Odpojen od poskytovatele internetu kvůli "virum"

Zpráva

Pazdi · #1 Příspěvek od **Pazdi** » 13 lis 2010 15:31

Dobré odpoledne,
chtěl bych požádat o radu a pomoc. Včera odpoledne jsem zjistil, že jsem byl odpojen od poskytovatele internetu z důvodu, že od nás odchází velké množstí dat (dle jeho informace spousta emailu). Bohužel mi ale nedokázal (možná nechtěl) říct jak zjistím, který pc to dělá (mám doma připojeny dvě stolní pc a jeden notebook přes wifi - doma máme router - za který se oni nedokážou dostat a poradit)
Včera jsem všechny pc prošel antiviry - avast na stolních a nod32 na notebooku, nalezlo to dohromady asi 3, možná 4 viry, ale vše pak bylo čisto. Domluvil jsem se tedy s poskytovatelem o aktivaci linky a večer vše běželo ok. Bohužel dnes ráno mě čekalo nemilé překvapení v podobě opětovné blokace linky a na telefonní dotaz mi odpověděl, že jak se před chvílí díval, tak se opakuje včerejšek. Dnes tedy na všech pc běží ad aware a spybot a všechno, co je problémové jsem odstranil.
V současné chvíli jsem se rozhodl jeden pc tak či tak přeinstalovat, takže ten už řešit nepotřebuji, ale jde mi o to, že bych potřeboval do sítě připojit notebook a pc a rád bych se ujistil, že je vše čisté před tím, než mi znovu odpojí linku.

(snažil jsem se ještě nainstalovat prográmek Karens Lan Monitor, abych viděl, který pc v síti zlobí, ale narazil jsem na problém, že netuším, jak moc odpovídající jsou určité údaje, takže raději volím tuto cestu)
Přikládám log z RSIT, cokoliv dále by bylo potřeba, stačí říct udělám vše, co bude třeba.

Děkuji předem Pazdi

LOG Z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pazdera at 2010-11-13 15:29:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 137 GB (45%) free of 305 GB
Total RAM: 3033 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-322068200-3206736263-3414363638-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-322068200-3206736263-3414363638-1009UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C435ECE6-0BC4-4AAC-A3AA-9F779F67C3E1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-29 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-06 1036288]
"COMImpersonator"=C:\Program Files\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe [2008-07-17 143360]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-03-25 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-04-29 2221352]
"Outlook Profile Conversion Utility"=C:\Program Files\Kerio\Outlook Connector (Offline Edition)\ConvertProfiles.cmd [2008-01-28 53]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1077248]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-08-18 129536]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-08-18 163328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-08-18 138752]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-08-18 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Office\Office12\OUTLOOK.EXE"="C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe"="C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\uzivatel\Dokumenty\World of Warcraft\Launcher.exe"="C:\Documents and Settings\uzivatel\Dokumenty\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-11-13 15:29:51 ----D---- C:\rsit
2010-11-13 15:29:51 ----D---- C:\Program Files\trend micro
2010-11-13 14:06:32 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-11-13 11:53:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 11:53:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 11:53:02 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-11-13 11:52:36 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 11:52:10 ----D---- C:\Program Files\Lavasoft
2010-11-13 11:52:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-11-13 11:49:52 ----RA---- C:\WINDOWS\system32\drivers\SbFw.sys
2010-11-13 11:49:52 ----A---- C:\WINDOWS\system32\drivers\SbFwIm.sys
2010-11-13 11:49:46 ----D---- C:\Program Files\Sunbelt Software
2010-11-12 18:09:51 ----D---- C:\Program Files\Karen's Power Tools
2010-11-12 18:09:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Karen's Power Tools
2010-11-06 20:02:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-11-04 22:42:35 ----D---- C:\Documents and Settings\pazdera\Data aplikací\DivX
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-11-04 22:42:16 ----N---- C:\WINDOWS\system32\px.dll
2010-11-04 22:41:51 ----D---- C:\Program Files\Common Files\DivX Shared
2010-11-04 22:38:54 ----D---- C:\Program Files\DivX
2010-11-04 22:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-03 13:46:41 ----D---- C:\Program Files\Fujitsu Siemens Computers
2010-11-03 13:46:40 ----D---- C:\Program Files\Common Files\Fujitsu Siemens Computers
2010-11-03 13:37:49 ----D---- C:\Documents and Settings\pazdera\Data aplikací\Help
2010-11-02 23:50:11 ----D---- C:\Documents and Settings\pazdera\Data aplikací\Sachy
