Backdoor:Win32/IRCbot.gen!M

[marian0801]

dobry den mam problem nejak nechtiac som stiahol Backdoor:Win32/IRCbot.gen!M pomozete mi ako ho odstranit???som zufaly diki Marian




Logfile of random's system information tool 1.08 (written by random/random)
Run by Simona at 2011-01-21 13:49:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (33%) free of 104 GB
Total RAM: 2037 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:33, on 21. 1. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Public\nvsvc32.exe
C:\Program Files\Ovislink\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conime.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Simona\Desktop\RSIT.exe
C:\Program Files\trend micro\Simona.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AirLive WN-360USB Utility.lnk = C:\Program Files\Ovislink\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RaRegistry.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7061 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [2010-01-28 671480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-20 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-25 167936]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-15 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-15 133656]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2219184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2011-01-20 94208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AirLive WN-360USB Utility.lnk - C:\Program Files\Ovislink\Common\RaUI.exe

C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-01-21 13:49:15 ----D---- C:\Program Files\trend micro
2011-01-21 13:49:08 ----D---- C:\rsit
2011-01-21 13:19:54 ----D---- C:\Users\Simona\AppData\Roaming\ESET
2011-01-21 13:17:41 ----D---- C:\Windows\LastGood
2011-01-21 13:14:52 ----D---- C:\ProgramData\ESET
2011-01-21 12:33:48 ----D---- C:\Program Files\ESET
2011-01-20 22:54:07 ----D---- C:\ProgramData\Sun
2011-01-20 22:54:06 ----D---- C:\Program Files\Common Files\Java
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\javaws.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\javaw.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\java.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\deployJava1.dll
2011-01-20 22:52:38 ----D---- C:\Program Files\Java
2011-01-12 11:15:24 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 11:14:52 ----A---- C:\Windows\system32\sdclt.exe
2010-12-27 15:29:52 ----D---- C:\Program Files\Zrychleni Pocitace
2010-12-27 15:16:44 ----D---- C:\Program Files\VDownloader
2010-12-24 14:16:13 ----D---- C:\Users\Simona\AppData\Roaming\dvdcss

======List of files/folders modified in the last 1 months======

2011-01-21 13:51:34 ----HD---- C:\Windows\Temp
2011-01-21 13:49:34 ----HD---- C:\Windows\Prefetch
2011-01-21 13:49:15 ----RD---- C:\Program Files
2011-01-21 13:33:24 ----HD---- C:\Windows\Debug
2011-01-21 13:33:24 ----HD---- C:\Windows
2011-01-21 13:19:33 ----SHD---- C:\Windows\Installer
2011-01-21 13:18:34 ----HD---- C:\Windows\system32\drivers
2011-01-21 13:18:33 ----HD---- C:\Windows\system32\catroot
2011-01-21 13:18:30 ----HD---- C:\Windows\inf
2011-01-21 13:14:52 ----HD---- C:\ProgramData
2011-01-21 13:14:13 ----SHD---- C:\System Volume Information
2011-01-20 22:54:06 ----D---- C:\Program Files\Common Files
2011-01-20 22:53:34 ----HD---- C:\Windows\System32
2011-01-20 00:57:13 ----D---- C:\Users\Simona\AppData\Roaming\BitComet
2011-01-20 00:57:07 ----D---- C:\Downloads
2011-01-13 20:11:38 ----HD---- C:\Windows\system32\catroot2
2011-01-12 11:16:43 ----D---- C:\Windows\winsxs
2011-01-04 17:20:14 ----A---- C:\Windows\system32\mrt.exe
2011-01-03 15:50:35 ----AH---- C:\Windows\system32\PerfStringBackup.INI
2011-01-03 00:56:50 ----D---- C:\Users\Simona\AppData\Roaming\Skype
2011-01-03 00:55:32 ----D---- C:\Users\Simona\AppData\Roaming\skypePM
2010-12-30 22:09:56 ----D---- C:\Program Files\Acro Software
2010-12-30 22:09:08 ----D---- C:\Program Files\SweetIM
2010-12-28 18:01:12 ----HD---- C:\Windows\Microsoft.NET
2010-12-28 18:00:49 ----RSD---- C:\Windows\assembly
2010-12-27 15:35:21 ----SD---- C:\Users\Simona\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-26 164400]
R3 BCM43XX;Ovládač karty Dell bezdrôtovej WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-08-03 735232]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2003-01-16 65076]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ovislink\Common\RaRegistry.exe [2009-07-14 185632]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 WindowBlinds;Stardock WindowBlinds; C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe [2009-06-04 230648]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-02 72704]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 33584]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[stell]

Zdravim
ano mas ho tam:
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit UPLNY skan., co najde daj zmazat,

Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

[marian0801]

tak som to spravil ale nic nenaslo


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 5564

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21. 1. 2011 15:40:30
mbam-log-2011-01-21 (15-40-30).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 230932
Uplynutý čas: 49 min, 29 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

[stell]

Tu je, a malwarebytes to pozna,
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2011-01-20 94208]

No nic vloz sem novy log z RSIT.

