Po padu systemu nejde nainstalit ani ESET

Zpráva

ententeak · #1 Příspěvek od **ententeak** » 14 lis 2010 15:32

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-14 15:26:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (25%) free of 31 GB
Total RAM: 1023 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:27:37, on 14.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CCleaner\CCleaner.exe
D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\54346.exe
D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Administrator.Jachym\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [poru] C:\WINDOWS\system32\sittahounou.exe
O4 - HKLM\..\Run: [Windows Firewall] D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [poru] C:\WINDOWS\system32\sittahounou.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Firewall] D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: 3ii6kf3.exe
O4 - Startup: l26ino0k.exe
O4 - Startup: p0llcxxty.exe
O4 - Startup: rs0i6kf3.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Crystal Report Application Server (iwatii9ay4oa2) - Unknown owner - C:\WINDOWS\system32\gagojoo.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\rezerve\bin\mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8228 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Setup my PC.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{28482018-BFFB-49AF-952A-FDF1491597F3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-08 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"PCMService"=c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-05 180269]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-14 2225208]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
""= []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-10 81920]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-26 86016]
"poru"=C:\WINDOWS\system32\sittahounou.exe [2010-11-14 201216]
"Windows Firewall"=D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Windows Firewall"=D:\DOCUME~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0CE\Distillr\AcroTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []

D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění
3ii6kf3.exe
l26ino0k.exe
p0llcxxty.exe
rs0i6kf3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-11 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pmxoqwim.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pmxoqwim.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"D:\602\602gcli95.exe"="D:\602\602gcli95.exe:*:Enabled:602gcli95"
"D:\602\602sql95.exe"="D:\602\602sql95.exe:*:Enabled:602sql95"
"C:\Program Files\OpenOffice.org 2.0\program\soffice.bin"="C:\Program Files\OpenOffice.org 2.0\program\soffice.bin:*:Enabled:OpenOffice.org 2.0"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\ComplexWebServer\apache\bin\Apache.exe"="D:\ComplexWebServer\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\ruby\bin\ruby.exe"="C:\ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\APPS\skype\Plugin Manager\skypePM.exe"="C:\APPS\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Casino\ParadiseCasino\casino.exe"="C:\Casino\ParadiseCasino\casino.exe:*:Enabled:casino"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype"
"D:\Documents and Settings\Jana\Plocha\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-14 15:26:26 ----D---- C:\rsit
2010-11-14 15:24:45 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Adobe
2010-11-14 15:21:55 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Mozilla
2010-11-14 15:16:42 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-14 15:13:01 ----RSH---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\juzjf.exe
2010-11-14 15:12:41 ----ASH---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\desktop.ini
2010-11-14 15:12:29 ----SD---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Microsoft
2010-11-14 15:12:29 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Symantec
2010-11-14 15:12:29 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Real
2010-11-14 15:12:29 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Macromedia
2010-11-14 15:12:29 ----D---- D:\Documents and Settings\Administrator.Jachym\Data aplikací\Identities
2010-11-14 15:01:36 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06Z.ZZZZZ...Z..Z.Z
2010-11-14 14:56:07 ----D---- C:\Program Files\CCleaner
2010-11-14 14:04:29 ----D---- C:\Program Files\Trend Micro
2010-11-13 19:15:49 ----A---- C:\WINDOWS\system32\luquyte.exe
2010-11-13 07:31:10 ----A---- C:\t6.exe
2010-11-12 14:44:40 ----A---- C:\QuickTime1.exe
2010-11-11 15:47:07 ----A---- C:\21.exe
2010-11-10 07:50:01 ----A---- C:\WINDOWS\system32\drivers\pmxoqwim.sys
2010-11-10 07:26:20 ----A---- C:\jshd.exe
2010-11-10 07:08:16 ----A---- C:\WINDOWS\system32\gagojoo.exe
2010-11-10 07:08:05 ----A---- C:\WINDOWS\system32\sittahounou.exe
2010-11-09 16:21:27 ----A---- C:\2xhs.exe
2010-11-09 08:49:04 ----A---- C:\xhs.exe
2010-10-26 10:46:30 ----RSH---- C:\WINDOWS\nvsvc32.exe

