Prosim o kontrolu logu

Zpráva

wendyp · #1 Příspěvek od **wendyp** » 02 led 2011 10:47

Poslednich par dni me firefox neustale presmerovava na jine stranky nez oteviram a po kontrole avastem mi to naslo v explorer.exe Win32:dropper-epi ale nejde pomoci avast smazat.
dekuji moc za pomoc

Logfile of random's system information tool 1.08 (written by random/random)
Run by vpi at 2011-01-02 10:37:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (15%) free of 40 GB
Total RAM: 1013 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:12, on 2.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\apache\APACHE.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vpi\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\vpi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4iz110.vse.cz:40190/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gw.aplis.com:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = aplis;aplis.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Make A Voozie] "C:\Documents and Settings\All Users\Data aplikací\Make A Voozie\VoozieMaker.exe" /startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aplis.com
O17 - HKLM\Software\..\Telephony: DomainName = aplis.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aplis.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = aplis.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = aplis.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9600 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\Norton Security Scan for vpi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-31 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-07-29 684032]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-31 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Make A Voozie"=C:\Documents and Settings\All Users\Data aplikací\Make A Voozie\VoozieMaker.exe /startup []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-17 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Documents and Settings\vpi\Plocha\Road Rash - Full Rip\RoadRash.exe"="C:\Documents and Settings\vpi\Plocha\Road Rash - Full Rip\RoadRash.exe:*:Enabled:Road Rash for Windows 95 Executable"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Documents and Settings\vpi\Local Settings\Temp\mvNat.exe"="C:\Documents and Settings\vpi\Local Settings\Temp\mvNat.exe:*:Enabled:8011"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-01-02 10:37:26 ----D---- C:\Program Files\trend micro
2011-01-02 10:37:25 ----D---- C:\rsit
2010-12-29 16:17:16 ----D---- C:\Program Files\iPod
2010-12-18 19:49:36 ----D---- C:\Program Files\Recuva
2010-12-18 19:29:34 ----D---- C:\Program Files\DiskInternals
2010-12-18 19:25:19 ----D---- C:\Program Files\Convar
2010-12-16 08:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-16 08:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-16 08:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-16 08:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-16 08:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-16 08:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-16 08:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2010-12-16 08:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$

======List of files/folders modified in the last 1 months======

2011-01-02 10:37:26 ----RD---- C:\Program Files
2011-01-02 10:37:24 ----D---- C:\WINDOWS\Prefetch
2011-01-02 10:20:12 ----D---- C:\WINDOWS\Temp
2011-01-02 10:08:52 ----D---- C:\WINDOWS
2011-01-02 00:46:29 ----D---- C:\Documents and Settings\vpi\Data aplikací\uTorrent
2011-01-01 17:34:03 ----D---- C:\Downloads
2011-01-01 11:06:26 ----A---- C:\WINDOWS\hpbafd.ini
2011-01-01 10:50:35 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-01 10:49:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-01 10:49:17 ----HD---- C:\WINDOWS\inf
2011-01-01 10:49:17 ----D---- C:\WINDOWS\system32
2011-01-01 10:49:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-31 22:52:44 ----D---- C:\Documents and Settings\vpi\Data aplikací\vlc
2010-12-30 10:09:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-29 16:19:13 ----SHD---- C:\WINDOWS\Installer
2010-12-29 16:18:49 ----D---- C:\Program Files\iTunes
2010-12-29 16:17:15 ----D---- C:\Program Files\Common Files\Apple
2010-12-25 21:02:28 ----SHD---- C:\System Volume Information
2010-12-25 21:02:28 ----D---- C:\WINDOWS\system32\Restore
2010-12-25 14:45:28 ----D---- C:\Program Files\Common Files\eBay
2010-12-25 13:53:28 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-23 21:41:50 ----N---- C:\WINDOWS\win.ini
2010-12-21 23:13:45 ----A---- C:\WINDOWS\WirelessFTP.INI
2010-12-17 14:10:11 ----D---- C:\Program Files\uTorrent
2010-12-16 08:31:41 ----A---- C:\WINDOWS\imsins.BAK
2010-12-16 08:31:29 ----D---- C:\WINDOWS\system32\drivers
2010-12-16 08:31:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-16 08:25:26 ----D---- C:\Program Files\Outlook Express
2010-12-11 21:09:57 ----D---- C:\Documents and Settings\vpi\Data aplikací\dvdcss
2010-12-11 10:47:14 ----D---- C:\Program Files\Mozilla Firefox
2010-12-08 21:34:08 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-08 16:34:57 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-26 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-11 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-05-19 625792]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-11 106368]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ao4trksj;ao4trksj; C:\WINDOWS\system32\drivers\ao4trksj.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera; C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 449408]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-07-10 306176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2008-06-09 159744]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-27 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-09-27 189640]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
S2 wmcmgc;Windows Management Configuration; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 02 led 2011 11:24

