prosím o kotrolu logu

[smokeflypaper]

ComboFix 10-04-21.01 - svancarz 24.04.2010 17:44:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1014.595 [GMT 2:00]
Spuštěný z: c:\documents and settings\svancarz.LMC\My Documents\!!Personal!!\4system\combofix\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\svchstb.dll
c:\windows\system32\Thumbs.db

----- BITS: Možné infikované stránky -----

hxxp://wsus.ad.lmc.cz
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-22 12:28 . 2010-04-22 21:19 -------- d-----w- C:\Downloads
2010-04-22 12:25 . 2010-04-24 14:04 -------- d-----w- c:\program files\FlashGet
2010-04-18 18:06 . 2010-04-18 18:06 -------- d-----w- c:\documents and settings\svancarz.LMC\Local Settings\Application Data\Unity
2010-04-14 10:52 . 2010-03-09 11:09 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-04-14 10:52 . 2010-02-12 04:33 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-14 10:52 . 2010-02-11 12:02 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-04-14 10:52 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-04-14 10:52 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-03-25 20:18 . 2010-03-25 20:21 -------- d-----w- c:\program files\PS3 Media Server

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 15:40 . 2008-01-25 16:54 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-04-24 15:40 . 2008-01-25 16:52 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-04-24 15:31 . 2010-01-08 08:16 -------- d-----w- c:\documents and settings\svancarz.LMC\Application Data\Skype
2010-04-24 14:00 . 2008-02-12 12:29 -------- d-----w- c:\documents and settings\svancarz.LMC\Application Data\skypePM
2010-04-24 13:58 . 2009-07-07 19:18 -------- d-----w- c:\program files\Microsoft Games
2010-04-24 12:38 . 2009-07-13 20:35 -------- d-----w- c:\program files\CSS
2010-04-24 12:32 . 2009-12-10 18:51 -------- d-----w- c:\program files\dm
2010-04-23 14:48 . 2009-06-30 08:17 1 ----a-w- c:\documents and settings\svancarz.LMC\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-01 09:13 . 2009-04-25 22:12 -------- d-----w- c:\program files\rajce
2010-03-25 13:10 . 2008-02-05 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-25 13:09 . 2010-03-25 13:09 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-25 13:07 . 2008-02-05 21:21 -------- d-----w- c:\program files\Nokia
2010-03-25 13:05 . 2008-02-05 21:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-25 13:04 . 2010-03-25 13:04 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-25 13:04 . 2010-03-25 13:04 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-25 13:04 . 2010-03-25 13:04 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-25 13:04 . 2010-03-25 13:04 34642680 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_2.4.6EN.exe
2010-03-11 12:38 . 2004-08-11 17:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 17:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 17:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-11 07:37 . 2008-01-25 16:54 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-03-09 11:09 . 2004-08-11 17:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 17:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 14:08 . 2004-08-11 17:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 17:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 17:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 13:52 . 2010-02-04 13:52 138240 ----a-w- c:\documents and settings\svancarz.LMC\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-04 13:52 . 2010-02-04 13:52 138240 ----a-w- c:\documents and settings\svancarz.LMC\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-04 13:52 . 2010-02-04 13:52 138240 ----a-w- c:\documents and settings\svancarz.LMC\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-04 13:52 . 2010-02-04 13:52 138240 ----a-w- c:\documents and settings\svancarz.LMC\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-25 16:30 . 2010-01-25 16:30 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 16:30 . 2010-01-25 16:30 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 16:30 . 2010-01-25 16:30 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 16:30 . 2010-01-25 16:30 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 16:29 . 2010-01-25 16:30 34698816 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
2009-11-29 20:38 . 2009-11-29 20:38 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2008-04-16 19:01 . 2008-04-16 19:01 0 -csha-w- c:\windows\S4608CB45.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2009-12-01 1088688]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-616249376-839522115-6620\Scripts\Logon\0\0]
"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-616249376-839522115-6620\Scripts\Logon\0\1]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-616249376-839522115-6620\Scripts\Logon\0\2]
"Script"=applyIFM_IFS75.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-616249376-839522115-6620\Scripts\Logon\0\3]
"Script"=firefox_ntlm_preference_conf.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^svancarz.LMC^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\svancarz.LMC\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^svancarz.LMC^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\svancarz.LMC\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^svancarz.LMC^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\svancarz.LMC\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-03-14 11:55 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 12:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 16:32 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HUAWEI 3G Data Card MTS]
2007-03-02 16:37 327680 ----a-w- c:\progra~1\HUAWEI~1\HUAWEI~2\HUAWEI 3G Data Card.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-07-25 16:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-07-25 16:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 14:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2007-03-06 13:51 212992 ----a-w- c:\program files\Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2008-02-01 11:01 949376 ----a-w- c:\program files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2006-04-20 16:29 1279032 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 17:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 09:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 10:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 09:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 13:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-08-05 11:15 288048 ----a-w- c:\program files\uTorrent\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 09:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooWidgetEngine.exe]
2007-07-20 17:57 2913584 ----a-w- c:\program files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgetEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei E620 Data Card\\HUAWEI 3G Data Card.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\HUAWEI 3G Data Card.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\LFS\\LFS.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [4.12.2009 17:22 132424]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [9.1.2010 21:20 43792]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1.2.2008 12:55 15424]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19.12.2006 16:21 79432]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [9.1.2010 21:20 136192]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [20.12.2008 18:00 204800]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.4.2006 8:22 70912]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11.8.2004 19:00 5120]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.3.2008 15:25 717296]
S2 gupdate1c9768c3975b8ca;Google Update Service (gupdate1c9768c3975b8ca);c:\program files\Google\Update\GoogleUpdate.exe [14.1.2009 23:08 133104]
S2 WinRPC10;WinRemotePC Server;c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10 --> c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe [?]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [6.2.2008 20:10 7888]
S3 cpuz130;cpuz130;\??\c:\docume~1\svancarz.LMC\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\svancarz.LMC\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2.11.2006 14:32 97536]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2.8.2009 12:56 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2.8.2009 12:56 3072]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [19.2.2008 21:21 88960]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11.2.2008 10:22 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11.2.2008 10:22 65152]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [29.3.2008 17:34 30920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.3.2010 15:07 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.3.2010 15:07 8320]
S3 OKI OPHI DCS Loader;OKI OPHI DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHILDCS.EXE [10.1.2007 18:05 24576]
S3 radmrdd;radmrdd;c:\windows\system32\DRIVERS\radmrdd.sys --> c:\windows\system32\DRIVERS\radmrdd.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [16.7.2009 14:11 98488]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-24 c:\windows\Tasks\COMODO Registry Cleaner task.job
- c:\program files\COMODO\COMODO System-Cleaner\CSC.exe [2009-10-27 14:39]