======List of files/folders modified in the last 1 months======

2010-11-14 15:23:24 ----D---- C:\Program Files\Mozilla Firefox
2010-11-14 15:17:44 ----D---- C:\Program Files\Weather Watcher
2010-11-14 15:16:44 ----RD---- C:\Program Files
2010-11-14 15:16:42 ----D---- C:\WINDOWS
2010-11-14 15:14:56 ----RSHD---- C:\RECYCLER
2010-11-14 15:14:41 ----AD---- C:\WINDOWS\system32
2010-11-14 15:13:39 ----D---- C:\WINDOWS\Minidump
2010-11-14 14:59:53 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 14:59:40 ----D---- C:\WINDOWS\Debug
2010-11-14 14:59:28 ----AD---- C:\WINDOWS\Temp
2010-11-14 13:58:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-13 18:30:46 ----D---- C:\WINDOWS\Prefetch
2010-11-12 08:25:58 ----D---- C:\WINDOWS\system32\Lang
2010-11-10 07:50:01 ----D---- C:\WINDOWS\system32\drivers
2010-11-06 10:04:46 ----D---- C:\Program Files\FinePixViewer
2010-11-04 19:41:36 ----HD---- C:\WINDOWS\inf
2010-11-03 06:57:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-24 11:58:07 ----SHD---- C:\WINDOWS\Installer
2010-10-15 19:03:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-10-15 19:03:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-15 10:27:42 ----D---- D:\Documents and Settings\All Users\Data aplikací\FLEXnet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2004-10-19 28207]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pmxoqwim;pmxoqwim; C:\WINDOWS\System32\Drivers\pmxoqwim.sys [2010-11-10 40128]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-23 43872]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2007-12-29 114048]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-04 42912]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-04 26624]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-04 94544]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-04 23152]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-11 3331072]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-07-16 221736]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-07-02 1301128]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NPF;Netgroup Packet Filter; \??\C:\WINDOWS\system32\drivers\packet.sys []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-07-02 167384]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-10 6738432]
S3 RecAgent;recagent; \??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-08-20 548952]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-07-02 86128]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-07-02 39348]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-04 17272]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-11 581632]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-10 593920]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-12-04 140664]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
S2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-07-14 65536]
S2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]
S2 iwatii9ay4oa2;Crystal Report Application Server; C:\WINDOWS\system32\gagojoo.exe [2010-11-14 201216]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-23 153376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
S2 MySQL;MySQL; D:\rezerve\bin\mysqld-nt.exe [2004-05-28 2179072]
S2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-10 163908]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-07-02 45056]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-12-04 247160]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-12-04 345464]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-07-14 1527887]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-01 45056]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; D:\602\602FSVC8.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-01 102400]
S4 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-01 57616]
S4 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-01 59064320]
S4 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
S4 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 14 lis 2010 15:36

Zdravim a pekny den preji

Uprimne, zaliskane to mate jako jetel

Jinak predpokladam ze ten ESET si nechcete nainstalovat a nasledne cracknout

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ententeak · #3 Příspěvek od **ententeak** » 14 lis 2010 16:21

ComboFix 10-11-13.01 - Administrator 14.11.2010 15:48:26.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.599 [GMT 1:00]
Spuštěný z: d:\documents and settings\Administrator.Jachym\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\21.exe
C:\index.htm
c:\recycler\S-1-5-21-5439746807-7899546195-564268513-7243\yv8g67.exe
C:\Thumbs.db
c:\windows\AutoRun.ini
c:\windows\My.ini
c:\windows\nvsvc32.exe
c:\windows\system32\Drivers\pmxoqwim.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\sittahounou.exe
c:\windows\system32\Thumbs.db
d:\docume~1\ADMINI~1.JAC\LOCALS~1\Temp\lsass.exe
d:\documents and settings\Jana\bxxd.exe
d:\documents and settings\Jana\secupdat.dat
d:\documents and settings\Jana\wyxh.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_pmxoqwim
-------\Service_pmxoqwim

