Malware - Security tool - log z RSIT

Zpráva

petypety · #16 Příspěvek od **petypety** » 17 dub 2010 12:39

po aplikaci se pc spustilo, ale nebyl jsem schopný zprovoznit myš, hlásilo to problém
se zařízením standardi HID, takže jsem obnovil systém z bodu obnovení, který vytvořil
ComboFix. Co s tím ?

#17 Příspěvek od **Caroprd111** » 17 dub 2010 12:53

Podívejte se na disk c:, zda se tam nenachází log z ComboFixu.

petypety · #18 Příspěvek od **petypety** » 17 dub 2010 12:59

není tam žádný, ale myslím si, že byl spíš odstraněn při obnově systému,
spuštění s poslední známou konfigurací nefungovalo ( resp. neřešilo problém s myší )

#19 Příspěvek od **Caroprd111** » 17 dub 2010 13:09

Dejte nový log z OTL.

petypety · #20 Příspěvek od **petypety** » 17 dub 2010 13:13

OTL logfile created on: 17.4.2010 14:10:24 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 218,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,22 Gb Total Space | 3,13 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive D: | 101,57 Gb Total Space | 12,60 Gb Free Space | 12,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSTA-DSX4BF
Current User Name: Rostislav Drápal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010.04.04 16:18:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007.12.10 16:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007.02.20 03:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007.02.13 20:29:00 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006.10.26 21:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006.09.13 12:12:52 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.09.13 12:07:08 | 000,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005.08.25 11:30:14 | 000,307,200 | ---- | M] () -- C:\Program Files\honestech\honestech TVR\scheduleTV.exe
PRC - [2005.05.20 13:00:00 | 000,401,408 | ---- | M] () -- C:\WINDOWS\878RMT.exe
PRC - [2004.08.17 17:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.06.16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003.01.16 11:32:40 | 000,049,152 | ---- | M] (Ruling Tec Pte Ltd) -- C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe

========== Modules (SafeList) ==========

MOD - [2010.04.17 10:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2004.08.17 17:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvcTermService)
SRV - File not found [Auto | Stopped] -- -- (upnphostxmlprov)
SRV - File not found [Auto | Stopped] -- -- (ThemesSpooler)
SRV - File not found [Auto | Stopped] -- -- (TapiSrvImapiService)
SRV - File not found [Auto | Stopped] -- -- (RemoteAccess Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (NetmanVSS)
SRV - File not found [Auto | Stopped] -- -- (MessengerPCLEPCI)
SRV - File not found [Auto | Stopped] -- -- (ClipSrvEventSystem)
SRV - File not found [Auto | Stopped] -- -- (cisvcNVSvc)
SRV - File not found [Auto | Stopped] -- -- (BITSRpcSs)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (application updater)
SRV - [2008.09.11 20:05:42 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

========== Driver Services (SafeList) ==========

DRV - [2009.01.08 19:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys -- (dsaudiodevice_207)
DRV - [2008.10.02 20:46:08 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (lmirfsclientnp)
DRV - [2008.07.24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (lmirfsdriver)
DRV - [2008.02.13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (pac207)
DRV - [2007.05.21 17:26:14 | 000,021,168 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DynCal.sys -- (dyncal)
DRV - [2007.01.04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006.05.21 05:00:00 | 000,214,692 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Bt878.sys -- (878TVCard)
DRV - [2006.05.21 05:00:00 | 000,012,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BtTuner.sys -- (878TVTuner)
DRV - [2006.05.21 05:00:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BtXbar.sys -- (878Xbar)
DRV - [2005.08.02 10:35:00 | 003,198,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (afc)
DRV - [2004.08.04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004.08.04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004.08.04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2003.01.22 05:37:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1085031214-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 16:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 16:18:17 | 000,000,000 | ---D | M]

