Velmi zavireny pocitac vacsinou trojany.

[motji]

Fajn, pokračujte skriptem na combofix a AVPtoolem

[wlk21]

ComboFix 10-04-15.05 - AmunRa 17.04.2010 1:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.255.107 [GMT 2:00]
Running from: c:\documents and settings\AmunRa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\AmunRa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\AmunRa\Application Data\fmucsu.exe"
"c:\documents and settings\AmunRa\Application Data\szywo.exe"
"c:\program files\1736921.dat"
"c:\windows\nod32fixtemdono.reg"
"c:\windows\system32\Drivers\nzyhtuul.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\1736921.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NZYHTUUL
-------\Service_nzyhtuul


((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-16 22:18 . 2010-04-16 22:18 1737 ----a-w- C:\UsbFix_Upload_Me_AMUN-RA.zip
2010-04-16 21:28 . 2010-04-16 22:18 -------- d-----w- C:\UsbFix
2010-04-16 18:39 . 2010-04-16 18:39 -------- d-----w- c:\program files\Ultimate Process Manager
2010-04-16 13:32 . 2010-04-16 20:32 -------- d-----w- c:\documents and settings\AmunRa\Application Data\Skype
2010-04-15 19:50 . 2010-04-15 19:50 -------- d-----w- c:\program files\Common Files\Skype
2010-04-15 07:04 . 2010-04-15 07:04 -------- d-----w- c:\documents and settings\AmunRa\Local Settings\Application Data\Western Digital
2010-04-15 06:17 . 2010-04-15 06:17 -------- d-----w- c:\documents and settings\AmunRa\Application Data\Malwarebytes
2010-04-15 06:17 . 2008-09-09 22:03 17200 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 06:17 . 2008-09-09 22:04 38528 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 06:17 . 2010-04-15 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-15 06:17 . 2010-04-15 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 04:49 . 2010-04-15 04:49 -------- d-----w- c:\program files\AVG
2010-04-15 04:22 . 2010-04-15 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-15 04:22 . 2010-04-15 04:46 -------- d-----w- c:\documents and settings\AmunRa\Application Data\SUPERAntiSpyware.com
2010-04-15 04:20 . 2010-04-15 04:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 04:04 . 2010-04-15 04:04 -------- d-----w- c:\documents and settings\AmunRa\Application Data\Lavasoft
2010-04-13 12:24 . 2010-04-13 12:31 -------- d-----w- c:\windows\L2Schemas
2010-04-13 12:24 . 2010-04-13 12:30 -------- d-----w- c:\windows\system32\scripting
2010-04-13 12:24 . 2010-04-13 12:30 -------- d-----w- c:\windows\system32\en
2010-04-13 10:50 . 2008-04-14 11:41 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-04-13 10:50 . 2008-04-14 11:42 103424 -c--a-w- c:\windows\system32\dllcache\uihelper.dll
2010-04-13 10:50 . 2008-04-14 11:42 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2010-04-13 10:50 . 2008-04-14 11:42 45056 -c--a-w- c:\windows\system32\dllcache\ssinc51.dll
2010-04-13 10:50 . 2004-08-04 11:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-04-13 10:48 . 2008-04-14 11:41 25088 -c--a-w- c:\windows\system32\dllcache\iisadmin.dll
2010-04-13 10:47 . 2008-04-14 11:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2010-04-13 10:46 . 2008-04-14 11:42 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2010-04-13 10:45 . 2010-04-13 10:45 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2010-04-13 10:43 . 2004-08-04 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-04-13 10:43 . 2008-04-14 11:41 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll
2010-04-13 10:43 . 2008-04-14 11:41 7168 ----a-w- c:\windows\system32\bitsprx4.dll
2010-04-13 10:40 . 2008-04-14 11:42 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-04-13 10:40 . 2008-04-14 11:42 290304 ----a-w- c:\windows\system32\rhttpaa.dll
2010-04-13 10:40 . 2008-04-14 11:41 136192 -c--a-w- c:\windows\system32\dllcache\aaclient.dll
2010-04-13 10:40 . 2008-04-14 11:41 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-04-13 10:34 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-04-13 10:34 . 2004-08-04 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-04-13 10:34 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-04-10 11:33 . 2010-04-10 11:34 -------- d-----w- c:\documents and settings\AmunRa\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 19:52 . 2009-10-18 20:27 -------- d-----r- c:\program files\Skype
2010-04-15 19:09 . 2009-10-18 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-15 04:03 . 2009-10-17 12:48 -------- d-----w- c:\program files\Lavasoft
2010-04-15 03:08 . 2009-10-17 14:37 69232 ----a-w- c:\documents and settings\AmunRa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-13 19:03 . 2009-10-17 07:45 -------- d-----w- c:\program files\ESET
2010-04-13 19:03 . 2009-10-17 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-13 13:28 . 2009-10-17 07:14 87263 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-13 13:28 . 2009-10-17 07:14 4866 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-04-13 10:41 . 2009-10-17 07:12 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-04-12 19:25 . 2009-10-18 20:29 -------- d-----w- c:\documents and settings\AmunRa\Application Data\skypePM
2010-04-11 05:24 . 2009-10-17 07:39 40784 ----a-w- c:\windows\system32\nvModes.dat
2010-03-10 23:23 . 2009-10-17 11:34 -------- d-----w- c:\documents and settings\AmunRa\Application Data\Ahead
2010-02-21 17:47 . 2010-02-21 17:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-18 11:27 . 2009-10-17 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
.