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 14:26 . 2010-11-14 14:29 -------- d-----w- C:\rsit
2010-11-14 13:56 . 2010-11-14 13:56 -------- d-----w- c:\program files\CCleaner
2010-11-14 13:42 . 2010-11-14 13:59 -------- d-----w- d:\documents and settings\Administrator
2010-11-14 13:04 . 2010-11-14 14:27 -------- d-----w- c:\program files\Trend Micro
2010-11-13 18:15 . 2010-11-14 14:41 201216 ----a-w- c:\windows\system32\luquyte.exe
2010-11-13 06:31 . 2010-11-14 13:40 65278 ----a-w- C:\t6.exe
2010-11-12 13:44 . 2010-11-12 13:45 91136 ----a-w- C:\QuickTime1.exe
2010-11-10 06:26 . 2010-11-10 12:55 257 ----a-w- C:\jshd.exe
2010-11-10 06:06 . 2010-11-10 06:06 77824 --sh--r- d:\documents and settings\Jana\Data aplikací\juzjf.exe
2010-11-09 15:21 . 2010-11-09 16:11 256 ----a-w- C:\2xhs.exe
2010-11-09 07:49 . 2010-11-09 07:49 462848 ----a-w- C:\xhs.exe
2010-10-31 10:18 . 2010-10-31 10:18 1409 ----a-w- c:\windows\QTFont.for
2010-10-28 07:57 . 2010-10-28 07:57 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 15:04 . 2010-11-14 15:06 201216 ----a-w- c:\windows\system32\gagojoo.exe
2010-11-14 15:04 . 2010-11-13 18:15 201216 ----a-w- c:\windows\system32\sittahounou.exe
2010-10-21 16:54 . 2010-03-15 19:08 74 ----a-w- d:\documents and settings\Jana\Data aplikací\fspro2_0.tmp
2010-09-18 10:23 . 2005-07-05 14:52 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-07-05 14:52 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-07-05 14:52 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-07-05 14:52 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2005-07-05 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2005-07-05 14:52 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2005-07-05 14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2005-07-05 14:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2005-07-05 14:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2005-07-05 14:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2005-07-05 14:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2005-07-05 14:52 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2005-07-05 14:52 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-07-05 14:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Firewall"="d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe" [2010-11-14 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-05 180269]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"poru"="c:\windows\system32\sittahounou.exe" [2010-11-14 201216]
"Windows Firewall"="d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe" [2010-11-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

d:\documents and settings\Jana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
a1m5itz9.exe [2010-11-14 60416]
agq7cio72.exe [2010-11-14 60416]
mcs3ok6gg.exe [2010-11-14 60416]
mijzkgw0yt.exe [2010-11-14 60416]
qlgwc7tz.exe [2010-11-14 60416]
xjzkgw0y.exe [2010-11-14 60416]

d:\documents and settings\Administrator.Jachym\Nabˇdka Start\Programy\Po spuçtŘnˇ\
100k0rx.exe [2010-11-14 60416]
3ii6kf3.exe [2010-11-14 60416]
5opak3w.exe [2010-11-14 60416]
6dtj808.exe [2010-11-14 60416]
epabbhc7.exe [2010-11-14 60416]
l26ino0k.exe [2010-11-14 60416]
p0llcxxty.exe [2010-11-14 60416]
rs0i6kf3.exe [2010-11-14 60416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~2\DVDShell.dll" [2004-10-09 49152]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="d:\documents and settings\Jana\Data aplikací\juzjf.exe,explorer.exe,c:\recycler\S-1-5-21-0620631078-2633881485-264656865-1683\yv8g67.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="d:\documents and settings\Jana\Data aplikací\juzjf.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=d:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=d:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-05 15:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\apache\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Casino\\ParadiseCasino\\casino.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe

R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10.4.2006 21:31 6656]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 9:36 135664]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6.5.2008 2:11 1527900]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;d:\602\602FSVC8.EXE --> d:\602\602FSVC8.EXE [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c27635c-7a7e-11db-9ada-4d6564696130}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e248c8c-2221-11df-9c60-00148564c6ec}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-20 10:32]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 08:36]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 08:36]

2010-11-14 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 08:03]

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{28482018-BFFB-49AF-952A-FDF1491597F3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - d:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\s1mtbm0e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-pmxoqwim.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 16:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32\gagojoo.exe 201216 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(2444)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2180)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\docume~1\Jana\LOCALS~1\Temp\9428.exe
d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe
c:\windows\system32\luquyte.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 16:17:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 15:16

