svcgost.exe - Prosim o pomoc

[Chulap]

Zdravim,

na ploche PC sa mi z nicoho nic objavil exe subor "svcgost.exe", ktory nepoznam. Ak som sa ho pokusal vymazat, system to nedovolil pretoze subor je pouzivany inym programom alebo uzivatelom. Toto iste mi hlasi, aj ked som to chcel vymazat v nudzovom rezime.

Prosim poradte mi co s tym? Ci je to nejaka havet, alebo je to sucast systemu Windows a patri to niekam inam ako na plochu. Pripadne ak je to havet, amko sa mozem toho zbavit?

Vopred dakujem,

Chulap

[1danab]

zdravím
stáhněte z mého podpisu RSIT, spusťte sken a log mi hoďte sem

[Chulap]

Zdravim,

tu je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rasťo & Marcela at 2010-05-18 19:22:55
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 751 MB (4%) free of 20 GB
Total RAM: 511 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:03, on 18.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
D:\INŠTALAČKY\RSIT_ScanerPC\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rasťo & Marcela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IOL.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.sk/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7431000906
O17 - HKLM\System\CCS\Services\Tcpip\..\{680C0A2F-781D-4886-A092-66F4DB2CA560}: NameServer = 85.248.241.2 85.248.241.3
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6519 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-19 1183656]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-19 1958800]
"Spamihilator"=C:\Program Files\Spamihilator\spamihilator.exe [2008-12-23 1321984]
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Rasťo & Marcela\Nabídka Start\Programy\Po spuštění
IOL.lnk -
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Spamihilator\cdcc.exe"="C:\Program Files\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\Program Files\Spamihilator\dccproc.exe"="C:\Program Files\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\Program Files\Spamihilator\spamihilator.exe"="C:\Program Files\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5075c4e2-f7f3-11dc-ac65-00138f335811}]
shell\AutoRun\command - F:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edcc6a88-d118-11dd-ad9b-00138f335811}]
shell\AutoRun\command - F:\seamlessKeyLauncher.exe


======List of files/folders created in the last 1 months======

2010-05-18 19:22:55 ----D---- C:\rsit
2010-05-17 23:24:58 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-26 19:31:52 ----A---- C:\WINDOWS\IE4 Error Log.txt

======List of files/folders modified in the last 1 months======

2010-05-18 19:22:48 ----D---- C:\WINDOWS\Prefetch
2010-05-18 19:21:29 ----D---- C:\WINDOWS\temp
2010-05-18 18:43:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-18 18:28:57 ----D---- C:\Program Files\Mozilla Firefox
2010-05-18 18:27:50 ----D---- C:\Program Files\Spamihilator
2010-05-18 18:27:39 ----D---- C:\WINDOWS
2010-05-17 23:44:54 ----A---- C:\WINDOWS\system.ini
2010-05-17 19:46:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-16 15:25:27 ----A---- C:\WINDOWS\WDICT32.INI
2010-05-12 23:34:56 ----SHD---- C:\WINDOWS\Installer
2010-05-12 23:33:43 ----D---- C:\Program Files\Nokia
2010-05-12 23:24:38 ----D---- C:\Program Files\Common Files\Nokia
2010-05-12 23:12:33 ----D---- C:\Documents and Settings\Rasťo & Marcela\Data aplikací\Nokia
2010-05-12 23:00:29 ----RD---- C:\Program Files
2010-05-12 23:00:25 ----D---- C:\WINDOWS\system32
2010-05-11 21:45:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-09 11:02:56 ----DC---- C:\WINDOWS\system32\dllcache
2010-04-22 20:39:22 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-27 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-01-27 27776]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-25 39264]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-04 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-04 13240]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-01-27 99200]
S3 catchme;catchme; \??\C:\DOCUME~1\RASO&M~1\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-04 180360]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\RASO&M~1\LOCALS~1\Temp\oflpydin.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-04 95424]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 TF1D091010;TF1D091010; C:\WINDOWS\system32\DRIVERS\TF1D091010.sys [2008-02-02 99968]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2004-08-17 73796]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[1danab]

stáhněte a uložte nejlépe na plochu ComboFix

spusťte aplikaci pod účtem s administrátorským oprávněním
po startu se zobrazí obrazovka s licenčními podmínkami, klikněte na tlačítko Ano:



může dojít k varování ohledně rezidentního štítu Vašeho antiviru a upozornění na nenainstalovanou konzoli pro zotavení; zatím jí neinstalujte

sken trvá cca 10 minut (může trvat i déle, podle množství souborů a rychlosti pc); během skenu nespouštějte žádné aplikace

během skenování může být Vaše pc restartováno, proto nepropadejte panice

upozornění: pokud používate antispyware s rezidentním štítem, deaktivujte jeho rezidentní štít, protože dochází při skenu a výmazu případného malware k nežádoucím kolizím Combofixu s rezidentem antispyware

po restartování vytvoří aplikace log, uložený na C:/Combofix.txt jeho obsah vložte sem

[Chulap]

Zdravim,

trosku to trvalo, ale tu je uz log z COMBOFIX. Inac subor svcgost.exe je momentalne pridany do karanteny v NOD 4.0

ComboFix 10-05-16.06 - Rasťo & Marcela 18.05.2010 21:32:18.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.192 [GMT 2:00]
Running from: d:\inštalačky\ComboFix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 18:30 . 2010-05-18 18:29 389632 ----a-w- c:\windows\system32\CF13479.exe
2010-05-18 17:22 . 2010-05-18 18:30 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 17:25 . 2009-06-21 08:52 -------- d-----w- c:\program files\Spamihilator
2010-05-17 21:40 . 2008-04-27 16:45 2020 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-12 21:33 . 2009-07-07 18:09 -------- d-----w- c:\program files\Nokia
2010-05-12 21:24 . 2009-07-07 18:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-30 19:47 . 2009-03-12 20:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-28 11:12 . 2001-10-25 14:00 98592 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 11:12 . 2001-10-25 14:00 465568 ----a-w- c:\windows\system32\perfh005.dat
2007-04-14 19:58 . 2007-03-13 22:19 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 16:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 16:21 94360]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 16:19 731840]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 oflpydin;oflpydin;\??\c:\docume~1\RASO&M~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\RASO&M~1\LOCALS~1\Temp\oflpydin.sys [?]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [2.2.2008 1:37 99968]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {680C0A2F-781D-4886-A092-66F4DB2CA560} = 85.248.241.2 85.248.241.3
FF - ProfilePath - c:\documents and settings\Rasťo & Marcela\Data aplikací\Mozilla\Firefox\Profiles\uat1iuhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.vlasaty.sk/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... EDDAF5}&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI02.01.01.01PRO"="19387AEE40D02799F82D751BE4E4E4E33A9238363FE7029EC25AF11CF13B657029BF8956306A8B82024895AD76F22E9E0AD52456159DAC66994C532113E9560765BF3945D30D720F193B1E369972A2483710070A4BE097A84D38856E999E8D52FC4D6A33622D9B9DCB04B75C74935ABBC9456DC916BACD63064D1CEFE758298FD1DED49C0BE3DE4DD8835D4CA2A67F1C7E6237149B566ED9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E66723F259D8E8DDCF8B54A32456E0F037AE98223CDC40D950BE5B6B824684FDC3A9A36B1403F33D5F377ED2D703E70BCCF5347A4CADEB96883AC54FBDE0A8863CAE47DCB3129FC4DC7086D8BEEA3A57943F77CB1085234B0B3880BF5F3277AE722A87022A4CBD1E67F0DFF7B3A2B459A6E37683626C717404D2D9EEE9CFCA0DC4980EF6BE7A93173835335661C42B392F02F5EE776B57B136E8D5773455EED7AAB83C3E8DE75CA298FE5DFE4AEDE5C06C7DED435513C6C7F29FA85368E2256EAB0FA3BC07E4C6D465D3ED6042411E5DB1FA8D1753752A1DA55B4065869CA3D0E7660CBBEEC872E7927B29CB72E283256764B5E5A1285D3FC74A377060A991A38DC671E95B6AF6BB26830AF7D67DB9CC87E8FC0EC0462EDBEAD8E29D9CB58C2E638204D6BAA55FD03ABEBA8041BED530A17A2CD407EF6349B23CC878B5EFA660C2AE2678CA5CA6CBFC3F1C6256D7E5CC58CEBF609DC4347ED86A24727C8CE2C998A2EF292072C1F830E1C3818E7EE547655F6ABC836FCA16A71E625F91C3BC9FE579AD2622D215C42BBF7922B66C4BE512EC9159091649D180D8A677EC501FB940935D0F8C66FB40573E39F0705FFB933DF5CE89D4EBC21558DAC657D8716C16529633EA70204324347F35FA2E1853DF5B447004E020C06736AD4E7FF3EBF85556E99723AFF42D48D2ECD0323BDD1FFB73DF76647A6A3DF4361A7B5532878D3DA039A404835CF0AA59B4246E33F8243F209696AA4307298D8A32401F588E68B415F4AA40F6D3B5ED8248FCE9073819A512FBBABAB0B1E7A47546440A82D1B9492C512CEC6A5C9D581E5BD942FBECA74E0BE501D98D2FD2D250EE61281F2427AD744662821079B6520BE872F9A9EBEF7AE26D3A36774635D30707A56B715EC7340F11B7DF71B30A6AC2ABABF77E10061385726B5D60C04F0819AED42E90DBAA5831B0CC45E9998F52CE272506B9B56EA0711550428D6D54721D47E32C657B50352468F259A9393661CB20ADD2EFBF2654B93DD2BD181EECBAB8797E84B0212E0B444235A3B3A9E00F6D1EC9F18B939C000714980B6EAA36AE2A2F833E04B42C41050A4B92DF81E3FB796FB257491A329A1308F349D26EBDBB4098"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-05-18 21:42:53
ComboFix-quarantined-files.txt 2010-05-18 19:42