2010-10-14 16:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 16:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 16:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 16:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 16:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 16:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 16:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 16:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 16:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-13 15:29:51 ----RD---- C:\Program Files
2010-11-13 15:29:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-13 15:29:10 ----D---- C:\WINDOWS\Temp
2010-11-13 15:28:40 ----SD---- C:\WINDOWS\Tasks
2010-11-13 15:26:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-13 15:22:45 ----D---- C:\WINDOWS\system32\Restore
2010-11-13 14:23:24 ----HD---- C:\WINDOWS\inf
2010-11-13 14:19:21 ----D---- C:\WINDOWS
2010-11-13 14:17:15 ----D---- C:\WINDOWS\Prefetch
2010-11-13 14:14:13 ----D---- C:\WINDOWS\system32
2010-11-13 11:59:05 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-13 11:53:06 ----D---- C:\WINDOWS\system32\drivers
2010-11-13 11:53:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-13 11:52:36 ----SHD---- C:\WINDOWS\Installer
2010-11-13 11:52:06 ----D---- C:\WINDOWS\WinSxS
2010-11-12 00:56:27 ----D---- C:\Documents and Settings\pazdera\Data aplikací\ICQ
2010-11-11 16:02:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-11 16:00:16 ----D---- C:\WINDOWS\Debug
2010-11-11 16:00:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-07 22:00:20 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-05 10:55:56 ----D---- C:\totalcmd
2010-11-05 10:55:28 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-05 10:54:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-05 10:54:36 ----A---- C:\WINDOWS\hbcikrnl.ini
2010-11-05 10:53:43 ----D---- C:\Program Files\Norton Security Scan
2010-11-05 10:53:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-11-05 10:53:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-05 10:51:57 ----D---- C:\Program Files\Fujitsu
2010-11-05 05:55:12 ----SHD---- C:\WINDOWS\CSC
2010-11-05 05:55:08 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-11-05 00:15:29 ----A---- C:\WINDOWS\wincmd.ini
2010-11-05 00:10:57 ----D---- C:\WINDOWS\Minidump
2010-11-04 23:58:51 ----D---- C:\Program Files\Mozilla Firefox
2010-11-04 22:41:51 ----D---- C:\Program Files\Common Files
2010-11-04 16:17:41 ----D---- C:\Program Files\Ventrilo
2010-11-04 16:17:05 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-03 13:48:40 ----D---- C:\Zaloha NTB
2010-11-03 06:15:53 ----D---- C:\Documents and Settings\pazdera\Data aplikací\BITS
2010-11-01 16:22:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-18 17:40:25 ----RSD---- C:\WINDOWS\assembly
2010-10-14 16:23:34 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-10-14 16:23:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 16:21:54 ----D---- C:\Program Files\Internet Explorer
2010-10-14 16:21:48 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-05-07 317976]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 Acceler;Accelerometer Service; C:\WINDOWS\system32\DRIVERS\Acceler.sys [2008-07-02 13312]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-06-04 1203776]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-10 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-04-22 244368]
R3 FscGabi;FscGabi; C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2009-05-05 12288]
R3 FSCSLII;FSCSLII; C:\WINDOWS\system32\DRIVERS\FSCSLII.sys [2009-03-10 15360]
R3 GTUHSBUS;GT UHS BUS; C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys [2008-05-07 58752]
R3 GTUHSNDISIPXP;GT UHS IP NDIS; C:\WINDOWS\system32\DRIVERS\gtuhs51.sys [2008-05-13 106112]
R3 GTUHSSER;GT UHS SER; C:\WINDOWS\system32\DRIVERS\gtuhsser.sys [2007-03-30 8064]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-08-18 2012096]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-06 223680]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-11-28 47907]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTLGPOS;MTLGPOS; C:\WINDOWS\system32\drivers\mtlgpos.sys [2009-06-08 19712]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-06-04 13312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 HaMDevMg.1.00;Fujitsu Siemens Computers HaMDevMg.1.00; C:\Program Files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe [2008-09-05 544768]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01; C:\Program Files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe [2009-05-20 557056]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-08 1355928]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Pazdi · #2 Příspěvek od **Pazdi** » 13 lis 2010 15:33