Zdravim a pekny den preji

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam - po ukonceni leceni, tam dame nejakou lepsi nahradu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

wendyp · #3 Příspěvek od **wendyp** » 02 led 2011 12:15

Dekuji moc za vas cas. Tady je konecne ten log. Snad to pomuze. Sama bych si s tim nevedela rady

ComboFix 11-01-01.02 - vpi 02.01.2011 11:48:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.613 [GMT 1:00]
Spuštěný z: c:\documents and settings\vpi\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fonts
c:\windows\system32\fonts\a010013l.afm
c:\windows\system32\fonts\a010013l.pfb
c:\windows\system32\fonts\a010013l.pfm
c:\windows\system32\fonts\a010015l.afm
c:\windows\system32\fonts\a010015l.pfb
c:\windows\system32\fonts\a010015l.pfm
c:\windows\system32\fonts\a010033l.afm
c:\windows\system32\fonts\a010033l.pfb
c:\windows\system32\fonts\a010033l.pfm
c:\windows\system32\fonts\a010035l.afm
c:\windows\system32\fonts\a010035l.pfb
c:\windows\system32\fonts\a010035l.pfm
c:\windows\system32\fonts\b018012l.afm
c:\windows\system32\fonts\b018012l.pfb
c:\windows\system32\fonts\b018012l.pfm
c:\windows\system32\fonts\b018015l.afm
c:\windows\system32\fonts\b018015l.pfb
c:\windows\system32\fonts\b018015l.pfm
c:\windows\system32\fonts\b018032l.afm
c:\windows\system32\fonts\b018032l.pfb
c:\windows\system32\fonts\b018032l.pfm
c:\windows\system32\fonts\b018035l.afm
c:\windows\system32\fonts\b018035l.pfb
c:\windows\system32\fonts\b018035l.pfm
c:\windows\system32\fonts\c059013l.afm
c:\windows\system32\fonts\c059013l.pfb
c:\windows\system32\fonts\c059013l.pfm
c:\windows\system32\fonts\c059016l.afm
c:\windows\system32\fonts\c059016l.pfb
c:\windows\system32\fonts\c059016l.pfm
c:\windows\system32\fonts\c059033l.afm
c:\windows\system32\fonts\c059033l.pfb
c:\windows\system32\fonts\c059033l.pfm
c:\windows\system32\fonts\c059036l.afm
c:\windows\system32\fonts\c059036l.pfb
c:\windows\system32\fonts\c059036l.pfm
c:\windows\system32\fonts\d050000l.afm
c:\windows\system32\fonts\d050000l.pfb
c:\windows\system32\fonts\d050000l.pfm
c:\windows\system32\fonts\fonts.dir
c:\windows\system32\fonts\fonts.scale
c:\windows\system32\fonts\n019003l.afm
c:\windows\system32\fonts\n019003l.pfb
c:\windows\system32\fonts\n019003l.pfm
c:\windows\system32\fonts\n019004l.afm
c:\windows\system32\fonts\n019004l.pfb
c:\windows\system32\fonts\n019004l.pfm
c:\windows\system32\fonts\n019023l.afm
c:\windows\system32\fonts\n019023l.pfb
c:\windows\system32\fonts\n019023l.pfm
c:\windows\system32\fonts\n019024l.afm
c:\windows\system32\fonts\n019024l.pfb
c:\windows\system32\fonts\n019024l.pfm
c:\windows\system32\fonts\n019043l.afm
c:\windows\system32\fonts\n019043l.pfb
c:\windows\system32\fonts\n019043l.pfm
c:\windows\system32\fonts\n019044l.afm
c:\windows\system32\fonts\n019044l.pfb
c:\windows\system32\fonts\n019044l.pfm
c:\windows\system32\fonts\n019063l.afm
c:\windows\system32\fonts\n019063l.pfb
c:\windows\system32\fonts\n019063l.pfm
c:\windows\system32\fonts\n019064l.afm
c:\windows\system32\fonts\n019064l.pfb
c:\windows\system32\fonts\n019064l.pfm