[2008.08.28 14:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Extensions
[2010.04.17 10:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions
[2009.03.28 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\extensions\firefox@tvunetworks.com
[2010.01.18 18:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.14 17:09:04 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.14 17:09:04 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.14 17:09:04 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.14 17:09:04 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.14 17:09:04 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.17 12:31:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\rfpicon.exe (Ruling Tec Pte Ltd)
O4 - HKLM..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe ()
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1085031214-630328440-682003330-1003..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe ()
O4 - Startup: C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .tiff - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4085624765 (WUWebControl Class)
O18 - Protocol\Handler\groovelocalgws {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\lmiinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView\IrfanView_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.29 19:18:52 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.17 13:25:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.04.17 12:58:17 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010.04.17 12:58:04 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2010.04.17 12:30:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.17 11:59:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.17 11:58:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.17 11:58:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.17 11:58:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.17 11:58:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.17 11:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.17 11:58:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.17 10:07:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010.04.15 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.15 19:39:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 18:58:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.04.14 20:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.04.11 13:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
[2008.02.07 21:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ahead
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2005.11.11 15:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.11.11 15:26:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.11 09:07:36 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.17 13:36:05 | 000,898,116 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.17 13:36:05 | 000,384,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.17 13:36:05 | 000,384,628 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.17 13:36:05 | 000,064,204 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.17 13:36:05 | 000,054,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.17 13:34:52 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.04.17 13:27:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.17 13:27:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.17 12:31:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.17 12:31:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 12:26:03 | 006,205,440 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2010.04.17 12:02:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2010.04.17 11:59:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.17 11:57:08 | 003,916,775 | R--- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\ComboFix.exe
[2010.04.17 10:42:56 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\CKScanner.exe
[2010.04.17 10:06:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.15 19:17:13 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.15 17:03:01 | 000,003,791 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.04.15 16:52:04 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 16:40:28 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.04.13 16:28:24 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\skype.lnk
[2010.04.11 14:24:50 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 11:19:04 | 000,344,417 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:46 | 000,318,324 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.03 09:24:02 | 000,001,103 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.03 09:23:49 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010.04.01 21:43:56 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.22 20:58:01 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System\TSCP_H0.THD
[2010.03.21 20:45:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H3.THD
[2010.03.21 20:44:37 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System\TSCP_H8.THD
[2010.03.21 20:44:31 | 000,000,037 | ---- | M] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System\TSCP_H1.THD
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.17 11:59:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.04.17 11:59:11 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.17 11:58:27 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.17 11:58:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.17 11:58:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.17 11:58:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.17 11:58:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.17 11:56:55 | 003,916,775 | R--- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\ComboFix.exe
[2010.04.17 10:43:00 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\CKScanner.exe
[2010.04.15 19:17:15 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
[2010.04.10 11:19:04 | 000,344,417 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\mates duben 2010 - 1.jpg
[2010.04.10 11:17:45 | 000,318,324 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\duben 2010.jpg
[2010.04.01 21:43:56 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Plocha\redir.html
[2010.03.21 20:44:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System\TSCP_H2.THD
[2010.03.21 20:44:17 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System\TSCP_H1.THD
[2009.12.28 15:15:03 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009.12.28 15:14:58 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009.10.26 16:11:09 | 006,205,440 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat
[2009.10.19 21:32:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.08.08 11:00:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2009.04.03 20:33:12 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\wiaserva.log
[2008.05.29 19:18:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.05.29 19:18:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.05.29 19:18:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.05.29 19:18:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.05.29 19:18:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008.03.19 16:32:53 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.02.07 19:23:30 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\default.pls
[2008.02.07 19:18:37 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.01.16 17:56:01 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008.01.16 17:54:54 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\__FileUploader.log
[2007.09.28 10:22:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\fusioncache.dat
[2007.09.28 09:33:56 | 000,001,641 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.09.15 07:12:10 | 000,004,796 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2007.09.14 18:00:54 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2007.02.28 19:14:18 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVSDVDPlayer.m3u
[2007.02.28 19:13:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.02.28 19:13:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.01.24 18:27:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.12.12 16:54:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.12.12 16:53:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006.11.24 20:31:16 | 000,001,820 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.09.15 18:48:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006.01.08 10:56:04 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2006.01.06 15:52:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SILCOM_P.INI
[2006.01.05 16:04:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.01.05 16:01:07 | 000,003,791 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.12.29 19:50:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WinFight.ini
[2005.12.28 14:09:59 | 000,000,288 | ---- | C] () -- C:\WINDOWS\LEXICON.INI
[2005.12.25 09:41:49 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.11.22 22:02:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.11.12 15:45:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Rostislav Drápal\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.11.11 23:54:35 | 000,000,513 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005.11.11 23:50:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\TBManage.dll
[2005.11.11 23:23:12 | 000,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2005.11.11 22:16:53 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005.11.11 15:33:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.dat.LOG
[2005.11.11 15:33:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Rostislav Drápal\ntuser.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.08.02 10:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.08.02 10:35:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.08.02 10:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.08.02 10:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.07.20 15:07:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.07.20 15:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.11.06 03:31:18 | 000,002,574 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004.11.06 03:31:17 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004.11.05 23:23:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004.08.17 17:49:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.08.17 17:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003.02.13 12:20:24 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[1997.02.22 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.02.22 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997.02.22 01:00:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\VACS232.DLL