Před spuštěním: 8 312 483 840
Po spuštění: 7 178 932 224

- - End Of File - - 4273D3A1C2AC99B4A29E71360CF31F85

#4 Příspěvek od **vyosek** » 14 lis 2010 16:47

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
c:\windows\system32\luquyte.exe
C:\t6.exe
C:\QuickTime1.exe
C:\jshd.exe
d:\documents and settings\Jana\Data aplikací\juzjf.exe
C:\2xhs.exe
C:\xhs.exe
c:\windows\system32\gagojoo.exe
c:\windows\system32\sittahounou.exe
d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe
c:\\WINDOWS\\nvsvc32.exe
d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe
d:\docume~1\Jana\LOCALS~1\Temp\9428.exe
d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe
c:\windows\system32\luquyte.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\3ii6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\100k0rx.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\5opak3w.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\6dtj808.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\epabbhc7.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\a1m5itz9.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\agq7cio72.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mcs3ok6gg.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mijzkgw0yt.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\qlgwc7tz.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\xjzkgw0y.exe

Folder::
d:\docume~1\Jana\LOCALS~1\Temp
c:\recycler

File::
d:\documents and settings\Jana\Data aplikací\fspro2_0.tmp
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Setup my PC.job
c:\windows\Tasks\User_Feed_Synchronization-{28482018-BFFB-49AF-952A-FDF1491597F3}.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Firewall"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"PCSuiteTrayApplication"=-
"SunJavaUpdateSched"=-
"HP Software Update"=-
"poru"=-
"Windows Firewall"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=-
"Picasa Media Detector"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[-HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acrobat Assistant.lnk]
[-HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
[-HKLM\~\startupfolder\D:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[-HKLM\~\startupfolder\D:^Documents and Settings^Jirka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c27635c-7a7e-11db-9ada-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e248c8c-2221-11df-9c60-00148564c6ec}]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ententeak · #5 Příspěvek od **ententeak** » 14 lis 2010 18:35

ComboFix 10-11-13.01 - Jana 14.11.2010 18:08:02.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.450 [GMT 1:00]
Spuštěný z: d:\documents and settings\Jana\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Jana\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Setup my PC.job"
"c:\windows\Tasks\User_Feed_Synchronization-{28482018-BFFB-49AF-952A-FDF1491597F3}.job"
"d:\documents and settings\Jana\Data aplikací\fspro2_0.tmp"

file zipped: C:\2xhs.exe
file zipped: C:\jshd.exe
file zipped: C:\QuickTime1.exe
file zipped: C:\t6.exe
file zipped: C:\xhs.exe
file zipped: d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe
file zipped: d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe
file zipped: d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\100k0rx.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\3ii6kf3.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\5opak3w.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\6dtj808.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\epabbhc7.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe
file zipped: d:\documents and settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe
file zipped: d:\documents and settings\Jana\Data aplikací\juzjf.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2xhs.exe
C:\jshd.exe
C:\QuickTime1.exe
c:\recycler
C:\t6.exe
c:\windows\system32\secupdat.dat
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Setup my PC.job
c:\windows\Tasks\User_Feed_Synchronization-{28482018-BFFB-49AF-952A-FDF1491597F3}.job
C:\xhs.exe
d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe
d:\docume~1\Jana\LOCALS~1\Temp
d:\docume~1\Jana\LOCALS~1\Temp\327.exe
d:\docume~1\Jana\LOCALS~1\Temp\357.exe
d:\docume~1\Jana\LOCALS~1\Temp\378.exe
d:\docume~1\Jana\LOCALS~1\Temp\724.exe
d:\docume~1\Jana\LOCALS~1\Temp\804.exe
d:\docume~1\Jana\LOCALS~1\Temp\834.exe
d:\docume~1\Jana\LOCALS~1\Temp\842.exe
d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe
d:\docume~1\Jana\LOCALS~1\Temp\952.exe
d:\docume~1\Jana\LOCALS~1\Temp\libFNP_events.log
d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe
d:\docume~1\Jana\LOCALS~1\Temp\qomvilhov6C8DB022.tmp
d:\documents and settings\Jana\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CFcatchme
-------\Service_CFcatchme