c:\windows\system32\fonts\n021003l.afm
c:\windows\system32\fonts\n021003l.pfb
c:\windows\system32\fonts\n021003l.pfm
c:\windows\system32\fonts\n021004l.afm
c:\windows\system32\fonts\n021004l.pfb
c:\windows\system32\fonts\n021004l.pfm
c:\windows\system32\fonts\n021023l.afm
c:\windows\system32\fonts\n021023l.pfb
c:\windows\system32\fonts\n021023l.pfm
c:\windows\system32\fonts\n021024l.afm
c:\windows\system32\fonts\n021024l.pfb
c:\windows\system32\fonts\n021024l.pfm
c:\windows\system32\fonts\n022003l.afm
c:\windows\system32\fonts\n022003l.pfb
c:\windows\system32\fonts\n022003l.pfm
c:\windows\system32\fonts\n022004l.afm
c:\windows\system32\fonts\n022004l.pfb
c:\windows\system32\fonts\n022004l.pfm
c:\windows\system32\fonts\n022023l.afm
c:\windows\system32\fonts\n022023l.pfb
c:\windows\system32\fonts\n022023l.pfm
c:\windows\system32\fonts\n022024l.afm
c:\windows\system32\fonts\n022024l.pfb
c:\windows\system32\fonts\n022024l.pfm
c:\windows\system32\fonts\p052003l.afm
c:\windows\system32\fonts\p052003l.pfb
c:\windows\system32\fonts\p052003l.pfm
c:\windows\system32\fonts\p052004l.afm
c:\windows\system32\fonts\p052004l.pfb
c:\windows\system32\fonts\p052004l.pfm
c:\windows\system32\fonts\p052023l.afm
c:\windows\system32\fonts\p052023l.pfb
c:\windows\system32\fonts\p052023l.pfm
c:\windows\system32\fonts\p052024l.afm
c:\windows\system32\fonts\p052024l.pfb
c:\windows\system32\fonts\p052024l.pfm
c:\windows\system32\fonts\s050000l.afm
c:\windows\system32\fonts\s050000l.pfb
c:\windows\system32\fonts\s050000l.pfm
c:\windows\system32\fonts\uninstal.txt
c:\windows\system32\fonts\z003034l.afm
c:\windows\system32\fonts\z003034l.pfb
c:\windows\system32\fonts\z003034l.pfm

c:\windows\explorer.exe . . . je infikován!!

c:\windows\system32\winlogon.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-02 do 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 09:37 . 2011-01-02 09:38 -------- d-----w- c:\program files\trend micro
2011-01-02 09:37 . 2011-01-02 09:38 -------- d-----w- C:\rsit
2010-12-29 15:17 . 2010-12-29 15:18 -------- d-----w- c:\program files\iPod
2010-12-18 18:49 . 2010-12-18 18:49 -------- d-----w- c:\program files\Recuva
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- c:\program files\DiskInternals
2010-12-18 18:25 . 2010-12-18 20:06 -------- d-----w- c:\program files\Convar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-08-29 14:39 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2008-08-29 23:25 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2008-08-29 23:25 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-08-29 23:25 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-08-29 23:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 7C3436CC32E8CF8202B28673111A6D0A . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2005-03-25 . 325FD6D25FC1D77C363E87B445C8B023 . 508928 . . [5.2.3790.1830] . . c:\windows\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\WINLOGON.EXE
[-] 2005-03-25 . 325FD6D25FC1D77C363E87B445C8B023 . 508928 . . [5.2.3790.1830] . . c:\windows\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\WINLOGON.EXE