Pre-Run: 777 162 752
Post-Run: 6 512 791 552

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 34A8BEB22C602C96DEE717CA05AEA72F

[1danab]

klikněte na ten soubor svcgost.exe pravým tlačítkem myši, dejte Vlastnosti, a zkopírujte text z okénka Cíl

[Chulap]

Tento subor je umiestneny priamo na ploche. Jeho ciel je:

C:\Documents and Settings\Rasťo & Marcela\Plocha

[1danab]

otevřete si Poznámkový blok

do něj zkopírujte skript z nasledujiciho okna:

Kód: Vybrat vše

File::
c:\docume~1\RASO&M~1\LOCALS~1\Temp\oflpydin.sys
C:\Documents and Settings\Rasťo & Marcela\Plocha\svcgost.exe

Driver::
oflpydin

uložte vámi vytvořený textový soubor jako CFScript.txt na plochu

po uložení uchopte vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad níž skript upusťte:



po aplikaci by se měl zobrazit další log, vložte jej sem

Upozornění: je možné, že po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případě znovu restartujte, po restartu mačkejte F8 a zvolte Poslední známou fuknční konfiguraci

[Chulap]

Zdravim,

ten subor svcgost.exe je uz vymazany z plochy a tu je nasledne aj log:

ComboFix 10-05-16.06 - Rasťo & Marcela 18.05.2010 22:30:51.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.180 [GMT 2:00]
Running from: d:\inštalačky\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\Rasťo & Marcela\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
* Resident AV is active


FILE ::
"c:\docume~1\RASO&M~1\LOCALS~1\Temp\oflpydin.sys"
"c:\documents and settings\Rasťo & Marcela\Plocha\svcgost.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rasťo & Marcela\Plocha\svcgost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin


((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 18:30 . 2010-05-18 18:29 389632 ----a-w- c:\windows\system32\CF13479.exe
2010-05-18 17:22 . 2010-05-18 18:30 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 17:25 . 2009-06-21 08:52 -------- d-----w- c:\program files\Spamihilator
2010-05-17 21:40 . 2008-04-27 16:45 2020 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-12 21:33 . 2009-07-07 18:09 -------- d-----w- c:\program files\Nokia
2010-05-12 21:24 . 2009-07-07 18:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-30 19:47 . 2009-03-12 20:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-28 11:12 . 2001-10-25 14:00 98592 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 11:12 . 2001-10-25 14:00 465568 ----a-w- c:\windows\system32\perfh005.dat
2007-04-14 19:58 . 2007-03-13 22:19 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 16:18 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 16:21 94360]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.4.2009 16:19 731840]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [2.2.2008 1:37 99968]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {680C0A2F-781D-4886-A092-66F4DB2CA560} = 85.248.241.2 85.248.241.3
FF - ProfilePath - c:\documents and settings\Rasťo & Marcela\Data aplikací\Mozilla\Firefox\Profiles\uat1iuhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.vlasaty.sk/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... EDDAF5}&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 22:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI02.01.01.01PRO"="19387AEE40D02799F82D751BE4E4E4E33A9238363FE7029EC25AF11CF13B657029BF8956306A8B82024895AD76F22E9E0AD52456159DAC66994C532113E9560765BF3945D30D720F193B1E369972A2483710070A4BE097A84D38856E999E8D52FC4D6A33622D9B9DCB04B75C74935ABBC9456DC916BACD63064D1CEFE758298FD1DED49C0BE3DE4DD8835D4CA2A67F1C7E6237149B566ED9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E66723F259D8E8DDCF8B54A32456E0F037AE98223CDC40D950BE5B6B824684FDC3A9A36B1403F33D5F377ED2D703E70BCCF5347A4CADEB96883AC54FBDE0A8863CAE47DCB3129FC4DC7086D8BEEA3A57943F77CB1085234B0B3880BF5F3277AE722A87022A4CBD1E67F0DFF7B3A2B459A6E37683626C717404D2D9EEE9CFCA0DC4980EF6BE7A93173835335661C42B392F02F5EE776B57B136E8D5773455EED7AAB83C3E8DE75CA298FE5DFE4AEDE5C06C7DED435513C6C7F29FA85368E2256EAB0FA3BC07E4C6D465D3ED6042411E5DB1FA8D1753752A1DA55B4065869CA3D0E7660CBBEEC872E7927B29CB72E283256764B5E5A1285D3FC74A377060A991A38DC671E95B6AF6BB26830AF7D67DB9CC87E8FC0EC0462EDBEAD8E29D9CB58C2E638204D6BAA55FD03ABEBA8041BED530A17A2CD407EF6349B23CC878B5EFA660C2AE2678CA5CA6CBFC3F1C6256D7E5CC58CEBF609DC4347ED86A24727C8CE2C998A2EF292072C1F830E1C3818E7EE547655F6ABC836FCA16A71E625F91C3BC9FE579AD2622D215C42BBF7922B66C4BE512EC9159091649D180D8A677EC501FB940935D0F8C66FB40573E39F0705FFB933DF5CE89D4EBC21558DAC657D8716C16529633EA70204324347F35FA2E1853DF5B447004E020C06736AD4E7FF3EBF85556E99723AFF42D48D2ECD0323BDD1FFB73DF76647A6A3DF4361A7B5532878D3DA039A404835CF0AA59B4246E33F8243F209696AA4307298D8A32401F588E68B415F4AA40F6D3B5ED8248FCE9073819A512FBBABAB0B1E7A47546440A82D1B9492C512CEC6A5C9D581E5BD942FBECA74E0BE501D98D2FD2D250EE61281F2427AD744662821079B6520BE872F9A9EBEF7AE26D3A36774635D30707A56B715EC7340F11B7DF71B30A6AC2ABABF77E10061385726B5D60C04F0819AED42E90DBAA5831B0CC45E9998F52CE272506B9B56EA0711550428D6D54721D47E32C657B50352468F259A9393661CB20ADD2EFBF2654B93DD2BD181EECBAB8797E84B0212E0B444235A3B3A9E00F6D1EC9F18B939C000714980B6EAA36AE2A2F833E04B42C41050A4B92DF81E3FB796FB257491A329A1308F349D26EBDBB4098"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-05-18 22:45:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 20:45
ComboFix2.txt 2010-05-18 19:42

Pre-Run: 6 550 925 312
Post-Run: 6 519 201 792

- - End Of File - - AA2E69A5C3ACC1859F318A049D5B59A3

[1danab]

svinstvo smazáno
pokud je pc v poho, je to ode mne vše

[Chulap]

Zdravim Vas,

velmi pekne dakujem za pomoc a zelam prijemny zbytok vecera. PC funguje zatial bez problemov, a dufam ze aj nadalej bude.

Este raz velka vdaka. Nech sa dari.

Chulap

[1danab]

nemáte vůbec zač i Vám příjemný zbytek večera