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 16:57 . 2010-11-14 16:57 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-14 16:57 . 2010-11-14 16:57 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-14 15:43 . 2010-11-14 15:43 -------- d-----w- d:\documents and settings\Jana\Data aplikací\ESET
2010-11-14 15:42 . 2010-11-14 15:42 -------- d-----w- d:\documents and settings\Jana\Local Settings\Data aplikací\ESET
2010-11-14 15:41 . 2010-11-14 15:41 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2010-11-14 15:35 . 2010-11-14 15:35 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ESET
2010-11-14 15:35 . 2010-11-14 15:35 -------- d-----w- c:\program files\ESET
2010-11-14 14:26 . 2010-11-14 14:29 -------- d-----w- C:\rsit
2010-11-14 13:56 . 2010-11-14 13:56 -------- d-----w- c:\program files\CCleaner
2010-11-14 13:42 . 2010-11-14 13:59 -------- d-----w- d:\documents and settings\Administrator
2010-11-14 13:04 . 2010-11-14 14:27 -------- d-----w- c:\program files\Trend Micro
2010-11-10 06:06 . 2010-11-10 06:06 77824 --sha-r- d:\documents and settings\Jana\Data aplikací\juzjf.exe
2010-10-31 10:18 . 2010-10-31 10:18 1409 ----a-w- c:\windows\QTFont.for
2010-10-28 07:57 . 2010-10-28 07:57 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 16:54 . 2010-03-15 19:08 74 ----a-w- d:\documents and settings\Jana\Data aplikací\fspro2_0.tmp
2010-09-18 10:23 . 2005-07-05 14:52 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-07-05 14:52 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-07-05 14:52 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-07-05 14:52 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2005-07-05 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2005-07-05 14:52 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2005-07-05 14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2005-07-05 14:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2005-07-05 14:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2005-07-05 14:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2005-07-05 14:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2005-07-05 14:52 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2005-07-05 14:52 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-07-05 14:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-14 2225208]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

d:\documents and settings\Administrator.Jachym\Nabˇdka Start\Programy\Po spuçtŘnˇ\
100k0rx.exe [2010-11-14 60416]
3ii6kf3.exe [2010-11-14 60416]
5opak3w.exe [2010-11-14 60416]
6dtj808.exe [2010-11-14 60416]
epabbhc7.exe [2010-11-14 60416]
l26ino0k.exe [2010-11-14 60416]
p0llcxxty.exe [2010-11-14 60416]
rs0i6kf3.exe [2010-11-14 60416]

d:\documents and settings\Jana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
1u6b0no.exe [2010-11-14 60416]
a1m5itz9.exe [2010-11-14 60416]
agq7cio72.exe [2010-11-14 60416]
kkb0novr1.exe [2010-11-14 60416]
mcs3ok6gg.exe [2010-11-14 60416]
mijzkgw0yt.exe [2010-11-14 60416]
qlgwc7tz.exe [2010-11-14 60416]
tpvbwne2.exe [2010-11-14 60416]
uagi2zv0.exe [2010-11-14 60416]
xjzkgw0y.exe [2010-11-14 60416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~2\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\apache\\Apache.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Casino\\ParadiseCasino\\casino.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [10.4.2006 21:31 6656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [10.4.2006 21:31 28672]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 9:36 135664]
S2 iwatii9ay4oa2;Crystal Report Application Server;c:\windows\system32\gagojoo.exe --> c:\windows\system32\gagojoo.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6.5.2008 2:11 1527900]
S3 vaujjxyr;vaujjxyr;\??\c:\windows\System32\Drivers\vaujjxyr.sys --> c:\windows\System32\Drivers\vaujjxyr.sys [?]
S3 zzmagxbw;zzmagxbw;\??\c:\windows\System32\Drivers\zzmagxbw.sys --> c:\windows\System32\Drivers\zzmagxbw.sys [?]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;d:\602\602FSVC8.EXE --> d:\602\602FSVC8.EXE [?]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [1.2.2006 23:49 204800]
S4 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - d:\documents and settings\Jana\Data aplikací\Mozilla\Firefox\Profiles\s1mtbm0e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 18:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(708)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Celkový čas: 2010-11-14 18:32:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-14 17:32
ComboFix2.txt 2010-11-14 15:17

Před spuštěním: 6 993 088 512
Po spuštění: 6 967 889 920

- - End Of File - - 66FA789F0A12AE12E1B982A0FAB5761E

#6 Příspěvek od **vyosek** » 14 lis 2010 18:41

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
c:\windows\system32\luquyte.exe
C:\t6.exe
C:\QuickTime1.exe
C:\jshd.exe
d:\documents and settings\Jana\Data aplikací\juzjf.exe
C:\2xhs.exe
C:\xhs.exe
c:\windows\system32\gagojoo.exe
c:\windows\system32\sittahounou.exe
d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe
c:\\WINDOWS\\nvsvc32.exe
d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe
d:\docume~1\Jana\LOCALS~1\Temp\9428.exe
d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe
c:\windows\system32\luquyte.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\3ii6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\100k0rx.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\5opak3w.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\6dtj808.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\epabbhc7.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\a1m5itz9.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\agq7cio72.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mcs3ok6gg.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mijzkgw0yt.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\qlgwc7tz.exe
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\xjzkgw0y.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