[-] 2008-04-14 . B2F3BD353E121811B5967C949143DD9C . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-29 684032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-31 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2009 13:13 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.3.2009 19:30 165456]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.6.2009 20:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.3.2009 19:30 17744]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 16:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2.12.2008 22:16 625792]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.6.2009 20:29 65576]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 17:03 159744]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [30.8.2008 0:25 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29.1.2007 7:40 449408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
Obsah adresáře 'Naplánované úlohy'

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://4iz110.vse.cz:40190/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = gw.aplis.com:3128
uInternet Settings,ProxyOverride = aplis;aplis.com;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.ftp - 4iz110.vse.cz
FF - prefs.js: network.proxy.ftp_port - 40190
FF - prefs.js: network.proxy.gopher - 4iz110.vse.cz
FF - prefs.js: network.proxy.gopher_port - 40190
FF - prefs.js: network.proxy.http - 4iz110.vse.cz
FF - prefs.js: network.proxy.http_port - 40190
FF - prefs.js: network.proxy.socks - 4iz110.vse.cz
FF - prefs.js: network.proxy.socks_port - 40190
FF - prefs.js: network.proxy.ssl - 4iz110.vse.cz
FF - prefs.js: network.proxy.ssl_port - 40190
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Currency Converter: {af5514fc-7603-4cec-9894-f07f3d8672a5} - %profile%\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-Make A Voozie - c:\documents and settings\All Users\Data aplikací\Make A Voozie\VoozieMaker.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 12:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1296831542-966831808-597317292-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{118A947F-B62A-3CD6-637C-7097CDE298BA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2011-01-02 12:06:45
ComboFix-quarantined-files.txt 2011-01-02 11:06

Před spuštěním: 6 507 008 000
Po spuštění: 6 922 223 616

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7BB393106D80A03E3701A63942A0B172

#4 Příspěvek od **vyosek** » 02 led 2011 13:52

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\explorer.exe
c:\windows\system32\winlogon.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

Mate instalkacni CD od Windows

wendyp · #5 Příspěvek od **wendyp** » 02 led 2011 14:27

tady je zatim ten winlogon. explorer.exe to nechce oscanovat, nechapu proc. instalacni cd windows nemam.

[ file data ]
* name..: =?us-ascii?Q?winlogon=2Eexe?=
* size..: 507904
* md5...: 7c3436cc32e8cf8202b28673111a6d0a
* sha1..: 500e0393a32f048c908f80ee224ea08e653bfff7
* peid..: -

