files\trend micro
2010-04-09 20:18:52 ----D---- C:\rsit
2010-04-09 20:10:33 ----D---- C:\Program Files\ESET
2010-04-07 20:37:40 ----D---- C:\Program Files\Seznam.cz
2010-03-27 15:25:19 ----HD---- C:\Program Files\Uninstall Information
2010-03-27 15:19:54 ----D---- C:\WINDOWS\WBEM
2010-03-27 15:18:15 ----HDC---- C:\WINDOWS\ie8
2010-03-26 14:40:43 ----D---- C:\Program Files\Xenocode
2010-03-19 08:31:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 18:54:17 ----D---- C:\Documents and Settings\Milan\Data aplikací\Divo Games
2010-03-17 14:44:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-17 14:44:03 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 1 months======

2010-04-10 13:43:51 ----D---- C:\Dowl
2010-04-10 13:42:59 ----D---- C:\WINDOWS\Temp
2010-04-10 13:37:11 ----D---- C:\Zálohy09
2010-04-10 13:29:32 ----A---- C:\WINDOWS\WINCMD.INI
2010-04-10 13:23:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-10 13:22:47 ----D---- C:\WINDOWS\system32\drivers
2010-04-10 13:22:47 ----D---- C:\WINDOWS\system32
2010-04-10 13:05:31 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-10 13:02:02 ----SD---- C:\WINDOWS\Tasks
2010-04-10 13:00:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 12:57:49 ----D---- C:\WINDOWS
2010-04-10 12:57:49 ----A---- C:\WINDOWS\system.ini
2010-04-10 12:52:32 ----D---- C:\WINDOWS\AppPatch
2010-04-10 12:52:30 ----D---- C:\Program Files\Common Files
2010-04-10 12:46:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-10 11:57:29 ----D---- C:\Program Files\Trell2010
2010-04-10 11:57:16 ----D---- C:\Program Files\Atreides700
2010-04-10 11:25:59 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-10 10:45:47 ----RSD---- C:\WINDOWS\assembly
2010-04-10 08:18:17 ----RD---- C:\Program Files
2010-04-10 08:17:54 ----SHD---- C:\WINDOWS\Installer
2010-04-10 08:17:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-10 08:15:28 ----D---- C:\WINDOWS\Prefetch
2010-04-10 08:14:25 ----D---- C:\WINDOWS\WinSxS
2010-04-10 08:13:50 ----HD---- C:\WINDOWS\inf
2010-04-10 08:13:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-10 08:13:29 ----D---- C:\WINDOWS\system32\mui
2010-04-10 08:13:29 ----D---- C:\Program Files\Internet Explorer
2010-04-10 08:13:18 ----D---- C:\WINDOWS\pchealth
2010-04-09 23:16:55 ----D---- C:\Documents and Settings\Milan\Data aplikací\ICQ
2010-04-09 23:00:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-04-09 21:07:36 ----D---- C:\WINDOWS\system32\Restore
2010-04-09 15:03:19 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-04-09 12:19:18 ----D---- C:\Zajo
2010-04-07 19:17:03 ----D---- C:\Program Files\Advanced SystemCare 3
2010-04-06 17:10:33 ----D---- C:\totalcmd
2010-04-06 13:48:27 ----D---- C:\Alpy09-010
2010-04-05 21:19:32 ----D---- C:\RC model
2010-04-05 17:29:07 ----D---- C:\A-0bchod
2010-04-04 20:59:04 ----D---- C:\Program Files\Trell
2010-03-29 11:29:55 ----D---- C:\Ucto
2010-03-27 15:25:12 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-27 15:25:12 ----D---- C:\WINDOWS\Help
2010-03-27 15:19:46 ----D---- C:\WINDOWS\Media
2010-03-23 01:04:02 ----D---- C:\Program Files\Amara - Flash Slide Show Builder
2010-03-21 16:22:52 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-19 08:31:33 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-18 18:58:05 ----D---- C:\Game
2010-03-17 18:46:23 ----D---- C:\Documents and Settings\Milan\Data aplikací\Thinstall
2010-03-17 15:01:11 ----D---- C:\Hudba
2010-03-13 18:10:06 ----D---- C:\Web data
2010-03-12 11:46:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-03-11 22:14:52 ----D---- C:\Documents and Settings\Milan\Data aplikací\Skype
2010-03-11 17:07:29 ----D---- C:\Documents and Settings\Milan\Data aplikací\skypePM
2010-03-11 10:54:28 ----D---- C:\Documents and Settings\Milan\Data aplikací\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 8843]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 2920]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-02-14 1169792]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2002-12-17 42368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 cs429x;Cirrus Logic WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2003-07-14 111168]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-04-24 270448]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-03-08 1657344]
R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver; C:\WINDOWS\System32\Drivers\WBMS.SYS [2002-11-07 30208]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver; C:\WINDOWS\System32\Drivers\WBSD.SYS [2002-11-28 25600]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-04-23 33335]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\mbr.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 Scfilter;Scfilter; C:\WINDOWS\System32\Drivers\Scfilter.sys [2004-03-04 26485]
S3 SOLOMONFastUSB(R);SOLOMON FastUSB(R) Service for SOLOMON Scwi211b USB Wireless Lan; C:\WINDOWS\system32\DRIVERS\scwi211bx.sys [2004-03-26 122496]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Solomon USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-12-11 68096]

-----------------EOF-----------------

[Caroprd111]

Doporučuji odinstalovat Advanced SystemCare 3.


Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe


Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

[malamala]

děkuji, hezký víkend

[Caroprd111]

Nemáte zač