ententeak · #7 Příspěvek od **ententeak** » 14 lis 2010 18:57

All processes killed
========== FILES ==========
File/Folder c:\windows\system32\luquyte.exe not found.
File/Folder C:\t6.exe not found.
File/Folder C:\QuickTime1.exe not found.
File/Folder C:\jshd.exe not found.
d:\documents and settings\Jana\Data aplikací\juzjf.exe moved successfully.
File/Folder C:\2xhs.exe not found.
File/Folder C:\xhs.exe not found.
File/Folder c:\windows\system32\gagojoo.exe not found.
File/Folder c:\windows\system32\sittahounou.exe not found.
File/Folder d:\docume~1\Jana\LOCALS~1\Temp\lsass.exe not found.
File/Folder c:\\WINDOWS\\nvsvc32.exe not found.
File move failed. d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe scheduled to be moved on reboot.
File/Folder d:\docume~1\Jana\LOCALS~1\Temp\9428.exe not found.
File/Folder d:\docume~1\Jana\LOCALS~1\Temp\8943164.exe not found.
File/Folder c:\windows\system32\luquyte.exe not found.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\3ii6kf3.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\100k0rx.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\5opak3w.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\6dtj808.exe moved successfully.
D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\epabbhc7.exe moved successfully.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\l26ino0k.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\p0llcxxty.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\rs0i6kf3.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\a1m5itz9.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\agq7cio72.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mcs3ok6gg.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\mijzkgw0yt.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\qlgwc7tz.exe not found.
File/Folder D:\Documents and Settings\Administrator.Jachym\Nabídka Start\Programy\Po spuštění\xjzkgw0y.exe not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\setb0.tmp moved successfully.
C:\WINDOWS\system32\setb1.tmp moved successfully.
C:\WINDOWS\002713_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP208.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP261.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP293.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3A0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE3.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI12E.tmp moved successfully.
C:\WINDOWS\Installer\MSI135.tmp moved successfully.
C:\WINDOWS\Installer\MSI17E.tmp moved successfully.
C:\WINDOWS\Installer\MSI186.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C0.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C6.tmp moved successfully.
C:\WINDOWS\Installer\MSI38.tmp moved successfully.
C:\WINDOWS\Installer\MSI68.tmp moved successfully.
C:\WINDOWS\Installer\MSI6D.tmp moved successfully.
C:\WINDOWS\Installer\MSI7.tmp moved successfully.
C:\WINDOWS\Installer\MSI7F.tmp moved successfully.
C:\WINDOWS\Installer\MSI85.tmp moved successfully.
C:\WINDOWS\Installer\MSI95.tmp moved successfully.
C:\WINDOWS\Installer\MSIBC.tmp moved successfully.
C:\WINDOWS\Installer\MSIC0.tmp moved successfully.
C:\WINDOWS\Installer\MSID.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1368328 bytes
->Temporary Internet Files folder emptied: 455814 bytes
->FireFox cache emptied: 13785527 bytes
->Flash cache emptied: 434 bytes

User: Administrator.Jachym
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 31503840 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Jana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59414230 bytes
->Java cache emptied: 10305452 bytes
->FireFox cache emptied: 25662672 bytes
->Flash cache emptied: 97526 bytes

User: Jirka
->Temp folder emptied: 553221229 bytes
->Temporary Internet Files folder emptied: 156625075 bytes
->Java cache emptied: 24668563 bytes
->FireFox cache emptied: 26208510 bytes
->Apple Safari cache emptied: 4713472 bytes
->Flash cache emptied: 6593 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

User: TEMP
->FireFox cache emptied: 43618715 bytes
->Apple Safari cache emptied: 2279424 bytes
->Flash cache emptied: 589 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 910,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 11142010_184303

Files moved on Reboot...
File move failed. d:\\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 Příspěvek od **vyosek** » 14 lis 2010 19:00

Jedna mrcha se brani

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
d:\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