[ scan result ]
AhnLab-V3 2011.01.02.00/20110101 found nothing
AntiVir 7.11.0.248/20110101 found [TR/Patched.Gen]
Antiy-AVL 2.0.3.7/20110102 found nothing
Avast 4.8.1351.0/20110102 found nothing
Avast5 5.0.677.0/20110102 found nothing
AVG 9.0.0.851/20110102 found nothing
BitDefender 7.2/20110102 found nothing
CAT-QuickHeal 11.00/20110102 found nothing
ClamAV 0.96.4.0/20110101 found nothing
Command 5.2.11.5/20110101 found nothing
Comodo 7273/20110102 found nothing
DrWeb 5.0.2.03300/20110102 found nothing
Emsisoft 5.1.0.1/20110102 found [Trojan.Patched!IK]
eSafe 7.0.17.0/20101230 found nothing
eTrust-Vet 36.1.8074/20101231 found [Win32/Patcher.Q!inf]
F-Prot 4.6.2.117/20110101 found nothing
F-Secure 9.0.16160.0/20110102 found nothing
Fortinet 4.2.254.0/20110102 found nothing
GData 21/20110102 found nothing
Ikarus T3.1.1.90.0/20110102 found [Trojan.Patched]
Jiangmin 13.0.900/20110102 found nothing
K7AntiVirus 9.75.3406/20101231 found [Virus]
Kaspersky 7.0.0.125/20110102 found nothing
McAfee 5.400.0.1158/20110102 found nothing
McAfee-GW-Edition 2010.1C/20110101 found nothing
Microsoft 1.6402/20110102 found nothing
NOD32 5752/20110101 found [Win32/Patched.GN]
Norman 6.06.12/20110101 found nothing
nProtect 2011-01-02.01/20110102 found nothing
Panda 10.0.2.7/20110102 found [Suspicious file]
PCTools 7.0.3.5/20110102 found [Trojan.Bamital]
Prevx 3.0/20110102 found nothing
Rising 22.80.04.04/20101231 found nothing
Sophos 4.60.0/20110102 found [Troj/Patched-Y]
SUPERAntiSpyware 4.40.0.1006/20110101 found nothing
Symantec 20101.3.0.103/20110102 found [Trojan.Bamital.B!inf]
TheHacker 6.7.0.1.109/20101230 found nothing
TrendMicro 9.120.0.1004/20110102 found nothing
TrendMicro-HouseCall 9.120.0.1004/20110102 found nothing
VBA32 3.12.14.2/20101230 found nothing
VIPRE 7921/20110102 found nothing
ViRobot 2010.12.31.4232/20110102 found nothing
VirusBuster 13.6.122.0/20110101 found nothing

#6 Příspěvek od **vyosek** » 02 led 2011 16:18

Stahnete si tyto dva soubory z LP http://leteckaposta.cz/246349174 a ulozte je primo na disk C:\, tak aby nebyli v zadne slozce

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

FCopy::
c:\explorer.exe | c:\windows\explorer.exe
c:\winlogon.exe | c:\windows\system32\winlogon.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"iTunesHelper"=-

File::
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
c:\windows\Tasks\AppleSoftwareUpdate.job

DDS::
uStart Page = hxxp://4iz110.vse.cz:40190/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = gw.aplis.com:3128
uInternet Settings,ProxyOverride = aplis;aplis.com;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com

Firefox::
FF - ProfilePath - c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin

RegLock::
[HKEY_USERS\S-1-5-21-1296831542-966831808-597317292-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{118A947F-B62A-3CD6-637C-7097CDE298BA}*]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

wendyp · #7 Příspěvek od **wendyp** » 02 led 2011 17:44

zde je ten log:

ComboFix 11-01-01.02 - vpi 02.01.2011 17:16:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1013.638 [GMT 1:00]
Spuštěný z: c:\documents and settings\vpi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vpi\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\1-CLICK WEATHER EULA.DOC
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome.manifest
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome\1clickweather.jar
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome\config\appconfig.xml
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome\config\appconfig_default.xml
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome\config\userconfig116.xml
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\chrome\config\userconfig116_default.xml
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}\install.rdf
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin\defaults\preferences\multilinks@pluginDefaults.js
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin\chrome.manifest
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin\chrome\multilinks.jar
c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin\install.rdf
C:\explorer.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
C:\winlogon.exe

Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{8D0556CE-8757-494C-8320-14D0A3A38E05}\RP6\A0007790.exe

Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{8D0556CE-8757-494C-8320-14D0A3A38E05}\RP6\A0007787.exe

Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{8D0556CE-8757-494C-8320-14D0A3A38E05}\RP6\A0007790.exe
.
--------------- FCopy ---------------

c:\explorer.exe --> c:\windows\explorer.exe
c:\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-02 do 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 15:59 . 2011-01-02 15:29 507904 ----a-w- c:\windows\system32\OLD11.tmp
2011-01-02 15:59 . 2011-01-02 15:29 1034240 ----a-w- c:\windows\OLDE.tmp
2011-01-02 09:37 . 2011-01-02 09:38 -------- d-----w- c:\program files\trend micro
2011-01-02 09:37 . 2011-01-02 09:38 -------- d-----w- C:\rsit
2010-12-29 15:17 . 2010-12-29 15:18 -------- d-----w- c:\program files\iPod
2010-12-18 18:49 . 2010-12-18 18:49 -------- d-----w- c:\program files\Recuva
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- c:\program files\DiskInternals
2010-12-18 18:25 . 2010-12-18 20:06 -------- d-----w- c:\program files\Convar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-02 15:29 . 2008-08-29 23:25 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-08-29 14:39 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:02 . 2008-08-29 23:25 668160 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2008-08-29 23:25 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2008-08-29 23:25 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-08-29 23:25 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-02_11.01.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-02 16:03 . 2011-01-02 16:03 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2011-01-02 16:29 . 2011-01-02 16:29 16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-07-29 684032]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2009 13:13 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.3.2009 19:30 165456]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.6.2009 20:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.3.2009 19:30 17744]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [29.8.2008 16:59 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2.12.2008 22:16 625792]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.6.2009 20:29 65576]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [29.8.2008 17:03 159744]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [30.8.2008 0:25 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29.1.2007 7:40 449408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.ftp - 4iz110.vse.cz
FF - prefs.js: network.proxy.ftp_port - 40190
FF - prefs.js: network.proxy.gopher - 4iz110.vse.cz
FF - prefs.js: network.proxy.gopher_port - 40190
FF - prefs.js: network.proxy.http - 4iz110.vse.cz
FF - prefs.js: network.proxy.http_port - 40190
FF - prefs.js: network.proxy.socks - 4iz110.vse.cz
FF - prefs.js: network.proxy.socks_port - 40190
FF - prefs.js: network.proxy.ssl - 4iz110.vse.cz
FF - prefs.js: network.proxy.ssl_port - 40190
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Currency Converter: {af5514fc-7603-4cec-9894-f07f3d8672a5} - %profile%\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 17:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1296831542-966831808-597317292-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{118A947F-B62A-3CD6-637C-7097CDE298BA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-01-02 17:41:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-02 16:40
ComboFix2.txt 2011-01-02 11:06

Před spuštěním: 5 418 184 704
Po spuštění: 5 399 126 016

- - End Of File - - 9608EFEB0D0BEBE651980A0C5A25187F

#8 Příspěvek od **vyosek** » 02 led 2011 17:47

Jak se chova nas pacient

wendyp · #9 Příspěvek od **wendyp** » 02 led 2011 17:54

No uplne koukam, ze je vse zase v poradku

Firefox uz me nepresmerovava a i avast prestal hlasit problem. Moc moc dekuji za pomoc.
Co byste tedy doporucil jako nahradu za spybot? Jinak pouzivam avast a sunbelt firewall. Ty jsou podle vas ok? Jsem vam moc vdecna

#10 Příspěvek od **vyosek** » 02 led 2011 17:57

Tak jeste uklidime po tech smrdutych mazadlech a utilitach

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Jako nahradu Spybota doporucuji SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359

Avast a Kerio (sunbelt) jsou vhodna kombinace zabezpeceni, kdyz pridate SAS a obcas (jednou za mesic) jim proskenujete PC, melo by to byt v poradku...a cca jednou za pul roku k nam prijdte na preventivku a bude to jeste lepcejsi

wendyp · #11 Příspěvek od **wendyp** » 02 led 2011 18:59

Vsechno jsem provedla a slape to skvele. Jeste jednou diky. Na preventivku se urcite stavim

Hezky zbytek dne a vse nejlepsi do noveho roku
wendy

#12 Příspěvek od **vyosek** » 02 led 2011 19:04

Nemate zac, rad jsem pomohl

Mnoho uspechu do nadchazejiciho roku i Vam Obrázek

Zase nekdy Obrázek

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu