Nejde internet a pošta (jinak síť ano), havaruje NOD32

[faltik]

Dobrý den,

ve firmě si s kolegy nevíme rady. Již několik dní se nám zde na starších počítačích s Win2000 objevují následující problémy:

- Nenačítají se stránky v prohlížeči (ať je to IE, FF nebo ostatní), jako kdyby na pc nebyl internet
- Nefunguje pošta v Outlooku
- NOD32 hlásí "Chyba při komunikaci s jádrem systému" a nespustí se

Co je však na druhou stranu zarážející:

- Funguje síť, na počítače lze pingnout i připojit se pomocí vzdálené správy a uživatelé na nich zároveň mohou pracovat s programy, které se připojují na firemní server
- Funguje Icq
- Občas vše funguje chvíli po restartu, ale zhruba do deseti minut to padne

Dle nějakých rad z ostatních topiců zde na fóru (např. tady + tady) jsem na několika počítačích tento problém vyřešil, avšak na jednom se po chvíli vrací stále zpátky a bojím se, že se brzo ozvou i další.

Ještě jednou podotýkám, že se jedná pouze o stanice s Win2000, na ostatních se tento problém neobjevuje. Předem děkuji za odpověď.

[JaRon]

z toho PC, kde sa problem vracia vloz log RSIT ,,, a uvidime

[faltik]

Logfile of random's system information tool 1.06 (written by random/random)
Run by administrator at 2010-04-09 10:13:59
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 35 GB (91%) free of 38 GB
Total RAM: 510 MB (61% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"IgfxTray"=C:\WINNT\system32\igfxtray.exe [2002-09-09 155648]
"HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2002-09-09 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2002-09-09 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceStartMenuLogOff"=1
"DisablePersonalDirChange"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-09 08:48:41 ----D---- C:\Program Files\trend micro
2010-04-09 08:48:40 ----D---- C:\rsit
2010-04-09 08:48:08 ----A---- C:\RSIT.exe
2010-04-09 08:33:29 ----SHD---- C:\RECYCLER
2010-04-09 08:32:26 ----SD---- C:\ComboFix
2010-04-08 13:35:10 ----D---- C:\WINNT\temp
2010-04-08 13:19:28 ----A---- C:\WINNT\system32\comres.dll
2010-04-08 13:14:57 ----N---- C:\comres.dll
2010-04-01 14:06:53 ----A---- C:\mbam-setup.exe
2010-04-01 13:59:23 ----HD---- C:\WINNT\PIF
2010-04-01 11:56:01 ----A---- C:\WINNT\MBR.exe
2010-04-01 11:56:00 ----A---- C:\WINNT\NIRCMD.exe
2010-04-01 11:55:55 ----A---- C:\WINNT\PEV.exe
2010-04-01 11:55:54 ----A---- C:\WINNT\zip.exe
2010-04-01 11:55:54 ----A---- C:\WINNT\SWREG.exe
2010-04-01 11:55:53 ----A---- C:\WINNT\sed.exe
2010-04-01 11:55:53 ----A---- C:\WINNT\grep.exe
2010-04-01 11:55:52 ----A---- C:\WINNT\SWSC.exe
2010-04-01 11:55:51 ----A---- C:\WINNT\SWXCACLS.exe
2010-04-01 11:55:45 ----D---- C:\WINNT\ERDNT
2010-04-01 11:54:55 ----D---- C:\Qoobox
2010-04-01 11:03:44 ----D---- C:\WINNT\system32\BITS
2010-04-01 11:03:37 ----A---- C:\WINNT\system32\qmgrprxy.dll
2010-04-01 11:03:36 ----N---- C:\WINNT\system32\qmgr.dll
2010-04-01 10:03:44 ----RA---- C:\WINNT\system32\IntelNic.dll
2010-04-01 10:03:43 ----RA---- C:\WINNT\system32\Prounstl.exe
2010-04-01 10:01:34 ----D---- C:\TempEI4
2010-03-31 12:35:34 ----D---- C:\Documents and Settings\Administrator.KARSIT\Data aplikací\Mozilla
2010-03-31 12:35:26 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 08:38:14 ----D---- C:\apps