Napiste jak se chova PC

ententeak · #9 Příspěvek od **ententeak** » 14 lis 2010 19:09

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "d:\Documents and Settings\\Jana\\Plocha\\P17535732.JPG-www.facebook.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#10 Příspěvek od **vyosek** » 14 lis 2010 19:09

Dejte novy log z RSIT a napiste jak se chova PC

ententeak · #11 Příspěvek od **ententeak** » 14 lis 2010 19:14

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jana at 2010-11-14 19:11:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (22%) free of 31 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:12:07, on 14.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Jana\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Jana.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - Startup: 1u6b0no.exe
O4 - Startup: a1m5itz9.exe
O4 - Startup: agq7cio72.exe
O4 - Startup: kkb0novr1.exe
O4 - Startup: mcs3ok6gg.exe
O4 - Startup: mijzkgw0yt.exe
O4 - Startup: qlgwc7tz.exe
O4 - Startup: tpvbwne2.exe
O4 - Startup: uagi2zv0.exe
O4 - Startup: xjzkgw0y.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Crystal Report Application Server (iwatii9ay4oa2) - Unknown owner - C:\WINDOWS\system32\gagojoo.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\rezerve\bin\mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9612 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-08 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"PCMService"=c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-14 2225208]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-10 81920]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

D:\Documents and Settings\Jana\Nabídka Start\Programy\Po spuštění
1u6b0no.exe
a1m5itz9.exe
agq7cio72.exe
kkb0novr1.exe
mcs3ok6gg.exe
mijzkgw0yt.exe
qlgwc7tz.exe
tpvbwne2.exe
uagi2zv0.exe
xjzkgw0y.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-11 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~2\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\APPS\skype\Plugin Manager\skypePM.exe"="C:\APPS\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Casino\ParadiseCasino\casino.exe"="C:\Casino\ParadiseCasino\casino.exe:*:Enabled:casino"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-14 19:02:18 ----A---- C:\avenger.txt
2010-11-14 19:01:34 ----A---- C:\zip.exe
2010-11-14 19:01:34 ----A---- C:\cleanup.exe
2010-11-14 19:01:34 ----A---- C:\cleanup.bat
2010-11-14 18:49:43 ----SHD---- C:\RECYCLER
2010-11-14 18:32:11 ----A---- C:\ComboFix.txt
2010-11-14 16:43:19 ----D---- D:\Documents and Settings\Jana\Data aplikací\ESET
2010-11-14 16:35:19 ----D---- D:\Documents and Settings\All Users\Data aplikací\ESET
2010-11-14 16:35:19 ----D---- C:\Program Files\ESET
2010-11-14 16:01:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 16:00:29 ----ASH---- C:\hiberfil.sys
2010-11-14 15:55:45 ----AD---- C:\WINDOWS\temp
2010-11-14 15:43:49 ----A---- C:\WINDOWS\zip.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\sed.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 15:43:49 ----A---- C:\WINDOWS\grep.exe
2010-11-14 15:43:42 ----D---- C:\WINDOWS\ERDNT
2010-11-14 15:43:22 ----AD---- C:\Qoobox
2010-11-14 15:26:26 ----D---- C:\rsit
2010-11-14 15:16:42 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-14 14:56:07 ----D---- C:\Program Files\CCleaner
2010-11-14 14:04:29 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-11-14 19:04:14 ----AD---- C:\WINDOWS\system32
2010-11-14 19:02:19 ----D---- C:\WINDOWS\system32\drivers
2010-11-14 19:02:19 ----D---- C:\WINDOWS
2010-11-14 18:43:28 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-14 18:43:27 ----D---- C:\WINDOWS\twain_32
2010-11-14 18:43:26 ----SHD---- C:\WINDOWS\Installer
2010-11-14 18:29:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-14 18:25:08 ----D---- C:\WINDOWS\system32\Lang
2010-11-14 18:23:42 ----A---- C:\WINDOWS\system.ini
2010-11-14 18:19:57 ----D---- C:\WINDOWS\system32\config
2010-11-14 18:16:59 ----SD---- C:\WINDOWS\Tasks
2010-11-14 18:14:26 ----D---- C:\WINDOWS\AppPatch
2010-11-14 18:14:18 ----D---- C:\Program Files\Common Files
2010-11-14 17:58:03 ----D---- C:\Program Files\Mozilla Firefox
2010-11-14 16:43:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-14 16:41:15 ----HD---- C:\WINDOWS\inf
2010-11-14 16:35:19 ----RD---- C:\Program Files
2010-11-14 15:17:44 ----D---- C:\Program Files\Weather Watcher
2010-11-14 15:13:39 ----D---- C:\WINDOWS\Minidump
2010-11-14 14:59:53 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 14:59:40 ----D---- C:\WINDOWS\Debug
2010-11-13 18:30:46 ----D---- C:\WINDOWS\Prefetch
2010-11-06 19:22:33 ----D---- D:\Documents and Settings\Jana\Data aplikací\Image Zone Express
2010-11-06 10:04:46 ----D---- C:\Program Files\FinePixViewer
2010-11-03 06:57:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-21 17:54:41 ----A---- D:\Documents and Settings\Jana\Data aplikací\fspro2_0.tmp
2010-10-15 19:03:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-10-15 19:03:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-15 10:27:42 ----D---- D:\Documents and Settings\All Users\Data aplikací\FLEXnet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-23 43872]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2007-12-29 114048]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-11 3331072]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2004-10-19 28207]
S0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-07-16 221736]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-07-02 1301128]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-07-02 167384]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-10 6738432]
S3 RecAgent;recagent; \??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-08-20 548952]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-07-02 86128]
S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-07-02 39348]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaujjxyr;vaujjxyr; \??\C:\WINDOWS\System32\Drivers\vaujjxyr.sys []
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 zzmagxbw;zzmagxbw; \??\C:\WINDOWS\System32\Drivers\zzmagxbw.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-11 581632]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-07-14 65536]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-23 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-07-02 45056]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-07-14 1527887]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-21 654848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-10 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]
S2 iwatii9ay4oa2;Crystal Report Application Server; C:\WINDOWS\system32\gagojoo.exe []
S2 MySQL;MySQL; D:\rezerve\bin\mysqld-nt.exe [2004-05-28 2179072]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-10 163908]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-01 45056]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; D:\602\602FSVC8.EXE []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-01 102400]
S4 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-01 57616]
S4 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-01 59064320]
S4 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
S4 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]

