Prosim o kontrolu - odstraneni trojanu

[Stormmaster]

Procistil jsem PC od trojanu a dalsi haveti, prosim o kontrolu logu.

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-12-12 13:48:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (19%) free of 191 GB
Total RAM: 1023 MB (55% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{F7684521-9074-43C2-8210-A1F99B86ED3F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{ED1184DA-E57E-4480-99D0-A16809037F54} - eSnips - C:\Program Files\eSnips\SnipBar.dll [2007-01-04 274432]
{82315A18-6CFB-44a7-BDFD-90E36537C252}
{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-02-21 131072]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-30 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe [2007-06-26 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
C:\Program Files\eSnips\ClientGW.exe [2007-01-04 700416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
C:\WINDOWS\nvsvc32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
C:\WINDOWS\system32\sw24.exe [2006-09-07 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
C:\WINDOWS\system32\winsys2.exe [2006-10-03 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~2.EXE [2006-12-08 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-08-04 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aocufqnm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\asbsohxc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\brujrrfn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dtgiicjo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmmhbxbe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isuoiroo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kzgijric]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oqjjhkln]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\orhdqfjm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pybfnvrn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\umjzosuu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uqofntno]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aocufqnm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\asbsohxc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\brujrrfn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dtgiicjo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gmmhbxbe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\isuoiroo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\kzgijric]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\oqjjhkln]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\orhdqfjm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pybfnvrn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\umjzosuu]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uqofntno]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MotoGP2\motogp2.exe"="C:\Program Files\MotoGP2\motogp2.exe:*:Enabled:motogp2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Documents and Settings\Iveta\Plocha\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\SIMS\RACER\tracked.exe"="C:\SIMS\RACER\tracked.exe:*:Enabled:tracked"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-12 13:07:41 ----D---- C:\WINDOWS\LastGood
2010-12-12 13:06:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Lavasoft
2010-12-12 12:55:22 ----D---- C:\rsit
2010-12-12 12:55:22 ----D---- C:\Program Files\trend micro
2010-12-12 12:55:02 ----D---- C:\TEMP
2010-12-12 10:12:38 ----SHD---- C:\Config.Msi
2010-12-11 19:02:55 ----D---- C:\WINDOWS\Prefetch
2010-12-11 18:12:41 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-12-11 18:12:41 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-12-11 18:12:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\credssp.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-12-11 18:12:36 ----N---- C:\WINDOWS\system32\azroles.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-12-11 18:12:35 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-12-11 18:12:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\onex.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\napstat.exe
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\mssha.dll
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-12-11 18:12:33 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\setupn.exe
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\qutil.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-12-11 18:12:32 ----N---- C:\WINDOWS\system32\qagent.dll
2010-12-11 18:12:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-12-11 18:12:29 ----D---- C:\WINDOWS\system32\cs
2010-12-11 18:12:29 ----D---- C:\WINDOWS\system32\bits
2010-12-11 18:12:29 ----D---- C:\WINDOWS\l2schemas
2010-12-11 18:09:11 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-12-11 18:08:00 ----A---- C:\WINDOWS\005613_.tmp
2010-12-11 15:07:10 ----A---- C:\WINDOWS\system32\wpa.bak
2010-12-11 14:17:55 ----ASH---- C:\pagefile.sys
2010-12-09 18:33:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-12-09 17:25:14 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-09 16:33:06 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-09 16:31:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Avira
2010-12-09 10:43:27 ----D---- C:\WINDOWS\pss
2010-12-09 09:47:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-12-09 09:47:02 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-12-09 09:47:02 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-12-09 09:47:02 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-12-09 09:47:02 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-12-09 09:47:00 ----D---- C:\Program Files\Avira
2010-12-09 09:47:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-12-09 09:46:44 ----D---- C:\Program Files\CCleaner
2010-12-09 08:59:05 ----A---- C:\WINDOWS\system32\pidgen.dll.wga
2010-12-09 08:59:04 ----A---- C:\WINDOWS\system32\dpcdll.dll.wga
2010-12-09 08:48:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2010-12-09 08:42:16 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-12-09 08:42:15 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-12-09 07:18:29 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-12-03 13:57:21 ----A---- C:\WINDOWS\system32\drivers\gmmhbxbe.sys