========== LOP Check ==========

[2010.01.24 11:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2006.02.02 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\muvee Technologies
[2009.10.02 19:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NFS Underground
[2008.01.16 17:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.01.16 17:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2007.10.09 19:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2005.11.21 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\AVG7
[2005.11.21 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AVG7
[2007.09.28 10:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Autodesk
[2007.01.25 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\AVG7
[2006.02.02 23:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\IrfanView
[2010.01.18 18:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\pdfforge
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings

========== Purity Check ==========

< End of report >

#21 Příspěvek od **Caroprd111** » 17 dub 2010 13:19

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
SRV - File not found [Auto | Stopped] -- -- (wscsvcTermService)
SRV - File not found [Auto | Stopped] -- -- (upnphostxmlprov)
SRV - File not found [Auto | Stopped] -- -- (ThemesSpooler)
SRV - File not found [Auto | Stopped] -- -- (TapiSrvImapiService)
SRV - File not found [Auto | Stopped] -- -- (RemoteAccess Licensing Service)
SRV - File not found [Auto | Stopped] -- -- (NetmanVSS)
SRV - File not found [Auto | Stopped] -- -- (MessengerPCLEPCI)
SRV - File not found [Auto | Stopped] -- -- (ClipSrvEventSystem)
SRV - File not found [Auto | Stopped] -- -- (cisvcNVSvc)
SRV - File not found [Auto | Stopped] -- -- (BITSRpcSs)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (application updater)
O15 - HKU\S-1-5-21-1085031214-630328440-682003330-1003\..Trusted Domains: ([]msn in Tento počítač)
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2008.01.16 17:56:01 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2004.11.05 23:23:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2010.01.18 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