Kód: Vybrat vše

<pre>
c:\program files\Skype\Phone\skype .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-16_18.32.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-17 11:02 . 2003-08-05 23:04 114741 c:\windows\system32\dla\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-25 23090984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 610304]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-31 4804608]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 110592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-3-8 146944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/9/2009 3:18 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/9/2009 3:21 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4/9/2009 3:19 PM 731840]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\AmunRa\Application Data\Mozilla\Firefox\Profiles\5ayr4mzg.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\MicroStar\WLANUtility\WLAN_Service.exe
.
**************************************************************************
.
Completion time: 2010-04-17 01:24:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-16 23:24
ComboFix2.txt 2010-04-16 18:35

Pre-Run: 1 401 556 992 bytes free
Post-Run: 1 287 172 096 bytes free

- - End Of File - - 985758A010B2498E37462F98070F70B1

[wlk21]

Autoscan: completed 3 minutes ago (events: 8, objects: 97201, time: 01:05:49)
17.4.2010 2:56:22 Task started
17.4.2010 3:11:30 Detected: Trojan.Win32.FraudPack.apul C:\Program Files\Adobe\4079968.old/data0000
17.4.2010 3:16:02 Deleted: Trojan.Win32.FraudPack.apul C:\Program Files\Adobe\4079968.old
17.4.2010 3:21:20 Detected: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\AmunRa\secupdat.dat.vir/PE-Crypt.XorPE
17.4.2010 3:21:21 Detected: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir/PE-Crypt.XorPE
17.4.2010 3:22:35 Deleted: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\Documents and Settings\AmunRa\secupdat.dat.vir
17.4.2010 3:22:36 Deleted: Backdoor.Win32.Cetorp.p C:\Qoobox\Quarantine\C\WINDOWS\system32\secupdat.dat.vir
17.4.2010 4:02:14 Task completed

[motji]

Jak to ted vypadá s počítačem?

Použijte na combofix ještě tento skript:

Kód: Vybrat vše

RenV::
c:\program files\Skype\Phone\skype .exe

ADS::
c:\windows\explorer.exe

Pokud se oprava nezdaří, je problém přeinstalovat Skype?

[wlk21]

Prebehlo to v poriatku bez komplikacii ale aj tak som pre istotu odinstaloval skype. Instalaciek na skype mam dost. PC vyzera zatial bez problemov.

############################## | UsbFix V6.104 |

User : AmunRa (Administrators) # AMUN-RA
Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 1:01:31 PM | 4/17/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.0 4.0 [ Enabled | Updated ]

C:\ -> Local Fixed Disk # 9.77 Go (1.46 Go free) # NTFS
D:\ -> Local Fixed Disk # 27.49 Go (1.44 Go free) # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 7.45 Go (2.81 Go free) [KINGSTON] # FAT32
G:\ -> Removable Disk # 979.72 Mo (701.14 Mo free) # FAT
H:\ -> Removable Disk # 0.96 Mo (0.16 Mo free) # FAT

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1123561945-1343024091-682003330-1003
Deleted ! D:\Recycler\S-1-5-21-1123561945-1343024091-682003330-1003
Deleted ! F:\driver
Deleted ! G:\driver
Deleted ! G:\winamp_cache_0001.xml
Deleted ! G:\autorun.Vinf
Deleted ! G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013
Deleted ! H:\driver
Deleted ! H:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