======List of files/folders modified in the last 1 months======

2010-12-12 13:08:03 ----HD---- C:\WINDOWS\inf
2010-12-12 13:07:41 ----D---- C:\WINDOWS
2010-12-12 13:05:42 ----SHD---- C:\RECYCLER
2010-12-12 13:00:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-12 13:00:50 ----AD---- C:\WINDOWS\Temp
2010-12-12 13:00:48 ----D---- C:\WINDOWS\Driver Cache
2010-12-12 13:00:47 ----D---- C:\WINDOWS\Minidump
2010-12-12 13:00:47 ----D---- C:\WINDOWS\Debug
2010-12-12 12:55:22 ----RD---- C:\Program Files
2010-12-12 12:52:06 ----D---- C:\WINDOWS\system32
2010-12-12 12:52:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-12 12:50:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-12 11:35:42 ----D---- C:\WINDOWS\system32\wbem
2010-12-12 11:35:42 ----D---- C:\WINDOWS\AppPatch
2010-12-12 10:42:54 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-12 10:42:09 ----SHD---- C:\WINDOWS\Installer
2010-12-12 10:42:04 ----D---- C:\WINDOWS\system32\drivers
2010-12-12 10:41:50 ----D---- C:\Program Files\Messenger
2010-12-12 10:41:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-12 10:41:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-12 10:40:05 ----D---- C:\WINDOWS\WinSxS
2010-12-12 10:31:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-12 10:31:05 ----RSD---- C:\WINDOWS\assembly
2010-12-12 10:18:13 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-12 10:13:36 ----D---- C:\Program Files\Outlook Express
2010-12-12 10:13:16 ----D---- C:\Program Files\Movie Maker
2010-12-12 09:26:57 ----SD---- C:\WINDOWS\Tasks
2010-12-11 18:48:25 ----D---- C:\WINDOWS\system32\Setup
2010-12-11 18:48:24 ----RSD---- C:\WINDOWS\Fonts
2010-12-11 18:24:48 ----D---- C:\WINDOWS\security
2010-12-11 18:12:42 ----D---- C:\WINDOWS\EHome
2010-12-11 18:12:41 ----D---- C:\WINDOWS\system32\inetsrv
2010-12-11 18:12:41 ----D---- C:\WINDOWS\network diagnostic
2010-12-11 18:12:41 ----D---- C:\WINDOWS\ime
2010-12-11 18:12:39 ----D---- C:\WINDOWS\Help
2010-12-11 18:12:31 ----D---- C:\WINDOWS\system32\cs-cz
2010-12-11 18:12:30 ----D---- C:\WINDOWS\system32\usmt
2010-12-11 18:12:29 ----D---- C:\WINDOWS\peernet
2010-12-11 18:10:30 ----D---- C:\WINDOWS\system32\Restore
2010-12-11 18:10:30 ----D---- C:\WINDOWS\system32\npp
2010-12-11 18:10:29 ----D---- C:\WINDOWS\msagent
2010-12-11 18:10:28 ----D---- C:\WINDOWS\srchasst
2010-12-11 18:10:28 ----D---- C:\Program Files\NetMeeting
2010-12-11 18:10:27 ----D---- C:\WINDOWS\system32\Com
2010-12-11 18:10:26 ----D---- C:\Program Files\Windows Media Player
2010-12-11 18:10:25 ----D---- C:\Program Files\Windows NT
2010-12-11 18:10:23 ----D---- C:\Program Files\Common Files\System
2010-12-11 18:10:07 ----D---- C:\WINDOWS\system32\oobe
2010-12-11 18:10:06 ----D---- C:\WINDOWS\system
2010-12-11 18:07:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-11 18:07:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-12-11 15:49:13 ----D---- C:\WINDOWS\Registration
2010-12-11 12:59:45 ----D---- C:\Program Files\Google
2010-12-11 12:58:39 ----ASD---- C:\Program Files\NewDotNet
2010-12-10 15:04:40 ----SHD---- C:\System Volume Information
2010-12-09 18:35:31 ----RD---- C:\Program Files\Skype
2010-12-09 18:33:51 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 17:04:35 ----A---- C:\WINDOWS\system.ini
2010-12-09 16:33:05 ----D---- C:\WINDOWS\repair
2010-12-09 16:23:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-09 10:00:22 ----D---- C:\WINDOWS\Cache
2010-12-09 10:00:17 ----D---- C:\WINDOWS\system32\LogFiles
2010-12-09 08:42:15 ----D---- C:\Documents and Settings
2010-12-03 17:14:09 ----D---- C:\Program Files\AIMP2
2010-11-25 18:40:17 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-06-04 43872]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-18 717296]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-11-30 135096]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-30 61960]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016]