======List of files/folders modified in the last 1 months======

2010-04-09 08:48:41 ----RAD---- C:\Program Files
2010-04-09 08:33:56 ----AD---- C:\WINNT\system32
2010-04-09 08:33:31 ----A---- C:\WINNT\SchedLgU.Txt
2010-04-09 08:26:53 ----SHD---- C:\WINNT\Installer
2010-04-09 08:26:47 ----D---- C:\Program Files\Outlook Express
2010-04-09 08:26:47 ----D---- C:\Program Files\Common Files\System
2010-04-09 08:26:47 ----D---- C:\Program Files\Common Files\Services
2010-04-09 08:26:47 ----AD---- C:\WINNT
2010-04-09 08:26:47 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2010-04-09 08:26:47 ----AD---- C:\Program Files\Common Files
2010-04-09 08:26:47 ----A---- C:\WINNT\OEWABLog.txt
2010-04-09 08:25:48 ----AD---- C:\maxcs32
2010-04-08 16:29:36 ----AD---- C:\WINNT\security
2010-04-08 13:33:35 ----A---- C:\WINNT\system.ini
2010-04-08 13:32:05 ----AD---- C:\WINNT\system32\drivers
2010-04-08 13:32:05 ----AD---- C:\WINNT\AppPatch
2010-04-08 13:06:04 ----AD---- C:\WINNT\Debug
2010-04-08 13:05:19 ----D---- C:\WINNT\system32\NtmsData
2010-04-06 10:02:09 ----SHD---- C:\WINNT\CSC
2010-04-01 14:32:46 ----RASHDC---- C:\WINNT\system32\dllcache
2010-04-01 14:32:44 ----SD---- C:\WINNT\Web
2010-04-01 11:11:01 ----HD---- C:\WINNT\inf
2010-04-01 11:03:51 ----A---- C:\WINNT\imsins.BAK
2010-04-01 11:01:23 ----AD---- C:\PCINFO
2010-04-01 10:01:57 ----SD---- C:\WINNT\Downloaded Program Files
2010-03-31 12:59:55 ----AD---- C:\WINNT\system32\config
2010-03-31 12:34:37 ----SD---- C:\Documents and Settings\Administrator.KARSIT\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2002-09-16 91678]
R1 ehdrv;ehdrv; C:\WINNT\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINNT\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R2 eamon;eamon; C:\WINNT\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 vnccom;vnccom; C:\WINNT\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2002-09-16 71514]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.KAR\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\system32\DRIVERS\e100bnt5.sys [2002-02-25 139536]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\ialmnt5.sys [2002-09-16 79323]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINNT\system32\DRIVERS\SMBios.sys [2003-06-18 35012]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINNT\system32\drivers\STAC97.sys [2002-08-12 179664]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINNT\system32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINNT\system32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0; C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 49776]
R3 vncdrv;vncdrv; C:\WINNT\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 BIFLAK;BIFLAK; \??\C:\PCINFO\biflak.sys []
S3 ccdecode;Dekodér Closed Caption; C:\WINNT\system32\drivers\ccdecode.sys [2001-10-08 15264]
S3 cpuz126;cpuz126; \??\C:\DOCUME~1\ADMINI~1.KAR\LOCALS~1\Temp\cpuz.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1.KAR\LOCALS~1\Temp\mbr.sys []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2001-10-30 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]

-----------------EOF-----------------

[JaRon]

pouzi WinSockFix http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 po pouziti je potrebne nastavit TCP/IP

[faltik]

Tak po použití + restartu funguje (píšu přímo z toho PC), uvidíme jak dlouho. Mám poslat znovu nějaký log?

A ještě bych se chtěl zeptat, čím mohl tento problém vzniknout, případně jak se proti němu preventivně bránit? Jelikož se mi to mezitím objevilo na další stanici...

Prozatím děkuji.

[JaRon]

taketo problemy vznikaju poskodenim protokolu TCP/IP - moze sposobit virus, ale nemusi
nemas zac

[faltik]

Zdravím, tak problém je zpět. Spustil jsem WinSockFix, po restartu to chvíli fungovalo - v tu chvíli jsem spustit RSIT, log je zde:

Logfile of random's system information tool 1.06 (written by random/random)
Run by administrator at 2010-04-13 07:23:07
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 35 GB (91%) free of 38 GB
Total RAM: 510 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:41, on 13.4.2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\RSIT.exe
C:\Program Files\trend micro\administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = karsit.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = karsit.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = karsit.local
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 3467 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"IgfxTray"=C:\WINNT\system32\igfxtray.exe [2002-09-09 155648]
"HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2002-09-09 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2002-09-09 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceStartMenuLogOff"=1
"DisablePersonalDirChange"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-13 07:11:29 ----SD---- C:\ComboFix
2010-04-09 11:45:14 ----A---- C:\winsockxpfix.exe
2010-04-09 08:48:41 ----D---- C:\Program Files\trend micro
2010-04-09 08:48:40 ----D---- C:\rsit
2010-04-09 08:48:08 ----A---- C:\RSIT.exe
2010-04-09 08:33:29 ----SHD---- C:\RECYCLER
2010-04-08 13:35:10 ----D---- C:\WINNT\temp
2010-04-08 13:19:28 ----A---- C:\WINNT\system32\comres.dll
2010-04-08 13:14:57 ----N---- C:\comres.dll
2010-04-01 14:06:53 ----A---- C:\mbam-setup.exe
2010-04-01 13:59:23 ----HD---- C:\WINNT\PIF
2010-04-01 11:56:01 ----A---- C:\WINNT\MBR.exe
2010-04-01 11:56:00 ----A---- C:\WINNT\NIRCMD.exe
2010-04-01 11:55:55 ----A---- C:\WINNT\PEV.exe
2010-04-01 11:55:54 ----A---- C:\WINNT\zip.exe
2010-04-01 11:55:54 ----A---- C:\WINNT\SWREG.exe
2010-04-01 11:55:53 ----A---- C:\WINNT\sed.exe
2010-04-01 11:55:53 ----A---- C:\WINNT\grep.exe
2010-04-01 11:55:52 ----A---- C:\WINNT\SWSC.exe
2010-04-01 11:55:51 ----A---- C:\WINNT\SWXCACLS.exe
2010-04-01 11:55:45 ----D---- C:\WINNT\ERDNT
2010-04-01 11:54:55 ----D---- C:\Qoobox
2010-04-01 11:03:44 ----D---- C:\WINNT\system32\BITS
2010-04-01 11:03:37 ----A---- C:\WINNT\system32\qmgrprxy.dll
2010-04-01 11:03:36 ----N---- C:\WINNT\system32\qmgr.dll
2010-04-01 10:03:44 ----RA---- C:\WINNT\system32\IntelNic.dll
2010-04-01 10:03:43 ----RA---- C:\WINNT\system32\Prounstl.exe
2010-04-01 10:01:34 ----D---- C:\TempEI4
2010-03-31 12:35:34 ----D---- C:\Documents and Settings\Administrator.KARSIT\Data aplikací\Mozilla
2010-03-31 12:35:26 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 08:38:14 ----D---- C:\apps

======List of files/folders modified in the last 1 months======

2010-04-13 07:23:08 ----AD---- C:\WINNT\system32
2010-04-13 07:16:23 ----AD---- C:\WINNT\Debug
2010-04-13 07:13:13 ----A---- C:\WINNT\SchedLgU.Txt
2010-04-12 12:47:57 ----AD---- C:\maxcs32
2010-04-12 07:22:46 ----AD---- C:\WINNT\security
2010-04-09 11:52:20 ----D---- C:\WINNT\system32\NtmsData
2010-04-09 08:48:41 ----RAD---- C:\Program Files
2010-04-09 08:26:53 ----SHD---- C:\WINNT\Installer
2010-04-09 08:26:47 ----D---- C:\Program Files\Outlook Express
2010-04-09 08:26:47 ----D---- C:\Program Files\Common Files\System
2010-04-09 08:26:47 ----D---- C:\Program Files\Common Files\Services
2010-04-09 08:26:47 ----AD---- C:\WINNT
2010-04-09 08:26:47 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2010-04-09 08:26:47 ----AD---- C:\Program Files\Common Files
2010-04-09 08:26:47 ----A---- C:\WINNT\OEWABLog.txt
2010-04-08 13:33:35 ----A---- C:\WINNT\system.ini
2010-04-08 13:32:05 ----AD---- C:\WINNT\system32\drivers
2010-04-08 13:32:05 ----AD---- C:\WINNT\AppPatch
2010-04-06 10:02:09 ----SHD---- C:\WINNT\CSC
2010-04-01 14:32:46 ----RASHDC---- C:\WINNT\system32\dllcache
2010-04-01 14:32:44 ----SD---- C:\WINNT\Web
2010-04-01 11:11:01 ----HD---- C:\WINNT\inf
2010-04-01 11:03:51 ----A---- C:\WINNT\imsins.BAK
2010-04-01 11:01:23 ----AD---- C:\PCINFO
2010-04-01 10:01:57 ----SD---- C:\WINNT\Downloaded Program Files
2010-03-31 12:59:55 ----AD---- C:\WINNT\system32\config
2010-03-31 12:34:37 ----SD---- C:\Documents and Settings\Administrator.KARSIT\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2002-09-16 91678]
R1 ehdrv;ehdrv; C:\WINNT\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINNT\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R2 eamon;eamon; C:\WINNT\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 vnccom;vnccom; C:\WINNT\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2002-09-16 71514]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\system32\DRIVERS\e100bnt5.sys [2002-02-25 139536]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\ialmnt5.sys [2002-09-16 79323]
R3 SMBios;Intel (R) System Managment BIOS Service; C:\WINNT\system32\DRIVERS\SMBios.sys [2003-06-18 35012]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINNT\system32\drivers\STAC97.sys [2002-08-12 179664]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINNT\system32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Ovladač Miniport vylepšeného hostitelského řadiče Microsoft USB 2.0; C:\WINNT\system32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\system32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0; C:\WINNT\system32\DRIVERS\usbhub20.sys [2003-06-19 49776]
R3 vncdrv;vncdrv; C:\WINNT\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 BIFLAK;BIFLAK; \??\C:\PCINFO\biflak.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.KAR\LOCALS~1\Temp\catchme.sys []
S3 ccdecode;Dekodér Closed Caption; C:\WINNT\system32\drivers\ccdecode.sys [2001-10-08 15264]
S3 cpuz126;cpuz126; \??\C:\DOCUME~1\ADMINI~1.KAR\LOCALS~1\Temp\cpuz.sys []
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2001-10-30 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]