################## | Registry |


################## | Mountpoints2 |


################## | Listing of the present files |

[17.10.2009 09:15|--a------|0] C:\AUTOEXEC.BAT
[13.04.2010 12:39|---hs----|211] C:\boot.ini
[17.04.2010 12:32|--a------|11398] C:\ComboFix.txt
[17.10.2009 09:15|--a------|0] C:\CONFIG.SYS
[17.10.2009 09:15|-rahs----|0] C:\IO.SYS
[17.10.2009 09:15|-rahs----|0] C:\MSDOS.SYS
[14.04.2008 06:13|-rahs----|47564] C:\NTDETECT.COM
[14.04.2008 08:01|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[17.04.2010 13:03|--a------|1855] C:\UsbFix.txt
[17.04.2010 12:56|--a------|2084] C:\UsbFix_Upload_Me_AMUN-RA.zip
[09.03.2003 21:06|--a------|589257093] F:\pornoakce4-full-hq.wmv
[08.10.2009 11:23|--a------|65024] G:\Prˇloha ź. 1.doc
[08.10.2009 11:24|--a------|56320] G:\Prˇloha ź. 2.doc
[08.10.2009 11:24|--a------|76288] G:\Prˇloha ź. 3.doc
[08.10.2009 11:24|--a------|45056] G:\Prˇloha ź. 4.doc
[08.10.2009 11:24|--a------|36864] G:\Prˇloha ź. 5.doc
[08.10.2009 11:24|--a------|118784] G:\Prˇloha ź. 6.doc
[08.10.2009 11:24|--a------|35840] G:\Prˇloha ź. 7.doc
[08.10.2009 11:24|--a------|51200] G:\Prˇloha ź. 8.doc
[08.10.2009 11:24|--a------|28672] G:\Prˇloha ź. 9.doc
[08.10.2009 11:25|--a------|4562284] G:\cestne presuny.pdf
[12.10.2009 13:29|--a------|6680576] G:\plan Irak VII.doc
[11.11.2009 15:14|--a------|63488] G:\Plan Leçś - prerobeně.xls
[15.01.2007 00:55|--a------|855552] G:\03_SPG 3-19 ¦en_text.doc
[14.10.2009 11:04|--a------|29696] G:\CIELE.doc
[13.10.2009 19:41|--a------|99328] G:\01 Plan riadenia TC.doc
[13.08.2009 10:02|--a------|103936] G:\RV Leçś-final.xls
[27.10.2009 20:25|--a------|19968] G:\shelter.doc
[07.11.2009 18:22|--a------|67072] G:\Adresy na pozv nky vzor.doc
[25.03.2010 08:54|--a------|41] G:\pmp_usb.ini
[30.12.2009 18:02|--a------|1243136] G:\Organizaźně poriadok.doc
[02.02.2010 08:28|--a------|46592] G:\Operaźn  Łloha.doc
[08.10.2009 00:50|--a------|7681648] G:\klcodec510s.exe
[02.03.2010 20:10|--a------|336926] G:\final marathon route.pdf
[01.04.2010 16:26|--a------|13179] G:\Kri§an.docx
[02.04.2010 14:00|--a------|13393] G:\Vasilź k.docx
[03.04.2010 13:44|--a------|45056] G:\NµRADIE ¦LS¬ od KAF.doc
[10.04.2010 08:01|--a------|17373] G:\p skymarecISAF1.docx
[10.04.2010 08:02|--a------|1060] G:\HPPDEVX.DLL.log
[07.10.2005 11:09|--a------|196608] H:\UDPV264.EXE
[14.10.2009 10:57|--a------|95232] H:\Pl n riadenia TC ISAF 2009.doc
[14.10.2009 13:03|--a------|45568] H:\tabulka spojenia.doc
[07.01.2010 11:44|--a------|15754] H:\Sramek.docx
[12.03.2009 20:40|--a------|141824] H:\majetkov‚ ćr mek.doc

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_AMUN-RA.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.104 ! |

[motji]

Ještě Vás poprosím o ten log z combofixu a ze Rsitu, viz můj podpis. Pokud bude všechno v pořádku, už budeme jenom uklízet po použitých programech

[wlk21]