S0 gmmhbxbe;gmmhbxbe; C:\WINDOWS\System32\Drivers\gmmhbxbe.sys [2010-12-03 40128]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 pybfnvrn;pybfnvrn; C:\WINDOWS\system32\drivers\pybfnvrn.sys []
S3 a0rshfd3;a0rshfd3; C:\WINDOWS\system32\drivers\a0rshfd3.sys []
S3 aqhutlby;aqhutlby; \??\C:\WINDOWS\System32\Drivers\aqhutlby.sys []
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
S3 bkgepvti;bkgepvti; \??\C:\WINDOWS\System32\Drivers\bkgepvti.sys []
S3 bljusgpe;bljusgpe; \??\C:\WINDOWS\System32\Drivers\bljusgpe.sys []
S3 brqqlpjq;brqqlpjq; \??\C:\WINDOWS\System32\Drivers\brqqlpjq.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ccffzidf;ccffzidf; \??\C:\WINDOWS\System32\Drivers\ccffzidf.sys []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 gxqlpyzd;gxqlpyzd; \??\C:\WINDOWS\System32\Drivers\gxqlpyzd.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hmbdygxa;hmbdygxa; \??\C:\WINDOWS\System32\Drivers\hmbdygxa.sys []
S3 hyirepzo;hyirepzo; \??\C:\WINDOWS\System32\Drivers\hyirepzo.sys []
S3 kkidatkq;kkidatkq; \??\C:\WINDOWS\System32\Drivers\kkidatkq.sys []
S3 lmcgfmrc;lmcgfmrc; \??\C:\WINDOWS\System32\Drivers\lmcgfmrc.sys []
S3 mjsbrdek;mjsbrdek; \??\C:\WINDOWS\System32\Drivers\mjsbrdek.sys []
S3 mnlrpiol;mnlrpiol; \??\C:\WINDOWS\System32\Drivers\mnlrpiol.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 mxjbehcw;mxjbehcw; \??\C:\WINDOWS\System32\Drivers\mxjbehcw.sys []
S3 mxkrsxrp;mxkrsxrp; \??\C:\WINDOWS\System32\Drivers\mxkrsxrp.sys []
S3 mzbkvejr;mzbkvejr; \??\C:\WINDOWS\System32\Drivers\mzbkvejr.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 NTACCESS;NTACCESS; \??\H:\NTACCESS.sys []
S3 ntwdmbdv;ntwdmbdv; \??\C:\WINDOWS\System32\Drivers\ntwdmbdv.sys []
S3 psosdrsu;psosdrsu; \??\C:\WINDOWS\System32\Drivers\psosdrsu.sys []
S3 qeqwjxwi;qeqwjxwi; \??\C:\WINDOWS\System32\Drivers\qeqwjxwi.sys []
S3 qivuumnc;qivuumnc; \??\C:\WINDOWS\System32\Drivers\qivuumnc.sys []
S3 qvvbhock;qvvbhock; \??\C:\WINDOWS\System32\Drivers\qvvbhock.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\H:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SoC PC-Camera Service;CANYON CN-WCAM21 PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-09-01 138396]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tccvhcgi;tccvhcgi; \??\C:\WINDOWS\System32\Drivers\tccvhcgi.sys []
S3 tldrznaa;tldrznaa; \??\C:\WINDOWS\System32\Drivers\tldrznaa.sys []
S3 tubkyzjc;tubkyzjc; \??\C:\WINDOWS\System32\Drivers\tubkyzjc.sys []
S3 uflnpizb;uflnpizb; \??\C:\WINDOWS\System32\Drivers\uflnpizb.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wbjghfqz;wbjghfqz; \??\C:\WINDOWS\System32\Drivers\wbjghfqz.sys []
S3 wgijmnqv;wgijmnqv; \??\C:\WINDOWS\System32\Drivers\wgijmnqv.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 wypeulue;wypeulue; \??\C:\WINDOWS\System32\Drivers\wypeulue.sys []
S3 xzksinvu;xzksinvu; \??\C:\WINDOWS\System32\Drivers\xzksinvu.sys []
S3 yqkgnbxm;yqkgnbxm; \??\C:\WINDOWS\System32\Drivers\yqkgnbxm.sys []
S3 zkbokzbe;zkbokzbe; \??\C:\WINDOWS\System32\Drivers\zkbokzbe.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-30 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-06-01 196708]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 ko9aaieks;BsHelpCS; C:\WINDOWS\system32\neroubuquec.exe []
S2 NNServ;NNServ; C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\NewDotNet\nncore.dll ServiceStart []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-28 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Stáhni si ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Nevkládej logy do Code - špatně se to luští

[Stormmaster]

ComboFix 10-12-11.06 - Administrator 13.12.2010 11:37:29.1.1 - x86
Spuštěný z: c:\temp\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\newdotnet
c:\program files\newdotnet\readme.html
c:\program files\webmediaviewer
C:\readme.txt
c:\windows\ST6UNST.000

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Legacy_WIN32X
-------\Service_NNServ


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 17:07 . 2010-12-12 17:08 3988679 ----a-r- c:\temp\ComboFix.exe
2010-12-12 11:55 . 2010-12-12 11:55 -------- d-----w- C:\rsit
2010-12-12 11:55 . 2010-12-12 11:55 -------- d-----w- c:\program files\trend micro
2010-12-12 11:55 . 2010-12-12 18:21 -------- d-----w- C:\TEMP
2010-12-12 10:34 . 2010-12-12 10:34 339991 ----a-w- c:\temp\RSIT.exe
2010-12-11 17:09 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-12-11 17:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows\005613_.tmp
2010-12-09 15:33 . 2010-12-13 09:43 -------- d-----w- c:\windows\system32\NtmsData
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-12-09 08:47 . 2010-11-30 17:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-09 08:47 . 2010-11-30 17:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-09 08:47 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-09 08:47 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-09 08:47 . 2010-12-09 08:47 -------- d-----w- c:\program files\Avira
2010-12-09 08:47 . 2010-12-09 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2010-12-09 08:46 . 2010-12-09 08:46 -------- d-----w- c:\program files\CCleaner
2010-12-09 07:59 . 2004-08-17 13:48 24064 ----a-w- c:\windows\system32\pidgen.dll.wga
2010-12-09 07:59 . 2004-08-17 13:48 96768 ----a-w- c:\windows\system32\dpcdll.dll.wga
2010-12-09 07:42 . 2010-12-12 12:05 -------- d-----w- c:\documents and settings\Administrator
2010-12-09 07:25 . 2010-12-09 07:25 -------- d-----w- c:\documents and settings\Daša\Data aplikací\EPSON
2010-12-09 06:18 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-03 12:57 . 2010-12-03 12:57 40128 ----a-w- c:\windows\system32\drivers\gmmhbxbe.sys
2010-12-03 12:56 . 2004-08-17 13:49 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-23 19:05 . 2010-11-23 19:05 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2002-12-05 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-12-05 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-12-05 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-12-05 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmmhbxbe.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-06-26 15:58 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