nevím jestli je to důležité, ale log, který je uveden výše je z notebooku, kde byl v tu chvíli (a stále je) vypnuta síť (wifi) takže není připojen k internetu

#3 Příspěvek od **motji** » 13 lis 2010 16:22

Hezké odpoledne

Mrkneme na to, přeneste si na flešce combofix do pc, z něhož je Rsit a spusťte ho.
-konzoli zotavení neinstalujte, tudíž není potřeba připojit pc k síti.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Pazdi · #4 Příspěvek od **Pazdi** » 13 lis 2010 16:45

Děkuji:)
Vámi požadovaný log přikládám níže:
ComboFix 10-11-12.06 - Pazdera 13.11.2010 16:33:37.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3033.2383 [GMT 1:00]
Spuštěný z: c:\documents and settings\pazdera\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pazdera\Data aplikací\BITS
c:\documents and settings\pazdera\Data aplikací\BITS\BITS.ini
c:\documents and settings\pazdera\Data aplikací\BITS\DHTTable.dat
c:\documents and settings\pazdera\Data aplikací\BITS\ProxyList.ini
c:\documents and settings\pazdera\Data aplikací\BITS\UPnP.ini
c:\documents and settings\pazdera\Data aplikací\FlashGetBHO
c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\GPU-Z.0.4.7.exe.jc
c:\program files\FlashGet Network\FlashGet 3\GPU-Z.0.4.7.exe.jccfg3
c:\windows\libem.INI
c:\windows\system32\secustat.dat
c:\windows\system32\spool\prtprocs\w32x86\CNMPD9G.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP9G.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-13 do 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 14:29 . 2010-11-13 14:29 -------- d-----w- C:\rsit
2010-11-13 14:29 . 2010-11-13 14:29 -------- d-----w- c:\program files\trend micro
2010-11-13 13:06 . 2010-09-08 12:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-13 11:08 . 2010-11-13 11:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-13 10:53 . 2010-11-13 13:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 10:53 . 2010-11-13 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 10:53 . 2010-09-08 12:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-13 10:52 . 2010-11-13 10:52 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 10:52 . 2010-11-13 10:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-13 10:52 . 2010-11-13 10:52 -------- d-----w- c:\program files\Lavasoft
2010-11-13 10:49 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-11-13 10:49 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-11-13 10:49 . 2010-11-13 10:49 -------- d-----w- c:\program files\Sunbelt Software
2010-11-12 17:09 . 2010-11-12 17:09 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-12 17:09 . 2010-11-12 17:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Karen's Power Tools
2010-11-06 19:02 . 2010-11-06 19:02 -------- d-----w- c:\windows\system32\NtmsData
2010-11-05 09:53 . 2010-11-05 09:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-11-05 04:56 . 2010-11-05 04:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Kerio
2010-11-05 04:56 . 2010-11-05 04:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Toshiba
2010-11-04 21:41 . 2010-11-04 21:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-04 21:38 . 2010-11-04 21:42 -------- d-----w- c:\program files\DivX
2010-11-04 21:38 . 2010-11-04 21:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2010-11-03 20:51 . 2010-11-03 20:51 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\ESET
2010-11-03 12:46 . 2010-11-03 12:46 -------- d-----w- c:\program files\Fujitsu Siemens Computers
2010-11-03 12:46 . 2010-11-03 12:46 -------- d-----w- c:\program files\Common Files\Fujitsu Siemens Computers
2010-11-03 12:37 . 2010-11-03 12:37 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Help
2010-11-02 22:50 . 2010-11-02 22:50 -------- d-----w- c:\documents and settings\pazdera\Data aplikací\Sachy
2010-10-25 17:52 . 2010-11-08 19:57 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Temp
2010-10-25 17:52 . 2010-10-25 17:53 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 19:58 . 2010-09-24 20:02 737280 ----a-w- c:\windows\iun6002.exe
2010-09-18 10:23 . 2008-06-23 22:50 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-06-23 22:50 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-06-23 22:50 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-06-23 22:50 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-06-23 22:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-06-23 22:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-06-23 22:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-06-23 22:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-06-23 22:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-06-23 22:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-06-23 22:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-06-23 22:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-06-23 22:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 12:53 . 2010-10-13 20:59 81920 ----a-w- c:\windows\system32\igfxCoIn_v5294.dll
2010-08-18 12:44 . 2009-07-14 13:59 3483936 ----a-w- c:\windows\system32\igxpdv32.dll
2010-08-18 12:44 . 2009-07-14 13:59 4125184 ----a-w- c:\windows\system32\igxpdx32.dll
2010-08-18 12:44 . 2009-07-14 13:59 2012096 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-08-18 12:44 . 2009-07-14 13:59 58368 ----a-w- c:\windows\system32\igxprd32.dll
2010-08-18 12:44 . 2009-07-14 13:59 182784 ----a-w- c:\windows\system32\igxpgd32.dll
2010-08-18 12:30 . 2009-07-14 13:59 10964480 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-08-18 12:22 . 2010-10-13 20:59 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2010-08-18 12:22 . 2009-07-14 13:59 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2010-08-18 12:22 . 2009-07-14 13:59 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2010-08-18 12:22 . 2009-07-14 13:59 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2010-08-18 12:22 . 2009-07-14 13:59 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2010-08-18 12:22 . 2009-07-14 13:59 129536 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-18 12:22 . 2009-07-14 13:59 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-18 12:22 . 2009-07-14 13:59 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-18 12:22 . 2009-07-14 13:59 172032 ----a-w- c:\windows\system32\igfxext.exe
2010-08-18 12:22 . 2009-07-14 13:59 194048 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-18 12:22 . 2009-07-14 13:59 163328 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-18 12:22 . 2009-07-14 13:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-18 12:21 . 2009-07-14 13:59 138752 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-18 12:21 . 2009-07-14 13:59 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-18 12:21 . 2009-07-14 13:59 257536 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-18 12:21 . 2009-07-14 13:59 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-18 12:21 . 2010-10-13 20:59 3139584 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-18 12:21 . 2010-10-13 20:59 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-18 12:21 . 2010-10-13 20:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-18 12:21 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-18 12:21 . 2009-07-14 13:59 214016 ----a-w- c:\windows\system32\igfxdev.dll
2010-08-18 12:21 . 2009-07-14 13:59 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-17 13:17 . 2008-06-23 22:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-06-23 22:50 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-25 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1036288]
"COMImpersonator"="c:\program files\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe" [2008-07-17 143360]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"Outlook Profile Conversion Utility"="c:\program files\Kerio\Outlook Connector (Offline Edition)\ConvertProfiles.cmd" [2008-01-28 53]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-18 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-18 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-18 138752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\uzivatel\\Dokumenty\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.11.2010 11:53 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 10:11 35168]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [13.11.2010 11:49 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 HaMDevMg.1.00;Fujitsu Siemens Computers HaMDevMg.1.00;c:\program files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe [5.9.2008 10:51 544768]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01;c:\program files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe [20.5.2009 8:57 557056]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [14.7.2009 15:00 13312]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [14.7.2009 15:00 244368]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [14.7.2009 15:00 12288]
R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [14.7.2009 15:00 15360]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [14.7.2009 15:00 58752]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [14.7.2009 15:00 106112]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [14.7.2009 15:00 8064]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.7.2009 15:00 41216]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [13.11.2010 11:49 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8.9.2010 13:59 1355928]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 cpuz130;cpuz130;\??\c:\docume~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8.9.2010 13:59 15008]
S3 MTLGPOS;MTLGPOS;c:\windows\system32\drivers\mtlgpos.sys [19.3.2010 10:21 19712]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 12:59]