Mal som chaos s tymi logmi a omylom som sem nakopiroval ten nespravny. Tak som vytvoril dalsi na CF ale ten je trochu moc rozsiahli tak neviem ci ho sem umiestnit alebo som pri jeho tvorbe pochybil. Zatial prikladam log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by AmunRa at 2010-04-17 16:02:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (14%) free of 10 GB
Total RAM: 255 MB (23% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2010-04-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2010-04-17 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-05-02 610304]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-31 4804608]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-05-02 110592]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\winupd01.exe"="C:\WINDOWS\system32\winupd01.exe:*:Enabled:DHCP Router"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-17 16:02:03 ----D---- C:\rsit
2010-04-17 16:02:03 ----D---- C:\Program Files\trend micro
2010-04-17 16:01:15 ----D---- C:\WINDOWS\temp
2010-04-17 16:01:09 ----A---- C:\ComboFix.txt
2010-04-17 15:58:11 ----A---- C:\WINDOWS\VFIND.exe
2010-04-17 15:58:11 ----A---- C:\WINDOWS\fdsv.exe
2010-04-17 15:34:16 ----D---- C:\Documents and Settings\AmunRa\Application Data\Skype
2010-04-17 15:33:49 ----D---- C:\Program Files\Common Files\Skype
2010-04-17 15:16:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-04-17 15:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-04-17 13:01:19 ----A---- C:\UsbFix.txt
2010-04-17 12:15:51 ----A---- C:\WINDOWS\zip.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\sed.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 12:15:51 ----A---- C:\WINDOWS\grep.exe
2010-04-17 00:18:01 ----RAD---- C:\autorun.inf
2010-04-16 23:28:54 ----D---- C:\UsbFix
2010-04-16 20:39:07 ----D---- C:\Program Files\Ultimate Process Manager
2010-04-16 20:26:16 ----D---- C:\WINDOWS\ERDNT
2010-04-16 20:25:28 ----D---- C:\Qoobox
2010-04-15 08:17:26 ----D---- C:\Documents and Settings\AmunRa\Application Data\Malwarebytes
2010-04-15 08:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-15 08:17:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-15 06:22:24 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-15 06:22:10 ----D---- C:\Documents and Settings\AmunRa\Application Data\SUPERAntiSpyware.com
2010-04-15 06:20:23 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-15 06:04:49 ----D---- C:\Documents and Settings\AmunRa\Application Data\Lavasoft
2010-04-13 14:24:31 ----D---- C:\WINDOWS\system32\scripting
2010-04-13 14:24:31 ----D---- C:\WINDOWS\system32\en
2010-04-13 14:24:31 ----D---- C:\WINDOWS\Network Diagnostic
2010-04-13 14:24:31 ----D---- C:\WINDOWS\L2Schemas
2010-04-13 12:53:38 ----D---- C:\WINDOWS\Prefetch
2010-04-13 12:44:01 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-04-13 12:43:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-04-13 12:40:42 ----D---- C:\WINDOWS\system32\en-US
2010-04-13 12:40:42 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-04-13 12:40:42 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-04-13 12:40:42 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-04-13 12:34:40 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-04-13 12:34:40 ----A---- C:\WINDOWS\system32\irclass.dll
2010-04-13 12:20:00 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-04-10 13:33:44 ----D---- C:\Documents and Settings\AmunRa\Application Data\Media Player Classic