2007-01-04 14:24 700416 ----a-w- c:\program files\eSnips\ClientGW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-23 15:06 1398272 ----a-w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
2006-09-07 10:14 69632 ----a-r- c:\windows\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2006-10-03 06:37 217088 ----a-r- c:\windows\system32\WinSys2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.12.2008 22:26 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9.12.2010 9:47 135336]
S0 gmmhbxbe;gmmhbxbe;c:\windows\system32\drivers\gmmhbxbe.sys [3.12.2010 13:57 40128]
S2 ko9aaieks;BsHelpCS;c:\windows\system32\neroubuquec.exe --> c:\windows\system32\neroubuquec.exe [?]
S2 pybfnvrn;pybfnvrn; [x]
S3 aqhutlby;aqhutlby;\??\c:\windows\System32\Drivers\aqhutlby.sys --> c:\windows\System32\Drivers\aqhutlby.sys [?]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [22.6.2007 19:53 1171456]
S3 bkgepvti;bkgepvti;\??\c:\windows\System32\Drivers\bkgepvti.sys --> c:\windows\System32\Drivers\bkgepvti.sys [?]
S3 bljusgpe;bljusgpe;\??\c:\windows\System32\Drivers\bljusgpe.sys --> c:\windows\System32\Drivers\bljusgpe.sys [?]
S3 brqqlpjq;brqqlpjq;\??\c:\windows\System32\Drivers\brqqlpjq.sys --> c:\windows\System32\Drivers\brqqlpjq.sys [?]
S3 ccffzidf;ccffzidf;\??\c:\windows\System32\Drivers\ccffzidf.sys --> c:\windows\System32\Drivers\ccffzidf.sys [?]
S3 gxqlpyzd;gxqlpyzd;\??\c:\windows\System32\Drivers\gxqlpyzd.sys --> c:\windows\System32\Drivers\gxqlpyzd.sys [?]
S3 hmbdygxa;hmbdygxa;\??\c:\windows\System32\Drivers\hmbdygxa.sys --> c:\windows\System32\Drivers\hmbdygxa.sys [?]
S3 hyirepzo;hyirepzo;\??\c:\windows\System32\Drivers\hyirepzo.sys --> c:\windows\System32\Drivers\hyirepzo.sys [?]
S3 kkidatkq;kkidatkq;\??\c:\windows\System32\Drivers\kkidatkq.sys --> c:\windows\System32\Drivers\kkidatkq.sys [?]
S3 lmcgfmrc;lmcgfmrc;\??\c:\windows\System32\Drivers\lmcgfmrc.sys --> c:\windows\System32\Drivers\lmcgfmrc.sys [?]
S3 mjsbrdek;mjsbrdek;\??\c:\windows\System32\Drivers\mjsbrdek.sys --> c:\windows\System32\Drivers\mjsbrdek.sys [?]
S3 mnlrpiol;mnlrpiol;\??\c:\windows\System32\Drivers\mnlrpiol.sys --> c:\windows\System32\Drivers\mnlrpiol.sys [?]
S3 mxjbehcw;mxjbehcw;\??\c:\windows\System32\Drivers\mxjbehcw.sys --> c:\windows\System32\Drivers\mxjbehcw.sys [?]
S3 mxkrsxrp;mxkrsxrp;\??\c:\windows\System32\Drivers\mxkrsxrp.sys --> c:\windows\System32\Drivers\mxkrsxrp.sys [?]
S3 mzbkvejr;mzbkvejr;\??\c:\windows\System32\Drivers\mzbkvejr.sys --> c:\windows\System32\Drivers\mzbkvejr.sys [?]
S3 ntwdmbdv;ntwdmbdv;\??\c:\windows\System32\Drivers\ntwdmbdv.sys --> c:\windows\System32\Drivers\ntwdmbdv.sys [?]
S3 psosdrsu;psosdrsu;\??\c:\windows\System32\Drivers\psosdrsu.sys --> c:\windows\System32\Drivers\psosdrsu.sys [?]