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{C435ECE6-0BC4-4AAC-A3AA-9F779F67C3E1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\pazdera\Data aplikací\Mozilla\Firefox\Profiles\agfq42mt.default\
FF - component: c:\documents and settings\pazdera\Data aplikací\Mozilla\Firefox\Profiles\agfq42mt.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 16:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\pazdera\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\pazdera\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
Celkový čas: 2010-11-13 16:44:04
ComboFix-quarantined-files.txt 2010-11-13 15:43

Před spuštěním: Volných bajtů: 140 062 920 704
Po spuštění: Volných bajtů: 140 259 848 192

- - End Of File - - 1A0D0E46FAE7078ACAA98FCC09FC490F

#5 Příspěvek od **motji** » 13 lis 2010 16:56

Otestujte na www.virustotal.com
c:\windows\system32\drivers\tcpip.sys

Otestujte na www.virustotal.com

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Jinak tento pc už vypadá čistý, můžete ještě udělat sken mbamem, viz můj podpis.

Kolik máte těch počítačů a kolik je jich teď připojených v síti? Nejlepší by bylo, zapojit je do sítě postupně, aby se vidělo, jestli některý ještě nespamuje. Ale až všechny vyčistíme

Pazdi · #6 Příspěvek od **Pazdi** » 13 lis 2010 17:26

do sítě se připojuje notebook z kterého píši - ten je na 99,9% v pořádku, používám ho i ve firmě a je bezproblémů (tedy z mého pohledu:) )
dále notebook, který jsme řešili v tomto tématu, pak pc sourozenců - jeden asi nemá smysl ani čistit, ten je už od instalace systému "zvláštní" sice vše běží korektně, ale například při scrollování se obrazovka zasekává apod (ale bojím se, že to bude spíše hw problém) - je v plánu jej přeinstalovat a zformátovat (využiju toho, že jste zde - je něco na co si dávat pozor, abych nenainstaloval systém na "zavirovaný zformátovaný disk")
no a poslední je pc bratra, na tom zrovna běží adaware (ale ten nebyl připojen už od včerejšího dne do sítě - takže by to asi neměl být ten, který "zavinil" opětovné odpojení) každopádně jakmile vše proběhne, určitě sem log hodím:)

ohledně otestování na virustotal.com
mám to spuštěno, psalo, že už to bylo zkontrolovano, spustil jsem to tedy znovu,
v současné chvíli to vypadá, jakoby prohlížeč nic nedělal, v current status je napsáno finished ale result je 0/43 - je tedy něco "špatně" takhle mi připadá, jakoby se to zaseklo (našel jsem zde Additional information - ty případně můžu zkopírovat) - nebo to spustit celé znovu? (Přikládám link: http://www.virustotal.com/file-scan/rep ... 1289665099 )

MBAM:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.11.2010 17:25:14
mbam-log-2010-11-13 (17-25-14).txt

Typ skenu: Rychlý sken
Skenované objekty: 175995
Uplynulý čas: 4 minuta(y), 6 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\secushr.dat (Malware.Trace) -> No action taken.

#7 Příspěvek od **motji** » 13 lis 2010 21:45

V mbamu vše smažte.

Radši ho vyměníme

.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\system32\drivers\tcpip.sys

Reglock::
[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]

DDS::
IE: ????3?? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetAllUrl.htm

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Pokud disk zformátujete pomalým formátem, neměla by žádná potvůrka přežít. Vyjímka je MBR rootkit, některý přežije, některý ne, ale nebála bych se toho

.

Až tento pc odvirujeme, zkuste ho připojit do sítě a uvidíme.

Pak sem dejte raději na kontrolu i log z druhého pc.

Pazdi · #8 Příspěvek od **Pazdi** » 13 lis 2010 22:49

Aktuální log:)