petypety · #22 Příspěvek od **petypety** » 17 dub 2010 13:27

All processes killed
========== OTL ==========
Service wscsvcTermService stopped successfully!
Service wscsvcTermService deleted successfully!
Service upnphostxmlprov stopped successfully!
Service upnphostxmlprov deleted successfully!
Service ThemesSpooler stopped successfully!
Service ThemesSpooler deleted successfully!
Service TapiSrvImapiService stopped successfully!
Service TapiSrvImapiService deleted successfully!
Service RemoteAccess Licensing Service stopped successfully!
Service RemoteAccess Licensing Service deleted successfully!
Service NetmanVSS stopped successfully!
Service NetmanVSS deleted successfully!
Service MessengerPCLEPCI stopped successfully!
Service MessengerPCLEPCI deleted successfully!
Service ClipSrvEventSystem stopped successfully!
Service ClipSrvEventSystem deleted successfully!
Service cisvcNVSvc stopped successfully!
Service cisvcNVSvc deleted successfully!
Service BITSRpcSs stopped successfully!
Service BITSRpcSs deleted successfully!
Service application updater stopped successfully!
Service application updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-630328440-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\OLD3B.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV3921280.TMP\default.tvp deleted successfully.
C:\WINDOWS\NV3921280.TMP folder deleted successfully.
C:\WINDOWS\SET22.tmp deleted successfully.
C:\WINDOWS\SET23.tmp deleted successfully.
C:\WINDOWS\SET27.tmp deleted successfully.
C:\WINDOWS\SET28.tmp deleted successfully.
C:\WINDOWS\SET2C.tmp deleted successfully.
C:\WINDOWS\SET2D.tmp deleted successfully.
C:\WINDOWS\SET2E.tmp deleted successfully.
C:\WINDOWS\SET2F.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET30.tmp deleted successfully.
C:\WINDOWS\SET31.tmp deleted successfully.
C:\WINDOWS\SET36.tmp deleted successfully.
C:\WINDOWS\SET3D.tmp deleted successfully.
C:\WINDOWS\SET3E.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\Program Files\UNWISE.EXE moved successfully.
C:\WINDOWS\system32\drivers\PciBus.sys moved successfully.
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings\kb130\temp folder moved successfully.
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings\kb130 folder moved successfully.
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Rostislav Drápal
->Temp folder emptied: 5697420 bytes
->Temporary Internet Files folder emptied: 829945 bytes
->FireFox cache emptied: 44337093 bytes
->Flash cache emptied: 4659 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18508 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Rostislav Drápal
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.1 log created on 04172010_142228

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#23 Příspěvek od **Caroprd111** » 17 dub 2010 13:31

Jak to vypadá s PC

petypety · #24 Příspěvek od **petypety** » 17 dub 2010 13:33

Z mého pohledu smutně, ale to je spíše hardwarem tohoto stroje

Chová se standardně, nevyskakují žádná okna, takže asi OK.

#25 Příspěvek od **Caroprd111** » 17 dub 2010 13:34

Poprosím o nový log z RSIT.

petypety · #26 Příspěvek od **petypety** » 17 dub 2010 13:35

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rostislav Drápal at 2010-04-17 14:33:25
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:29, on 17.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\878RMT.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rostislav Drápal\Plocha\RSIT.exe
C:\Program Files\trend micro\Rostislav Drápal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [TV Card Remote Control Applet] C:\WINDOWS\878RMT.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: e&xportovat do aplikace microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4085624765
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70C52F0-AB71-48E6-9B9C-96BC1E7683F2}: NameServer = 194.228.41.65,194.228.41.113
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

--
End of file - 6647 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30c5-4d22-b7f9-0bbc1d38a37e}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"=C:\WINDOWS\878RMT.exe [2005-05-20 401408]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"USBToolTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Scheduler for OEM.lnk - C:\Program Files\honestech\honestech TVR\scheduleTV.exe

C:\Documents and Settings\Rostislav Drápal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmiinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Hry\medal of honor\MOHAA.exe"="D:\Hry\medal of honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\need for speed 7\Speed.exe"="D:\Hry\need for speed 7\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-17 14:25:23 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
2010-04-17 14:22:55 ----SHD---- C:\RECYCLER
2010-04-17 13:25:33 ----SD---- C:\ComboFix
2010-04-17 12:58:17 ----D---- C:\RECYCLER(2)
2010-04-17 12:58:04 ----D---- C:\ComboFix(2)
2010-04-17 12:30:07 ----D---- C:\WINDOWS\temp
2010-04-17 11:59:14 ----A---- C:\Boot.bak
2010-04-17 11:59:09 ----RASHD---- C:\cmdcons
2010-04-17 11:58:27 ----A---- C:\WINDOWS\zip.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\SWSC.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\SWREG.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\sed.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\PEV.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\MBR.exe
2010-04-17 11:58:27 ----A---- C:\WINDOWS\grep.exe
2010-04-17 11:58:21 ----D---- C:\WINDOWS\ERDNT
2010-04-17 11:58:14 ----D---- C:\Qoobox
2010-04-17 10:07:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-15 19:39:06 ----D---- C:\Program Files\trend micro
2010-04-15 19:39:05 ----D---- C:\rsit
2010-04-15 18:58:21 ----SHD---- C:\WINDOWS\CSC
2010-04-11 13:35:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink

======List of files/folders modified in the last 1 months======

2010-04-17 14:29:06 ----D---- C:\WINDOWS\system32
2010-04-17 14:29:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-17 14:25:30 ----D---- C:\Documents and Settings\Rostislav Drápal\Data aplikací\Skype
2010-04-17 14:24:53 ----D---- C:\WINDOWS
2010-04-17 14:23:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 14:23:04 ----SHD---- C:\System Volume Information
2010-04-17 14:23:04 ----D---- C:\WINDOWS\system32\Restore
2010-04-17 14:22:35 ----D---- C:\WINDOWS\system32\drivers
2010-04-17 14:22:34 ----D---- C:\Program Files
2010-04-17 13:27:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 13:26:22 ----D---- C:\WINDOWS\system32\config
2010-04-17 13:26:02 ----D---- C:\WINDOWS\system32\wbem
2010-04-17 13:26:02 ----D---- C:\WINDOWS\Registration
2010-04-17 13:03:37 ----D---- C:\WINDOWS\Prefetch
2010-04-17 12:31:56 ----A---- C:\WINDOWS\system.ini
2010-04-17 12:29:57 ----D---- C:\Program Files\Application Updater
2010-04-17 12:29:03 ----D---- C:\WINDOWS\AppPatch
2010-04-17 12:29:00 ----D---- C:\Program Files\Common Files
2010-04-17 12:02:39 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-04-17 11:59:14 ----RASH---- C:\boot.ini
2010-04-17 11:20:58 ----D---- C:\Program Files\Eset
2010-04-17 10:07:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 17:03:01 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 16:52:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 20:40:40 ----D---- C:\Program Files\pdfforge Toolbar
2010-04-04 16:18:25 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 09:24:02 ----A---- C:\WINDOWS\win.ini
2010-03-21 20:44:31 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2006-05-21 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2006-05-21 12160]
R2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2006-05-21 8704]
R2 lmirfsdriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 dyncal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2007-05-21 21168]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 8de2ebef;8de2ebef; C:\WINDOWS\System32\drivers\8de2ebef.sys []
S2 lmiinfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dsaudiodevice_207;DsAudioDevice_207; C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys [2009-01-08 16640]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gkmixern;gkmixern; \??\C:\DOCUME~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 pac207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 lmirfsclientnp;LMIRfsClientNP; C:\WINDOWS\system32\drivers\lmirfsclientnp.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-11 77944]
S3 microsoft office groove audit service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#27 Příspěvek od **Caroprd111** » 17 dub 2010 13:53

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva15.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf58.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winms73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Qva15.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Vbf58.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winjo05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winms73.sys]