S3 qeqwjxwi;qeqwjxwi;\??\c:\windows\System32\Drivers\qeqwjxwi.sys --> c:\windows\System32\Drivers\qeqwjxwi.sys [?]
S3 qivuumnc;qivuumnc;\??\c:\windows\System32\Drivers\qivuumnc.sys --> c:\windows\System32\Drivers\qivuumnc.sys [?]
S3 qvvbhock;qvvbhock;\??\c:\windows\System32\Drivers\qvvbhock.sys --> c:\windows\System32\Drivers\qvvbhock.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]
S3 tccvhcgi;tccvhcgi;\??\c:\windows\System32\Drivers\tccvhcgi.sys --> c:\windows\System32\Drivers\tccvhcgi.sys [?]
S3 tldrznaa;tldrznaa;\??\c:\windows\System32\Drivers\tldrznaa.sys --> c:\windows\System32\Drivers\tldrznaa.sys [?]
S3 tubkyzjc;tubkyzjc;\??\c:\windows\System32\Drivers\tubkyzjc.sys --> c:\windows\System32\Drivers\tubkyzjc.sys [?]
S3 uflnpizb;uflnpizb;\??\c:\windows\System32\Drivers\uflnpizb.sys --> c:\windows\System32\Drivers\uflnpizb.sys [?]
S3 wbjghfqz;wbjghfqz;\??\c:\windows\System32\Drivers\wbjghfqz.sys --> c:\windows\System32\Drivers\wbjghfqz.sys [?]
S3 wgijmnqv;wgijmnqv;\??\c:\windows\System32\Drivers\wgijmnqv.sys --> c:\windows\System32\Drivers\wgijmnqv.sys [?]
S3 wypeulue;wypeulue;\??\c:\windows\System32\Drivers\wypeulue.sys --> c:\windows\System32\Drivers\wypeulue.sys [?]
S3 xzksinvu;xzksinvu;\??\c:\windows\System32\Drivers\xzksinvu.sys --> c:\windows\System32\Drivers\xzksinvu.sys [?]
S3 yqkgnbxm;yqkgnbxm;\??\c:\windows\System32\Drivers\yqkgnbxm.sys --> c:\windows\System32\Drivers\yqkgnbxm.sys [?]
S3 zkbokzbe;zkbokzbe;\??\c:\windows\System32\Drivers\zkbokzbe.sys --> c:\windows\System32\Drivers\zkbokzbe.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{F7684521-9074-43C2-8210-A1F99B86ED3F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\6w1dfevg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-Picasa Media Detector - c:\documents and settings\Iveta\Plocha\Picasa2\PicasaMediaDetector.exe
SafeBoot-aocufqnm
SafeBoot-asbsohxc
SafeBoot-brujrrfn
SafeBoot-dtgiicjo
SafeBoot-isuoiroo
SafeBoot-kzgijric
SafeBoot-oqjjhkln
SafeBoot-orhdqfjm
SafeBoot-pybfnvrn
SafeBoot-umjzosuu
SafeBoot-uqofntno
MSConfigStartUp-NVIDIA driver monitor - c:\windows\nvsvc32.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Racer - c:\sims\RACER\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 11:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1547161642-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,c3,d5,c6,e8,87,f4,4f,9b,17,0f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,c3,d5,c6,e8,87,f4,4f,9b,17,0f,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3748)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-13 12:06:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-13 11:06