ComboFix 10-11-12.06 - Pazdera 13.11.2010 22:31:39.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3033.2329 [GMT 1:00]
Spuštěný z: c:\documents and settings\pazdera\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pazdera\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-13 do 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 16:19 . 2010-11-13 16:19 -------- d-----w- c:\documents and settings\pazdera\Data aplikací\Malwarebytes
2010-11-13 16:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 16:19 . 2010-11-13 16:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-13 16:19 . 2010-11-13 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-13 16:19 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-13 14:29 . 2010-11-13 14:29 -------- d-----w- C:\rsit
2010-11-13 14:29 . 2010-11-13 14:29 -------- d-----w- c:\program files\trend micro
2010-11-13 13:06 . 2010-09-08 12:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-13 11:08 . 2010-11-13 11:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-13 10:53 . 2010-11-13 13:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 10:53 . 2010-11-13 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 10:53 . 2010-09-08 12:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-13 10:52 . 2010-11-13 10:52 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 10:52 . 2010-11-13 10:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-13 10:52 . 2010-11-13 10:52 -------- d-----w- c:\program files\Lavasoft
2010-11-13 10:49 . 2010-11-13 10:49 -------- d-----w- c:\program files\Sunbelt Software
2010-11-12 17:09 . 2010-11-12 17:09 -------- d-----w- c:\program files\Karen's Power Tools
2010-11-12 17:09 . 2010-11-12 17:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Karen's Power Tools
2010-11-06 19:02 . 2010-11-06 19:02 -------- d-----w- c:\windows\system32\NtmsData
2010-11-05 09:53 . 2010-11-05 09:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-11-05 04:56 . 2010-11-05 04:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Kerio
2010-11-05 04:56 . 2010-11-05 04:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Toshiba
2010-11-04 21:41 . 2010-11-04 21:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-04 21:38 . 2010-11-04 21:42 -------- d-----w- c:\program files\DivX
2010-11-04 21:38 . 2010-11-04 21:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2010-11-03 20:51 . 2010-11-03 20:51 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\ESET
2010-11-03 12:46 . 2010-11-03 12:46 -------- d-----w- c:\program files\Fujitsu Siemens Computers
2010-11-03 12:46 . 2010-11-03 12:46 -------- d-----w- c:\program files\Common Files\Fujitsu Siemens Computers
2010-11-03 12:37 . 2010-11-03 12:37 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Help
2010-11-02 22:50 . 2010-11-02 22:50 -------- d-----w- c:\documents and settings\pazdera\Data aplikací\Sachy
2010-10-25 17:52 . 2010-11-08 19:57 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Temp
2010-10-25 17:52 . 2010-10-25 17:53 -------- d-----w- c:\documents and settings\pazdera\Local Settings\Data aplikací\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 19:58 . 2010-09-24 20:02 737280 ----a-w- c:\windows\iun6002.exe
2010-09-18 10:23 . 2008-06-23 22:50 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-06-23 22:50 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-06-23 22:50 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-06-23 22:50 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2008-06-23 22:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-06-23 22:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-06-23 22:50 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-06-23 22:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-06-23 22:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-06-23 22:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-06-23 22:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-06-23 22:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-06-23 22:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-18 12:53 . 2010-10-13 20:59 81920 ----a-w- c:\windows\system32\igfxCoIn_v5294.dll
2010-08-18 12:44 . 2009-07-14 13:59 3483936 ----a-w- c:\windows\system32\igxpdv32.dll
2010-08-18 12:44 . 2009-07-14 13:59 4125184 ----a-w- c:\windows\system32\igxpdx32.dll
2010-08-18 12:44 . 2009-07-14 13:59 2012096 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-08-18 12:44 . 2009-07-14 13:59 58368 ----a-w- c:\windows\system32\igxprd32.dll
2010-08-18 12:44 . 2009-07-14 13:59 182784 ----a-w- c:\windows\system32\igxpgd32.dll
2010-08-18 12:30 . 2009-07-14 13:59 10964480 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-08-18 12:22 . 2010-10-13 20:59 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2010-08-18 12:22 . 2009-07-14 13:59 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2010-08-18 12:22 . 2009-07-14 13:59 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2010-08-18 12:22 . 2009-07-14 13:59 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2010-08-18 12:22 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2010-08-18 12:22 . 2009-07-14 13:59 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2010-08-18 12:22 . 2009-07-14 13:59 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2010-08-18 12:22 . 2009-07-14 13:59 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2010-08-18 12:22 . 2009-07-14 13:59 129536 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-18 12:22 . 2009-07-14 13:59 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-18 12:22 . 2009-07-14 13:59 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-18 12:22 . 2009-07-14 13:59 172032 ----a-w- c:\windows\system32\igfxext.exe
2010-08-18 12:22 . 2009-07-14 13:59 194048 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-18 12:22 . 2009-07-14 13:59 163328 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-18 12:22 . 2009-07-14 13:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-18 12:21 . 2009-07-14 13:59 138752 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-18 12:21 . 2009-07-14 13:59 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-18 12:21 . 2009-07-14 13:59 257536 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-18 12:21 . 2009-07-14 13:59 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-18 12:21 . 2010-10-13 20:59 3139584 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-18 12:21 . 2010-10-13 20:59 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-18 12:21 . 2010-10-13 20:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-18 12:21 . 2009-07-14 13:59 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-18 12:21 . 2009-07-14 13:59 214016 ----a-w- c:\windows\system32\igfxdev.dll
2010-08-18 12:21 . 2009-07-14 13:59 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-17 13:17 . 2008-06-23 22:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-06-23 22:50 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-13_15.40.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-13 21:39 . 2010-11-13 21:39 16384 c:\windows\Temp\Perflib_Perfdata_204.dat
+ 2009-07-14 14:04 . 2010-11-13 21:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 14:04 . 2010-11-13 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 14:04 . 2010-11-13 21:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-14 14:04 . 2010-11-13 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-11-13 18:23 . 2010-11-13 21:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-14 14:04 . 2010-11-13 15:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-23 22:51 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
- 2008-06-23 22:51 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
- 2009-07-16 08:16 . 2010-11-13 15:14 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-16 08:16 . 2010-11-13 21:39 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-25 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1036288]
"COMImpersonator"="c:\program files\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe" [2008-07-17 143360]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-18 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-18 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-18 138752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Alcmtr"="ALCMTR.EXE" [2008-06-19 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\uzivatel\\Dokumenty\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.11.2010 11:53 64288]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 10:11 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 HaMDevMg.1.00;Fujitsu Siemens Computers HaMDevMg.1.00;c:\program files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe [5.9.2008 10:51 544768]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01;c:\program files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe [20.5.2009 8:57 557056]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [14.7.2009 15:00 13312]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [14.7.2009 15:00 244368]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [14.7.2009 15:00 12288]
R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [14.7.2009 15:00 15360]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [14.7.2009 15:00 58752]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [14.7.2009 15:00 106112]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [14.7.2009 15:00 8064]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.7.2009 15:00 41216]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8.9.2010 13:59 1355928]
S3 cpuz130;cpuz130;\??\c:\docume~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8.9.2010 13:59 15008]
S3 MTLGPOS;MTLGPOS;c:\windows\system32\drivers\mtlgpos.sys [19.3.2010 10:21 19712]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 12:59]