-----------------EOF-----------------

Jinak PC se tváří celkem OK, jen při spuštění PC nadává, že nemůže najít nějakej soubor MOM.něco...
Obrázek

#12 Příspěvek od **vyosek** » 14 lis 2010 19:24

Jeste jeden skript pro Avenger

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\gagojoo.exe
C:\WINDOWS\System32\Drivers\zzmagxbw.sys
C:\WINDOWS\System32\Drivers\vaujjxyr.sys

Drivers to delete:
iwatii9ay4oa2
zzmagxbw
vaujjxyr
catchme

Dejte mi sem prosim screen te hlasky - navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114

ententeak · #13 Příspěvek od **ententeak** » 14 lis 2010 19:34

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\gagojoo.exe" not found!
Deletion of file "C:\WINDOWS\system32\gagojoo.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\System32\Drivers\zzmagxbw.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\zzmagxbw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\System32\Drivers\vaujjxyr.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\vaujjxyr.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "iwatii9ay4oa2" deleted successfully.
Driver "zzmagxbw" deleted successfully.
Driver "vaujjxyr" deleted successfully.
Driver "catchme" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jinak screen jsem hodil k předchozímu příspěvku...

#14 Příspěvek od **vyosek** » 14 lis 2010 19:41

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u google toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Stahnete Revo Uninstaller http://www.stahuj.centrum.cz/utility_a_ ... installer/

Pomoci Revo Uninstalleru odinstalujte NETframework

Vycistete registry pres CCleaner

Restart PC a znovu nainstalovat NETframework

ententeak · #15 Příspěvek od **ententeak** » 14 lis 2010 21:04

Tak díky za pomoc, skončil jsem TFCčkem, než mě paní majitelka stroje (mj. Podnikatelka a onen PC používá k pracovním účelům, takže legální ESET je samozřejmost, o to se bát nemusíte) "vyhodila" s tím, že si musí jet pro dceru..
Snad je to nejhorší v čudu.. Už jen ten framework a vyčistit, předpokládám...
Ale stejně mi ten PC přišel nějakej zpomalenej..
Každopádně díky za pomoc. Takhle zajetelenej počítač už jsem taky dlouho neviděl..

VIRY.CZ

Po padu systemu nejde nainstalit ani ESET

Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET

Re: Po padu systemu nejde nainstalit ani ESET