2010-04-24 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2009-10-27 17:18]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 16:34]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-14 16:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: c:\windows\system32\imon.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\svancarz.LMC\Application Data\Mozilla\Firefox\Profiles\rzuyfdn0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\svancarz.LMC\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port -
FF - user.js: network.proxy.share_proxy_settings - true
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
Notify-gemsafe - c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
MSConfigStartUp-AdVantage Setup - c:\program files\Webteh\BSplayer\AdVantageSetup.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
AddRemove-InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6} - c:\program files\InstallShield Installation Information\{0824EE6D-137F-4B83-9628-8E7B000BEBA6}\_is2008.psi



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 17:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinRPC10]
"ImagePath"="c:\program files\WinSoftMagic\WinRemotePC\WRPCServer.exe /startedbyscm:14801308-40E2C9B6-WinRPC10"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1343024091-616249376-839522115-6620\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1343024091-616249376-839522115-6620\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8D5026B-64CD-7241-E156-2CB5636738DF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1343024091-616249376-839522115-6620\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,2d,09,1b,b6,2e,6a,b5,f0,0f,0b,b3,bc,1d,5d,3b,42,30,a1,af,92,c0,5c,
17,15,6b,29,19,be,8e,aa,7f,21,08,89,17,e0,69,e2,06,b9,85,e2,ec,ff,c9,67,fd,\
"??"=hex:0a,ad,90,f0,65,3c,48,de,9a,dd,e5,c4,ed,13,f0,dd

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1580)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2010-04-24 18:03:58
ComboFix-quarantined-files.txt 2010-04-24 16:03

Před spuštěním: 37 990 195 200 bytes free
Po spuštění: 38 842 376 192 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - AAA56F61BA54A78F9BBFC9F9721DBC33

[Roli]

Zdravím, něco smazáno zbytek v pořádku.

Jen tohle :

c:\windows\S4608CB45.tmp

najdi a smaž.

Je tedy nějaký problém s PC ?

[smokeflypaper]

Zdravím, něco smazáno zbytek v pořádku.

Jen tohle :

c:\windows\S4608CB45.tmp

najdi a smaž.

Je tedy nějaký problém s PC ?

snad ne.

> nedou mi smazat některý soubory (installPackage.dtd v adresari ICQ.6) (ani programkem unlocker ktery maze pri restartu)
> a obas mi to prijde hrozne zpomaleny halven mozilla...
S4608CB45.tmp jsem smazal

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !

Defragmentuj disku buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem


Pak použij Mbam z mého podpisu.

[smokeflypaper]

Díky dnes se na to večer vrhnu..

[Roli]

Dobře jen mi sem potom nazapomeň dát ten log z Mbam.