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{C435ECE6-0BC4-4AAC-A3AA-9F779F67C3E1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
IE: ????3?? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\pazdera\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\pazdera\Data aplikací\Mozilla\Firefox\Profiles\agfq42mt.default\
FF - component: c:\documents and settings\pazdera\Data aplikací\Mozilla\Firefox\Profiles\agfq42mt.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Outlook Profile Conversion Utility - c:\program files\Kerio\Outlook Connector (Offline Edition)\ConvertProfiles.cmd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 22:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\pazdera\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-322068200-3206736263-3414363638-1009\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\pazdera\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-13 22:48:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-13 21:48
ComboFix2.txt 2010-11-13 15:44

Před spuštěním: Volných bajtů: 140 159 897 600
Po spuštění: Volných bajtů: 140 150 722 560

- - End Of File - - E051CD5BC7FEA3E9C0DB23FEAFBDBEB5

#9 Příspěvek od **motji** » 13 lis 2010 23:00

Fajn, zkuste ho pustit na síť, zda se bude chovat slušně

.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Pazdi · #10 Příspěvek od **Pazdi** » 13 lis 2010 23:19

Počítač vypadá ok, dokonce zatím ani poskytovatel připojení neodpojil (uvidíme, co ráno, až se vzbudí a koukne do logu:) )

Přikládám log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pazdera at 2010-11-13 23:18:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 137 GB (45%) free of 305 GB
Total RAM: 3033 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:22, on 13.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Documents and Settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\pazdera\Plocha\RSIT.exe
C:\Program Files\trend micro\Pazdera.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMImpersonator] C:\Program Files\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7729014437
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Fujitsu Siemens Computers HaMDevMg.1.00 (HaMDevMg.1.00) - Fujitsu Siemens Computers - C:\Program Files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe
O23 - Service: Fujitsu HaMDevMg.1.01 (HaMDevMg.1.01) - Fujitsu Technology Solutions - C:\Program Files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9636 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C435ECE6-0BC4-4AAC-A3AA-9F779F67C3E1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-29 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-06 1036288]
"COMImpersonator"=C:\Program Files\Fujitsu Siemens Computers\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe [2008-07-17 143360]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-03-25 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-04-29 2221352]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1077248]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-08-18 129536]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-08-18 163328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-08-18 138752]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\pazdera\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-10-25 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-08-18 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Office\Office12\OUTLOOK.EXE"="C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\uzivatel\Dokumenty\World of Warcraft\Launcher.exe"="C:\Documents and Settings\uzivatel\Dokumenty\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-11-13 23:18:08 ----D---- C:\rsit
2010-11-13 23:18:08 ----D---- C:\Program Files\trend micro
2010-11-13 23:10:46 ----SHD---- C:\RECYCLER
2010-11-13 23:10:20 ----D---- C:\Program Files\CCleaner
2010-11-13 17:19:24 ----D---- C:\Documents and Settings\pazdera\Data aplikací\Malwarebytes
2010-11-13 17:19:18 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-13 17:19:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-11-13 17:19:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-13 17:19:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-13 14:06:32 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-11-13 11:53:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 11:53:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 11:53:02 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-11-13 11:52:36 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 11:52:10 ----D---- C:\Program Files\Lavasoft
2010-11-13 11:52:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-11-13 11:49:46 ----D---- C:\Program Files\Sunbelt Software
2010-11-12 18:09:51 ----D---- C:\Program Files\Karen's Power Tools
2010-11-12 18:09:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Karen's Power Tools
2010-11-06 20:02:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-11-04 22:42:35 ----D---- C:\Documents and Settings\pazdera\Data aplikací\DivX
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-11-04 22:42:17 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-11-04 22:42:16 ----N---- C:\WINDOWS\system32\px.dll
2010-11-04 22:41:51 ----D---- C:\Program Files\Common Files\DivX Shared
2010-11-04 22:38:54 ----D---- C:\Program Files\DivX
2010-11-04 22:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-03 13:46:41 ----D---- C:\Program Files\Fujitsu Siemens Computers
2010-11-03 13:46:40 ----D---- C:\Program Files\Common Files\Fujitsu Siemens Computers
2010-11-03 13:37:49 ----D---- C:\Documents and Settings\pazdera\Data aplikací\Help
2010-11-02 23:50:11 ----D---- C:\Documents and Settings\pazdera\Data aplikací\Sachy
2010-10-14 16:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 16:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 16:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 16:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 16:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 16:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 16:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 16:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 16:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-13 23:18:16 ----D---- C:\WINDOWS\Prefetch
2010-11-13 23:18:09 ----D---- C:\WINDOWS\Temp
2010-11-13 23:18:08 ----RD---- C:\Program Files
2010-11-13 23:18:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-13 23:16:50 ----SD---- C:\WINDOWS\Tasks
2010-11-13 23:14:27 ----D---- C:\WINDOWS
2010-11-13 23:12:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-13 23:11:10 ----D---- C:\WINDOWS\Debug
2010-11-13 23:09:15 ----D---- C:\WINDOWS\Minidump
2010-11-13 23:08:33 ----SHD---- C:\System Volume Information
2010-11-13 23:08:33 ----D---- C:\WINDOWS\system32\Restore
2010-11-13 22:48:11 ----D---- C:\WINDOWS\system32\drivers
2010-11-13 22:45:23 ----A---- C:\WINDOWS\system.ini
2010-11-13 22:45:11 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-13 22:35:02 ----D---- C:\WINDOWS\system32
2010-11-13 22:35:02 ----D---- C:\WINDOWS\AppPatch
2010-11-13 22:35:01 ----D---- C:\Program Files\Common Files
2010-11-13 22:31:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-11-13 22:28:11 ----SHD---- C:\WINDOWS\Installer
2010-11-13 22:28:07 ----HD---- C:\WINDOWS\inf
2010-11-13 19:22:35 ----D---- C:\WINDOWS\Config
2010-11-13 16:13:53 ----SHD---- C:\WINDOWS\CSC
2010-11-13 11:53:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-13 11:52:06 ----D---- C:\WINDOWS\WinSxS
2010-11-12 00:56:27 ----D---- C:\Documents and Settings\pazdera\Data aplikací\ICQ
2010-11-11 16:02:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-11-11 16:00:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-07 22:00:20 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-05 10:55:56 ----D---- C:\totalcmd
2010-11-05 10:55:28 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-05 10:54:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-05 10:54:36 ----A---- C:\WINDOWS\hbcikrnl.ini
2010-11-05 10:53:43 ----D---- C:\Program Files\Norton Security Scan
2010-11-05 10:53:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-11-05 10:53:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-05 10:51:57 ----D---- C:\Program Files\Fujitsu
2010-11-05 05:55:08 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-11-05 00:15:29 ----A---- C:\WINDOWS\wincmd.ini
2010-11-04 23:58:51 ----D---- C:\Program Files\Mozilla Firefox
2010-11-04 16:17:41 ----D---- C:\Program Files\Ventrilo
2010-11-04 16:17:05 ----D---- C:\Program Files\Common Files\InstallShield
2010-11-03 13:48:40 ----D---- C:\Zaloha NTB
2010-11-01 16:22:01 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-18 17:40:25 ----RSD---- C:\WINDOWS\assembly
2010-10-14 16:23:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 16:21:54 ----D---- C:\Program Files\Internet Explorer
2010-10-14 16:21:48 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-05-07 317976]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 Acceler;Accelerometer Service; C:\WINDOWS\system32\DRIVERS\Acceler.sys [2008-07-02 13312]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-06-04 1203776]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-10 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-04-22 244368]
R3 FscGabi;FscGabi; C:\WINDOWS\system32\DRIVERS\FscGabi.sys [2009-05-05 12288]
R3 FSCSLII;FSCSLII; C:\WINDOWS\system32\DRIVERS\FSCSLII.sys [2009-03-10 15360]
R3 GTUHSBUS;GT UHS BUS; C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys [2008-05-07 58752]
R3 GTUHSNDISIPXP;GT UHS IP NDIS; C:\WINDOWS\system32\DRIVERS\gtuhs51.sys [2008-05-13 106112]
R3 GTUHSSER;GT UHS SER; C:\WINDOWS\system32\DRIVERS\gtuhsser.sys [2007-03-30 8064]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-08-18 2012096]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-06 223680]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-11-28 47907]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\uzivatel\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTLGPOS;MTLGPOS; C:\WINDOWS\system32\drivers\mtlgpos.sys [2009-06-08 19712]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-06-04 13312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 HaMDevMg.1.00;Fujitsu Siemens Computers HaMDevMg.1.00; C:\Program Files\Common Files\Fujitsu Siemens Computers\Manageability\HaMDevMg.exe\1.00\HaMDevMg.exe [2008-09-05 544768]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01; C:\Program Files\Common Files\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe [2009-05-20 557056]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-08 1355928]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#11 Příspěvek od **motji** » 13 lis 2010 23:31

Popřemýšlejte nad firewallem.

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"PrnStatusMX"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

Pc by mělo být v pořádku. Dejte zítra vědět.

Pazdi · #12 Příspěvek od **Pazdi** » 14 lis 2010 00:03

firewall mám zapnutý standartní windowsácký, měl jsem dnes dopoledne nainstalováno sunbelt kerio, ale bohužel na ntb musím mít vše naprosto legální, takže jakmile jsem zjistil, jak moc odchází nebo neodchází spojení, okamžitě šla 30denní zkušební verze odinstalovat...zítra dám určitě vědět, měl bych sem přidat i logy z druhého pc.
Zatím Vám moc děkuji za pomoc a přeji příjemný zbytek večera.