Před spuštěním: Volných bajtů: 38 757 208 064
Po spuštění: Volných bajtů: 38 686 109 696

- - End Of File - - CE8FC744A32975E237210D0FA7127369

[cernohous13]

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole "Název souboru" jen zkopíruj:

c:\windows\system32\drivers\gmmhbxbe.sys

"Send file" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

totéž se soubory:
c:\windows\QTFont.for
c:\windows\005613_.tmp

[Stormmaster]

File name: gmmhbxbe.sys
Submission date: 2010-12-13 15:24:52 (UTC)
Current status: finished
Result: 1/ 43 (2.3%)

Comodo ... 7048 ... 2010.12.13 ... UnclassifiedMalware

http://www.virustotal.com/file-scan/rep ... 1292253892
______________________________________________________________________________
File name: QTFont.for
Submission date: 2010-12-13 15:26:58 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)

http://www.virustotal.com/file-scan/rep ... 1292254018
______________________________________________________________________________
File name: 005613_.tmp
Submission date: 2010-12-13 15:33:36 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)

http://www.virustotal.com/file-scan/rep ... 1292254416

[Stormmaster]

Jeste jsem koukal do nastaveni Firewallu a jsou tam otevreny porty, u kterych si nejsem jistej, co to je zac...

Název vyjimky: Local Security Authentication Server
a otevrelo si to porty TCP
29379
18607
14851
13707
11074
5914

[cernohous13]

c:\windows\system32\drivers\gmmhbxbe.sys (2010-12-03 12:57)
byl zřejmě nainstalován současně s
c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
měla by to být knihovna od MS pro sdílení na síti v souvislosti s WMP
máš tušení o co se jedná? - informace na googlu jsou trochu nesrozumitelné ale toto je mi podezřelé
http://translate.google.cz/translate?hl ... rmd%3Divfd
nejsem si jistý které porty si otvírá

pokud neznáš, spolu s ostatními vadami opravím a smažu

[Stormmaster]

Netusim, o co se jedna, klidne bych to vypraskal vsechno...
(to PC mi donesla znama, a kdyz jsem videl, co tam vsechno mela za nesmysly - typickej uzivatel "stahovac a testovac" = musim vsechno stahnout a vsechno nainstalovat, vcetne vsech moznych a nemoznych toolbaru - tak nemam strach z toho, ze to bude potrebovat )

[cernohous13]

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Driver::
gmmhbxbe
ko9aaieks
pybfnvrn
aqhutlby
bkgepvti
bkgepvti
brqqlpjq
ccffzidf
gxqlpyzd
hmbdygxa
hyirepzo
kkidatkq
lmcgfmrc
mjsbrdek
mnlrpiol
mxjbehcw
mxkrsxrp
mzbkvejr
ntwdmbdv
psosdrsu
qeqwjxwi
qivuumnc
qvvbhock
SetupNTGLM7X
tccvhcgi
tldrznaa
tldrznaa
uflnpizb
wbjghfqz
wgijmnqv
wypeulue
xzksinvu
yqkgnbxm
zkbokzbe

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmmhbxbe.sys]

RegLock::
[HKEY_USERS\S-1-5-21-1644491937-1547161642-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

File::
c:\windows\system32\drivers\gmmhbxbe.sys
c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

[Stormmaster]

ComboFix 10-12-11.06 - Administrator 13.12.2010 20:16:00.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.710 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFscript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll"
"c:\windows\system32\drivers\gmmhbxbe.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gmmhbxbe.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GMMHBXBE
-------\Legacy_KO9AAIEKS
-------\Legacy_PYBFNVRN
-------\Legacy_SETUPNTGLM7X
-------\Service_aqhutlby
-------\Service_bkgepvti
-------\Service_brqqlpjq
-------\Service_ccffzidf
-------\Service_gmmhbxbe
-------\Service_gxqlpyzd
-------\Service_hmbdygxa
-------\Service_hyirepzo
-------\Service_kkidatkq
-------\Service_ko9aaieks
-------\Service_lmcgfmrc
-------\Service_mjsbrdek
-------\Service_mnlrpiol
-------\Service_mxjbehcw
-------\Service_mxkrsxrp
-------\Service_mzbkvejr
-------\Service_ntwdmbdv
-------\Service_psosdrsu
-------\Service_pybfnvrn
-------\Service_qeqwjxwi
-------\Service_qivuumnc
-------\Service_qvvbhock
-------\Service_SetupNTGLM7X
-------\Service_tccvhcgi
-------\Service_tldrznaa
-------\Service_uflnpizb
-------\Service_wbjghfqz
-------\Service_wgijmnqv
-------\Service_wypeulue
-------\Service_xzksinvu
-------\Service_yqkgnbxm
-------\Service_zkbokzbe