-----------------EOF-----------------

[JaRon]

tak ideme hladat
prescanuj PC s MBAM

[faltik]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3983

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

13.4.2010 7:48:20
mbam-log-2010-04-13 (07-48-20).txt

Typ skenu: Rychlý sken
Skenované objekty: 135036
Uplynulý čas: 5 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[JaRon]

pouzi SDFix - log vloz
prescanuj PC s CureIT - uplna kontrola

[faltik]

Log z SDFix:


SDFix: Version 1.240
Run by administrator on út 13.04.2010 at 9:17

Microsoft Windows 2000 [Verze 5.00.2195]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 09:20:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ysgum]
"DisplayName"="Driver Image"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Obsahuje podporu slu~by NetBIOS pro protokol TCP/IP (NetBT) a pYekládání názvo NetBIOS."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ysgum\Parameters]
"ServiceDll"=str(2):"C:\WINNT\system32\qlekczu.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ysgum]
"DisplayName"="Driver Image"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Obsahuje podporu slu~by NetBIOS pro protokol TCP/IP (NetBT) a pYekládání názvo NetBIOS."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ysgum\Parameters]
"ServiceDll"=str(2):"C:\WINNT\system32\qlekczu.dll"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?á? ?o?k?n?a? ?"="C:\WINNT\cursors\arrow_r.cur,C:\WINNT\cursors\help_r.cur,C:\WINNT\cursors\wait_r.cur,C:\WINNT\cursors\busy_r.cur,C:\WINNT\cursors\cross_r.cur,C:\WINNT\cursors\beam_r.cur,C:\WINNT\cursors\pen_r.cur,C:\WINNT\cursors\no_r.cur,C:\WINNT\cursors\size4_r.cur,C:\WINNT\cursors\size3_r.cur,C:\WINNT\cursors\size2_r.cur,C:\WINNT\cursors\size1_r.cur,C:\WINNT\cursors\move_r.cur,C:\WINNT\cursors\up_r.cur"
"\f\1e?r?n?á? ?o?k?n?a? ?(?v?e?l?k?é?)?"="C:\WINNT\cursors\arrow_rm.cur,C:\WINNT\cursors\help_rm.cur,C:\WINNT\cursors\wait_rm.cur,C:\WINNT\cursors\busy_rm.cur,C:\WINNT\cursors\cross_rm.cur,C:\WINNT\cursors\beam_rm.cur,C:\WINNT\cursors\pen_rm.cur,C:\WINNT\cursors\no_rm.cur,C:\WINNT\cursors\size4_rm.cur,C:\WINNT\cursors\size3_rm.cur,C:\WINNT\cursors\size2_rm.cur,C:\WINNT\cursors\size1_rm.cur,C:\WINNT\cursors\move_rm.cur,C:\WINNT\cursors\up_rm.cur"
"\f\1e?r?n?á? ?o?k?n?a? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINNT\cursors\arrow_rl.cur,C:\WINNT\cursors\help_rl.cur,C:\WINNT\cursors\wait_rl.cur,C:\WINNT\cursors\busy_rl.cur,C:\WINNT\cursors\cross_rl.cur,C:\WINNT\cursors\beam_rl.cur,C:\WINNT\cursors\pen_rl.cur,C:\WINNT\cursors\no_rl.cur,C:\WINNT\cursors\size4_rl.cur,C:\WINNT\cursors\size3_rl.cur,C:\WINNT\cursors\size2_rl.cur,C:\WINNT\cursors\size1_rl.cur,C:\WINNT\cursors\move_rl.cur,C:\WINNT\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Remaining Files :