======List of files/folders modified in the last 1 months======

2010-04-17 16:02:03 ----RD---- C:\Program Files
2010-04-17 16:01:16 ----D---- C:\WINDOWS\system32
2010-04-17 16:01:15 ----D---- C:\WINDOWS
2010-04-17 15:59:01 ----A---- C:\WINDOWS\system.ini
2010-04-17 15:58:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 15:36:10 ----D---- C:\Documents and Settings\AmunRa\Application Data\skypePM
2010-04-17 15:34:05 ----SHD---- C:\WINDOWS\Installer
2010-04-17 15:34:03 ----RD---- C:\Program Files\Skype
2010-04-17 15:33:49 ----D---- C:\Program Files\Common Files
2010-04-17 15:32:52 ----D---- C:\Program Files\Mozilla Firefox
2010-04-17 15:31:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 15:16:27 ----D---- C:\Program Files\Google
2010-04-17 15:16:13 ----A---- C:\WINDOWS\wincmd.ini
2010-04-17 12:41:49 ----HD---- C:\WINDOWS\inf
2010-04-17 12:35:34 ----D---- C:\WINDOWS\system32\drivers
2010-04-17 12:20:06 ----D---- C:\WINDOWS\AppPatch
2010-04-17 04:13:58 ----SHD---- C:\System Volume Information
2010-04-17 04:13:58 ----D---- C:\WINDOWS\system32\Restore
2010-04-17 04:10:57 ----D---- C:\Program Files\ESET
2010-04-17 03:16:16 ----D---- C:\Program Files\Adobe
2010-04-17 01:17:30 ----D---- C:\WINDOWS\system32\config
2010-04-17 01:13:50 ----D---- C:\WINDOWS\system32\dla
2010-04-16 20:34:57 ----SD---- C:\WINDOWS\Tasks
2010-04-16 20:34:51 ----D---- C:\WINDOWS\repair
2010-04-16 20:32:09 ----D---- C:\Program Files\Internet Explorer
2010-04-15 09:02:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 06:49:46 ----D---- C:\WINDOWS\WinSxS
2010-04-15 06:49:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-15 06:04:48 ----SD---- C:\Documents and Settings\AmunRa\Application Data\Microsoft
2010-04-15 06:04:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-15 06:03:47 ----D---- C:\Program Files\Lavasoft
2010-04-13 21:45:49 ----D---- C:\Download
2010-04-13 21:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-04-13 14:31:34 ----D---- C:\WINDOWS\system32\Setup
2010-04-13 14:31:32 ----D---- C:\WINDOWS\Help
2010-04-13 14:31:24 ----D---- C:\WINDOWS\system32\usmt
2010-04-13 14:30:58 ----D---- C:\WINDOWS\mui
2010-04-13 14:30:58 ----D---- C:\WINDOWS\ime
2010-04-13 14:30:58 ----D---- C:\WINDOWS\EHome
2010-04-13 14:30:56 ----RSD---- C:\WINDOWS\Fonts
2010-04-13 14:30:56 ----D---- C:\WINDOWS\Media
2010-04-13 14:30:38 ----D---- C:\WINDOWS\peernet
2010-04-13 14:30:18 ----D---- C:\WINDOWS\system32\npp
2010-04-13 14:30:10 ----D---- C:\WINDOWS\msagent
2010-04-13 14:26:54 ----D---- C:\WINDOWS\twain_32
2010-04-13 14:26:08 ----D---- C:\WINDOWS\system32\icsxml
2010-04-13 14:25:35 ----D---- C:\WINDOWS\system32\1033
2010-04-13 14:24:31 ----D---- C:\WINDOWS\Driver Cache
2010-04-13 13:56:36 ----D---- C:\WINDOWS\Debug
2010-04-13 12:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-13 12:55:55 ----D---- C:\WINDOWS\Registration
2010-04-13 12:52:51 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-13 12:46:23 ----D---- C:\WINDOWS\security
2010-04-13 12:45:38 ----AC---- C:\WINDOWS\ODBCINST.INI
2010-04-13 12:44:54 ----D---- C:\WINDOWS\system32\ias
2010-04-13 12:44:06 ----RD---- C:\WINDOWS\Web
2010-04-13 12:43:51 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-04-13 12:43:30 ----A---- C:\WINDOWS\win.ini
2010-04-13 12:43:21 ----D---- C:\WINDOWS\srchasst
2010-04-13 12:43:19 ----D---- C:\Program Files\Windows Media Player
2010-04-13 12:43:14 ----D---- C:\Program Files\Movie Maker
2010-04-13 12:43:11 ----D---- C:\WINDOWS\system32\oobe
2010-04-13 12:43:04 ----D---- C:\Program Files\NetMeeting
2010-04-13 12:43:01 ----D---- C:\Program Files\Outlook Express
2010-04-13 12:43:01 ----D---- C:\Program Files\Common Files\System
2010-04-13 12:41:42 ----D---- C:\WINDOWS\system32\Com
2010-04-13 12:40:47 ----D---- C:\Program Files\Messenger
2010-04-13 12:40:46 ----D---- C:\WINDOWS\system32\wbem
2010-04-13 12:40:45 ----D---- C:\Program Files\Windows NT
2010-04-13 12:39:27 ----SH---- C:\boot.ini
2010-04-13 12:35:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-13 12:34:40 ----D---- C:\WINDOWS\system
2010-04-13 12:34:28 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-04-11 07:43:58 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-10-09 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-31 1329723]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-05-02 270640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
R4 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 RT2500USB;Wireless 11g USB 2.0 Network Driver; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [2005-01-07 147328]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-17 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[motji]

Nevadí, že je dlouhý, vložte ho zde
Až tak učiníte, můžete začít uklízet


Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?