#13 Příspěvek od **motji** » 14 lis 2010 00:05

Zkuste Zone alarm, mám ho také a je free, jsem s ním spokojená

.
Není zač, dobrou noc

Pazdi · #14 Příspěvek od **Pazdi** » 14 lis 2010 15:41

Dobré odpoledne:)
mám tady log z druhého pc, tam se obávám, že to bude "zajímavější" než u tohoto

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jakub at 2010-11-14 15:35:14
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 953 MB (5%) free of 20 GB
Total RAM: 1535 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
Flashget Catch Url Class - C:\PROGRA~1\FlashGet\jccatch.dll [2007-01-15 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-19 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-01-15 136968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{D4027C7F-154A-4066-A1AD-4243D8127440} - aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-07-22 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-06-15 6803456]
"nwiz"=nwiz.exe /install []
"shutTask"=C:\Program Files\IR\shutTask.exe [2010-01-05 110592]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Hry\The Battle for Middle-earth (tm) II\game.dat"="D:\Hry\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\Hry\AITD\Alone.exe"="D:\Hry\AITD\Alone.exe:*:Enabled:Alone In The Dark"
"D:\Hry\GTA\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Hry\GTA\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\hry\Zoo Tycoon 2\zt.exe"="E:\hry\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\TV\TotalMedia.exe"="E:\TV\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-14 15:35:14 ----D---- C:\rsit
2010-11-14 15:35:14 ----D---- C:\Program Files\trend micro
2010-11-13 18:04:43 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-11-13 14:09:01 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-11-13 13:34:59 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 13:34:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 13:34:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 13:34:23 ----D---- C:\Program Files\Lavasoft
2010-11-13 13:34:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-11-04 16:17:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-10-20 18:53:30 ----D---- C:\Program Files\DVD Decrypter
2010-10-20 18:49:27 ----D---- C:\Program Files\DVDFab 7

======List of files/folders modified in the last 1 months======

2010-11-14 15:35:14 ----RD---- C:\Program Files
2010-11-14 15:32:39 ----D---- C:\WINDOWS\Temp
2010-11-14 13:38:39 ----SD---- C:\WINDOWS\Tasks
2010-11-14 13:38:32 ----D---- C:\WINDOWS\Prefetch
2010-11-14 13:35:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-14 13:35:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:34:37 ----AC---- C:\WINDOWS\WinInit.Ini
2010-11-14 13:33:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-14 13:33:59 ----D---- C:\WINDOWS\system32
2010-11-14 13:33:59 ----D---- C:\Program Files\Internet Explorer
2010-11-14 12:29:35 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-14 12:27:17 ----D---- C:\WINDOWS
2010-11-14 12:25:01 ----A---- C:\WINDOWS\wincmd.ini
2010-11-13 18:04:40 ----D---- C:\Program Files\WinAntispyware2008
2010-11-13 18:04:40 ----D---- C:\Program Files\AWS
2010-11-13 15:40:56 ----SHD---- C:\System Volume Information
2010-11-13 15:39:34 ----D---- C:\WINDOWS\Minidump
2010-11-13 14:09:02 ----HD---- C:\WINDOWS\inf
2010-11-13 14:09:02 ----D---- C:\WINDOWS\system32\drivers
2010-11-13 14:09:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-13 14:06:54 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-13 13:34:59 ----SHD---- C:\WINDOWS\Installer
2010-11-13 13:34:59 ----SHD---- C:\Config.Msi
2010-11-13 13:34:20 ----D---- C:\WINDOWS\WinSxS
2010-11-04 16:17:23 ----D---- C:\Program Files\Alwil Software
2010-11-04 16:13:41 ----A---- C:\WINDOWS\win.ini
2010-11-04 16:11:30 ----SD---- C:\Documents and Settings\Jakub\Data aplikací\Microsoft
2010-10-31 09:48:46 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-29 09:46:18 ----D---- C:\Program Files\Mozilla Firefox
2010-10-25 17:05:58 ----D---- C:\KBcertifikat
2010-10-20 18:49:50 ----D---- C:\Documents and Settings\Jakub\Data aplikací\Vso
2010-10-20 18:49:47 ----A---- C:\Documents and Settings\Jakub\Data aplikací\inst.exe
2010-10-20 18:47:02 ----D---- C:\Program Files\EasyDVDShrink
2010-10-20 18:46:29 ----D---- C:\Program Files\DVDFab Decrypter
2010-10-20 18:46:11 ----D---- C:\Program Files\DVD Shrink
2010-10-18 21:26:33 ----D---- C:\Documents and Settings\Jakub\Data aplikací\TransRender
2010-10-18 21:20:27 ----D---- C:\Documents and Settings
2010-10-18 20:43:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-18 20:41:10 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-05-17 92800]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-24 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-03-21 270336]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-05-01 5632]
R2 ACEDRV09;ACEDRV09; \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-03-26 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-03-26 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-26 3644032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-15 3200256]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-10-20 47360]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 a14r07b0;a14r07b0; C:\WINDOWS\system32\drivers\a14r07b0.sys []
S3 abznsihr;abznsihr; C:\WINDOWS\system32\drivers\abznsihr.sys []
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-09-01 483200]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 axvbusx;axvbusx; C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 8384]
S3 axvscsi;axvscsi; C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 98560]
S3 CA561;VideoCAM Express V2; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-09-30 119798]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 EraserUtilDrv11010;EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-24 25280]
S3 jfdcd;jfdcd; \??\C:\DOCUME~1\Jakub\LOCALS~1\Temp\jfdcd.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-19 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-15 127043]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-03-23 1941504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-08 1355928]
S2 PnkBstrA;PunkBuster; E:\hry\NFSundercover\PB\PnkBstrA.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#15 Příspěvek od **motji** » 14 lis 2010 15:56

Tak kromě zbytečných toolbarů, jako je asktoolbar nebo Daemon tooolbar, nic zajímavého nevidím. Ty toolbary odinstalujte.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Co ten počítač, co jsme vyčistili, zatím žádný spam?

VIRY.CZ

Odpojen od poskytovatele internetu kvůli "virum"

Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"

Re: Odpojen od poskytovatele internetu kvůli "virum"