Files with Hidden Attributes :

Fri 11 Dec 2009 498,040 A..H. --- "C:\WINNT\SoftwareDistribution\Download\2ce79b114a9e5f7fb5e4c8d7ac5cac4a\BITE.tmp"
Fri 24 Oct 2008 5,687,304 A..H. --- "C:\WINNT\SoftwareDistribution\Download\2e2e4680052c27c2e873d429aaa12a8f\BIT9.tmp"
Thu 22 May 2008 498,912 A..H. --- "C:\WINNT\SoftwareDistribution\Download\38cbf1fde0b89dd5561b6e755836256c\BIT5.tmp"
Wed 13 Jan 2010 497,528 A..H. --- "C:\WINNT\SoftwareDistribution\Download\66e94f8af9000cb975107009fc6c2470\BITF.tmp"
Wed 25 Nov 2009 497,016 A..H. --- "C:\WINNT\SoftwareDistribution\Download\8577c5d6aeea1c621e6b75b4defafc0f\BIT8.tmp"
Wed 23 Sep 2009 1,556,888 A..H. --- "C:\WINNT\SoftwareDistribution\Download\91df77e5389e3bd32ac8339cf9c3b479\BITC.tmp"
Sat 18 Oct 2008 497,520 A..H. --- "C:\WINNT\SoftwareDistribution\Download\a775231adcb8c67486aceacebbf6333f\BITA.tmp"
Thu 4 Mar 2010 9,823,176 A..H. --- "C:\WINNT\SoftwareDistribution\Download\c548e714a0a501a17685ab0e3ad259cd\BITB.tmp"
Thu 19 Nov 2009 497,512 A..H. --- "C:\WINNT\SoftwareDistribution\Download\c7fe454b14de50b96d4bdc37ea050c62\BITD.tmp"
Tue 8 Dec 2009 935,912 A..H. --- "C:\WINNT\SoftwareDistribution\Download\d59e261f45db2f908f31d4afb39d9fc8\BITC.tmp"
Fri 19 Mar 2010 4,246,936 A..H. --- "C:\WINNT\SoftwareDistribution\Download\f0a6ba58a6edb51765998398885a8d96\BIT13.tmp"

Finished!



Výsledek CureIT:

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Driver::
ysgum

File::
C:\WINNT\system32\qlekczu.dll

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[faltik]

Ještě než to spustím - co s těmi nahlášenými soubory z CureIT? Nechal jsem to zatím otevřené... mám je nějak léčit/přesunout, nebo prostě jen zavřít?

[JaRon]

adresar PCINFO zmaz, ostatne je OK

[faltik]

ComboFix 10-04-07.03 - administrator 13.04.2010 14:23:03.8.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.510.299 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator.KARSIT\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.KARSIT\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\winnt\system32\qlekczu.dll"
.
/wow section - STAGE 4