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-13 15:43 . 2010-12-13 15:43 -------- d-----w- c:\program files\Common Files\Java
2010-12-13 15:21 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-12 17:07 . 2010-12-12 17:08 3988679 ----a-r- c:\temp\ComboFix.exe
2010-12-12 11:55 . 2010-12-12 11:55 -------- d-----w- C:\rsit
2010-12-12 11:55 . 2010-12-12 11:55 -------- d-----w- c:\program files\trend micro
2010-12-12 11:55 . 2010-12-12 18:21 -------- d-----w- C:\TEMP
2010-12-12 10:34 . 2010-12-12 10:34 339991 ----a-w- c:\temp\RSIT.exe
2010-12-11 17:09 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-12-11 17:08 . 2006-12-28 23:31 19569 ----a-w- c:\windows\005613_.tmp
2010-12-09 15:33 . 2010-12-13 09:43 -------- d-----w- c:\windows\system32\NtmsData
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-12-09 08:47 . 2010-11-30 17:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-09 08:47 . 2010-11-30 17:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-09 08:47 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-09 08:47 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-09 08:47 . 2010-12-09 08:47 -------- d-----w- c:\program files\Avira
2010-12-09 08:47 . 2010-12-09 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2010-12-09 08:46 . 2010-12-09 08:46 -------- d-----w- c:\program files\CCleaner
2010-12-09 07:59 . 2004-08-17 13:48 24064 ----a-w- c:\windows\system32\pidgen.dll.wga
2010-12-09 07:59 . 2004-08-17 13:48 96768 ----a-w- c:\windows\system32\dpcdll.dll.wga
2010-12-09 07:42 . 2010-12-13 19:24 -------- d-----w- c:\documents and settings\Administrator
2010-12-09 07:25 . 2010-12-09 07:25 -------- d-----w- c:\documents and settings\Daša\Data aplikací\EPSON
2010-12-09 06:18 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-03 12:56 . 2004-08-17 13:49 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-23 19:05 . 2010-11-23 19:05 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2002-12-05 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-12-05 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-12-05 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-12-05 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-05-05 16:39 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-01-05 23:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-06-26 15:58 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
2007-01-04 14:24 700416 ----a-w- c:\program files\eSnips\ClientGW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-23 15:06 1398272 ----a-w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
2006-09-07 10:14 69632 ----a-r- c:\windows\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2006-10-03 06:37 217088 ----a-r- c:\windows\system32\WinSys2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.12.2008 22:26 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9.12.2010 9:47 135336]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [22.6.2007 19:53 1171456]
S3 bljusgpe;bljusgpe;\??\c:\windows\System32\Drivers\bljusgpe.sys --> c:\windows\System32\Drivers\bljusgpe.sys [?]
S3 tubkyzjc;tubkyzjc;\??\c:\windows\System32\Drivers\tubkyzjc.sys --> c:\windows\System32\Drivers\tubkyzjc.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{F7684521-9074-43C2-8210-A1F99B86ED3F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\6w1dfevg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 21:12
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Celkový čas: 2010-12-13 21:19:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-13 20:19
ComboFix2.txt 2010-12-13 11:06

Před spuštěním: Volných bajtů: 38 272 569 344
Po spuštění: Volných bajtů: 38 255 915 008

- - End Of File - - 08FBFCAFF6475F74B8838121617DF312

[cernohous13]

Promiň prodlevu, nějak jsi mi zapadl.

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Processes
explorer.exe

:Files
c:\temp\ComboFix.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Services
bljusgpe
tubkyzjc

:commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[REBOOT]

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Nakonec mi dej současný RSIT log

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

[Stormmaster]

Diky, ted je vse OK.

[cernohous13]

Nemáš zač - rádo se stalo a jsme tady i příště