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno

Obrázek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

petypety · #28 Příspěvek od **petypety** » 17 dub 2010 14:05

ComboFix 10-04-15.05 - Rostislav Drápal 17.04.2010 14:58:20.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.256 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rostislav Drápal\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 11:26 . 2010-04-17 11:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 10:58 . 2010-04-17 11:25 -------- d-----w- C:\RECYCLER(2)
2010-04-17 10:58 . 2010-04-17 11:25 -------- d-----w- C:\ComboFix(2)
2010-04-17 08:07 . 2004-08-17 13:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-17 08:07 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-15 17:39 . 2010-04-17 12:33 -------- d-----w- c:\program files\trend micro
2010-04-15 17:39 . 2010-04-15 17:39 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 12:29 . 2001-10-25 12:00 64204 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 12:29 . 2001-10-25 12:00 384628 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 12:22 . 2010-01-18 05:15 -------- d-----w- c:\program files\Application Updater
2010-04-17 11:17 . 2010-04-17 11:24 372268 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1029.dat
2010-04-17 09:20 . 2007-10-23 15:33 -------- d-----w- c:\program files\Eset
2010-04-14 18:40 . 2009-10-19 19:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-04-03 07:23 . 2009-12-28 13:32 304160 ----a-w- C:\PA207.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-04-17_10.04.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 12:00 . 2010-04-17 12:29 54500 c:\windows\system32\perfc009.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2005-11-11 20:04 . 2010-04-17 11:26 305176 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 12:00 . 2010-04-17 12:29 384722 c:\windows\system32\perfh009.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 155648 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 237568 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
+ 2010-04-17 10:30 . 2010-04-17 10:30 237568 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2010-04-17 10:30 . 2010-04-17 10:30 6205440 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"="c:\windows\878RMT.exe" [2005-05-20 401408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Rostislav Dr pal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2007-2-1 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lmiinit]
2008-10-02 18:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\medal of honor\\MOHAA.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Hry\\need for speed 7\\Speed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [12.11.2005 15:30 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [12.11.2005 15:30 12160]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [12.11.2005 15:30 8704]
R3 dyncal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2007 17:26 21168]
S0 Qva15;Qva15;c:\windows\system32\Drivers\Qva15.sys --> c:\windows\system32\Drivers\Qva15.sys [?]
S0 Vbf58;Vbf58;c:\windows\system32\Drivers\Vbf58.sys --> c:\windows\system32\Drivers\Vbf58.sys [?]
S0 Winjo05;Winjo05;c:\windows\system32\Drivers\Winjo05.sys --> c:\windows\system32\Drivers\Winjo05.sys [?]
S0 Winms73;Winms73;c:\windows\system32\Drivers\Winms73.sys --> c:\windows\system32\Drivers\Winms73.sys [?]
S1 8de2ebef;8de2ebef;c:\windows\system32\drivers\8de2ebef.sys --> c:\windows\system32\drivers\8de2ebef.sys [?]
S2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 dsaudiodevice_207;DsAudioDevice_207;c:\windows\system32\drivers\DsAudioDevice_207.sys [12.12.2009 19:49 16640]
S3 gkmixern;gkmixern;\??\c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys [?]
S3 pac207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [28.12.2009 15:15 618112]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: e&xportovat do aplikace microsoft excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C70C52F0-AB71-48E6-9B9C-96BC1E7683F2} = 194.228.41.65,194.228.41.113
FF - ProfilePath - c:\documents and settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 15:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = c:\windows\878RMT.exe?d Remote Control Applet\1.0\Default????q??H?A??eB?????H?????A?????P?????A?L?A???@???????A???????????????@????????????????????????????P????lr??????????K?@????????????????P?????????????????????????????7???7??????T????'@???p?H???|?A?????7(@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-04-17 15:03:20
ComboFix-quarantined-files.txt 2010-04-17 13:03
ComboFix2.txt 2010-04-17 10:34
ComboFix3.txt 2010-04-17 10:07

Před spuštěním: 3 595 251 712
Po spuštění: 3 563 421 696

- - End Of File - - D14BAE4B93464A6AF7294F95643AD253

#29 Příspěvek od **Caroprd111** » 17 dub 2010 14:10

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
Qva15
Vbf58
Winjo05
Winms73
8de2ebef
gkmixern

File::
c:\windows\system32\Drivers\Qva15.sys 
c:\windows\system32\Drivers\Vbf58.sys 
c:\windows\system32\Drivers\Winjo05.sys 
c:\windows\system32\Drivers\Winms73.sys 
c:\windows\system32\drivers\8de2ebef.sys 
c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys 

Folder::
C:\Documents and Settings\Rostislav Drápal\Data aplikací\Search Settings
C:\Program Files\Application Updater

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

petypety · #30 Příspěvek od **petypety** » 17 dub 2010 14:24

ComboFix 10-04-15.05 - Rostislav Drápal 17.04.2010 15:13:03.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.200 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rostislav Drápal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rostislav Drápal\Plocha\CFScript.txt.txt