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YSGUM
-------\Service_ysgum


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 12:31 . 2010-04-13 12:31 -------- d-----w- C:\PCINFO
2010-04-13 07:47 . 2010-04-13 07:47 -------- d-----w- c:\documents and settings\Administrator.KARSIT\DoctorWeb
2010-04-13 07:15 . 2010-04-13 07:15 -------- d-----w- c:\winnt\ERUNT
2010-04-13 06:44 . 2010-04-13 07:21 -------- d-----w- C:\SDFix
2010-04-13 06:43 . 2010-04-13 06:42 1529241 ----a-w- C:\SDFix.exe
2010-04-13 05:40 . 2010-03-29 22:46 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-13 05:40 . 2010-03-29 22:45 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-04-13 05:40 . 2010-04-13 05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 05:39 . 2010-04-13 05:39 5918776 ----a-w- C:\mbam-setup-1.45.exe
2010-04-09 09:45 . 2010-04-09 09:37 1445888 ----a-w- C:\winsockxpfix.exe
2010-04-09 06:48 . 2010-04-13 05:23 -------- d-----w- c:\program files\trend micro
2010-04-09 06:48 . 2010-04-09 08:13 -------- d-----w- C:\rsit
2010-04-09 06:48 . 2010-04-09 06:47 781909 ----a-w- C:\RSIT.exe
2010-04-08 11:19 . 2009-04-07 15:58 792064 ----a-w- c:\winnt\system32\comres.dll
2010-04-08 11:14 . 2009-04-07 15:58 792064 ------w- C:\comres.dll
2010-04-01 11:59 . 2010-04-01 11:59 -------- d--h--w- c:\winnt\PIF
2010-04-01 09:03 . 2010-04-01 09:11 -------- d-----w- c:\winnt\system32\BITS
2010-04-01 09:03 . 2003-07-03 12:00 18432 ----a-w- c:\winnt\system32\qmgrprxy.dll
2010-04-01 09:03 . 2003-07-03 12:00 18432 ----a-w- c:\winnt\system32\dllcache\qmgrprxy.dll
2010-04-01 09:03 . 2004-10-05 17:43 360960 ------w- c:\winnt\system32\qmgr.dll
2010-04-01 08:03 . 2001-07-20 07:40 23040 ----a-r- c:\winnt\system32\IntelNic.dll
2010-04-01 08:03 . 2002-02-25 08:52 139536 -c--a-w- c:\winnt\system32\dllcache\e100bnt5.sys
2010-04-01 08:03 . 2002-02-25 08:52 139536 ----a-r- c:\winnt\system32\drivers\e100bnt5.sys
2010-04-01 08:03 . 2001-06-22 11:25 53248 ----a-r- c:\winnt\system32\Prounstl.exe
2010-04-01 08:01 . 2003-06-17 22:38 35012 ----a-w- c:\winnt\system32\drivers\SMBios.sys
2010-04-01 08:01 . 2010-04-01 08:02 -------- d-----w- C:\TempEI4
2010-03-31 06:39 . 2010-03-31 06:39 0 ----a-w- c:\winnt\nsreg.dat
2010-03-31 06:38 . 2010-03-31 06:38 -------- d-----w- C:\apps

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 06:28 . 2010-03-05 06:28 -------- d-----w- c:\program files\ESET
2008-03-17 12:37 . 2008-03-17 12:37 22034 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((( SnapShot@2010-04-01_12.37.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-13 07:15 . 2010-04-13 07:15 40960 c:\winnt\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2010-04-13 07:15 . 2010-04-13 07:15 40960 c:\winnt\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2010-04-13 07:15 . 2010-04-13 07:15 524288 c:\winnt\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2010-04-13 07:15 . 2008-08-07 13:27 163328 c:\winnt\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2010-04-13 07:15 . 2010-04-13 07:15 524288 c:\winnt\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2010-04-13 07:15 . 2008-08-07 13:27 163328 c:\winnt\ERUNT\SDFIX\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-07-03 111888]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2002-09-08 155648]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2002-09-08 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-03 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-03 188688]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [16.11.2009 10:06 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 10:04 735960]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17.3.2008 15:33 6016]
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\drivers\usbhub20.sys [17.3.2008 14:15 49776]
S3 BIFLAK;BIFLAK;\??\c:\pcinfo\biflak.sys --> c:\pcinfo\biflak.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\ADMINI~1.KAR\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\ADMINI~1.KAR\LOCALS~1\Temp\cpuz.sys [?]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
FF - ProfilePath - c:\documents and settings\Administrator.KARSIT\Data aplikací\Mozilla\Firefox\Profiles\4e5fq8c7.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 14:31
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(196)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1100)
c:\winnt\AppPatch\AcLayers.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 14:34:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 12:34
ComboFix2.txt 2010-04-08 11:35
ComboFix3.txt 2010-04-08 11:24
ComboFix4.txt 2010-04-08 11:14
ComboFix5.txt 2010-04-09 06:33

Před spuštěním: Volných bajtů: 36 356 427 776
Po spuštění: Volných bajtů: 36 317 429 760

- - End Of File - - C0138C5EC4BB7952766677F2DC4F17DB