FILE ::
"c:\docume~1\ROSTIS~1\LOCALS~1\Temp\gkmixern.sys"
"c:\windows\system32\drivers\8de2ebef.sys"
"c:\windows\system32\Drivers\Qva15.sys"
"c:\windows\system32\Drivers\Vbf58.sys"
"c:\windows\system32\Drivers\Winjo05.sys"
"c:\windows\system32\Drivers\Winms73.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rostislav Drápal\Data aplikací\Search Settings
c:\documents and settings\Rostislav Drápal\Data aplikací\Search Settings\kb130\temp\ws-14716.log
c:\program files\Application Updater
c:\program files\Application Updater\config.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QVA15
-------\Legacy_VBF58
-------\Legacy_WINJO05
-------\Legacy_WINMS73
-------\Service_8de2ebef
-------\Service_gkmixern
-------\Service_Qva15
-------\Service_Vbf58
-------\Service_Winjo05
-------\Service_Winms73

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 11:26 . 2010-04-17 11:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-17 10:58 . 2010-04-17 11:25 -------- d-----w- C:\RECYCLER(2)
2010-04-17 10:58 . 2010-04-17 11:25 -------- d-----w- C:\ComboFix(2)
2010-04-17 08:07 . 2004-08-17 13:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-04-17 08:07 . 2004-08-17 13:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-04-15 17:39 . 2010-04-17 12:33 -------- d-----w- c:\program files\trend micro
2010-04-15 17:39 . 2010-04-15 17:39 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 12:29 . 2001-10-25 12:00 64204 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 12:29 . 2001-10-25 12:00 384628 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 11:17 . 2010-04-17 11:24 372268 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1029.dat
2010-04-17 09:20 . 2007-10-23 15:33 -------- d-----w- c:\program files\Eset
2010-04-14 18:40 . 2009-10-19 19:33 -------- d-----w- c:\program files\pdfforge Toolbar
2010-04-03 07:23 . 2009-12-28 13:32 304160 ----a-w- C:\PA207.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-04-17_10.04.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 12:00 . 2010-04-17 12:29 54500 c:\windows\system32\perfc009.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2005-11-11 20:04 . 2010-04-17 11:26 305176 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 12:00 . 2010-04-17 12:29 384722 c:\windows\system32\perfh009.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 155648 c:\windows\ERDNT\subs(2)\Users(2)\00000006(2)\UsrClass.dat
+ 2010-04-17 10:30 . 2010-04-17 10:30 237568 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\NTUSER.DAT
+ 2010-04-17 10:30 . 2010-04-17 10:30 237568 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
+ 2010-04-17 10:30 . 2010-04-17 10:30 6205440 c:\windows\ERDNT\subs(2)\Users(2)\00000005(2)\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Applet"="c:\windows\878RMT.exe" [2005-05-20 401408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Rostislav Dr pal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2007-2-1 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lmiinit]
2008-10-02 18:45 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Hry\\medal of honor\\MOHAA.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Hry\\need for speed 7\\Speed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [12.11.2005 15:30 214692]
R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [12.11.2005 15:30 12160]
R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [12.11.2005 15:30 8704]
R3 dyncal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [21.5.2007 17:26 21168]
S2 lmiinfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 dsaudiodevice_207;DsAudioDevice_207;c:\windows\system32\drivers\DsAudioDevice_207.sys [12.12.2009 19:49 16640]
S3 pac207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [28.12.2009 15:15 618112]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: e&xportovat do aplikace microsoft excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C70C52F0-AB71-48E6-9B9C-96BC1E7683F2} = 194.228.41.65,194.228.41.113
FF - ProfilePath - c:\documents and settings\Rostislav Drápal\Data aplikací\Mozilla\Firefox\Profiles\jlwp4qbs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 15:17
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Applet = c:\windows\878RMT.exe?d Remote Control Applet\1.0\Default????q??H?A??eB?????H?????A?????P?????A?L?A???@???????A???????????????@????????????????????????????P????lr??????????K?@????????????????P?????????????????????????????7???7??????T????'@???p?H???|?A?????7(@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-17 15:20:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-17 13:20
ComboFix2.txt 2010-04-17 13:03
ComboFix3.txt 2010-04-17 10:34
ComboFix4.txt 2010-04-17 10:07

Před spuštěním: 3 569 934 336
Po spuštění: 3 487 535 104

- - End Of File - - 12CAAB209C02A695AF90AECAD3E451A5

VIRY.CZ

Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT

Re: Malware - Security tool - log z RSIT