[marian0801]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Simona at 2011-01-21 15:44:37
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 34 GB (33%) free of 104 GB
Total RAM: 2037 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:44:56, on 21. 1. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Public\nvsvc32.exe
C:\Program Files\Ovislink\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Simona\Desktop\RSIT.exe
C:\Program Files\trend micro\Simona.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AirLive WN-360USB Utility.lnk = C:\Program Files\Ovislink\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RaRegistry.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7054 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [2010-01-28 671480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-20 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-25 167936]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-15 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-15 133656]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2219184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2011-01-20 94208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AirLive WN-360USB Utility.lnk - C:\Program Files\Ovislink\Common\RaUI.exe

C:\Users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-01-21 14:33:07 ----D---- C:\Users\Simona\AppData\Roaming\Malwarebytes
2011-01-21 14:32:48 ----D---- C:\ProgramData\Malwarebytes
2011-01-21 14:32:48 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-01-21 14:32:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-21 14:32:43 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-01-21 13:49:15 ----D---- C:\Program Files\trend micro
2011-01-21 13:49:08 ----D---- C:\rsit
2011-01-21 13:19:54 ----D---- C:\Users\Simona\AppData\Roaming\ESET
2011-01-21 13:17:41 ----D---- C:\Windows\LastGood
2011-01-21 13:14:52 ----D---- C:\ProgramData\ESET
2011-01-21 12:33:48 ----D---- C:\Program Files\ESET
2011-01-20 22:54:07 ----D---- C:\ProgramData\Sun
2011-01-20 22:54:06 ----D---- C:\Program Files\Common Files\Java
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\javaws.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\javaw.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\java.exe
2011-01-20 22:53:34 ----AH---- C:\Windows\system32\deployJava1.dll
2011-01-20 22:52:38 ----D---- C:\Program Files\Java
2011-01-12 11:15:24 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 11:14:52 ----A---- C:\Windows\system32\sdclt.exe
2010-12-27 15:29:52 ----D---- C:\Program Files\Zrychleni Pocitace
2010-12-27 15:16:44 ----D---- C:\Program Files\VDownloader
2010-12-24 14:16:13 ----D---- C:\Users\Simona\AppData\Roaming\dvdcss

======List of files/folders modified in the last 1 months======

2011-01-21 15:44:53 ----HD---- C:\Windows\Temp
2011-01-21 14:32:48 ----HD---- C:\Windows\system32\drivers
2011-01-21 14:32:48 ----HD---- C:\ProgramData
2011-01-21 14:32:43 ----RD---- C:\Program Files
2011-01-21 14:12:17 ----D---- C:\Downloads
2011-01-21 13:49:34 ----HD---- C:\Windows\Prefetch
2011-01-21 13:33:24 ----HD---- C:\Windows\Debug
2011-01-21 13:33:24 ----HD---- C:\Windows
2011-01-21 13:19:35 ----SHD---- C:\Windows\Installer
2011-01-21 13:18:33 ----HD---- C:\Windows\system32\catroot
2011-01-21 13:18:30 ----HD---- C:\Windows\inf
2011-01-21 13:14:13 ----SHD---- C:\System Volume Information
2011-01-20 22:54:06 ----D---- C:\Program Files\Common Files
2011-01-20 22:53:34 ----HD---- C:\Windows\System32
2011-01-20 00:57:13 ----D---- C:\Users\Simona\AppData\Roaming\BitComet
2011-01-13 20:11:38 ----HD---- C:\Windows\system32\catroot2
2011-01-12 11:16:43 ----D---- C:\Windows\winsxs
2011-01-04 17:20:14 ----A---- C:\Windows\system32\mrt.exe
2011-01-03 15:50:35 ----AH---- C:\Windows\system32\PerfStringBackup.INI
2011-01-03 00:56:50 ----D---- C:\Users\Simona\AppData\Roaming\Skype
2011-01-03 00:55:32 ----D---- C:\Users\Simona\AppData\Roaming\skypePM
2010-12-30 22:09:56 ----D---- C:\Program Files\Acro Software
2010-12-30 22:09:08 ----D---- C:\Program Files\SweetIM
2010-12-28 18:01:12 ----HD---- C:\Windows\Microsoft.NET
2010-12-28 18:00:49 ----RSD---- C:\Windows\assembly
2010-12-27 15:35:21 ----SD---- C:\Users\Simona\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-26 164400]
R3 BCM43XX;Ovládač karty Dell bezdrôtovej WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-08-03 735232]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2003-01-16 65076]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ovislink\Common\RaRegistry.exe [2009-07-14 185632]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 WindowBlinds;Stardock WindowBlinds; C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe [2009-06-04 230648]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-02 72704]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 33584]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[stell]

No nic, tam sedi, spust combofix
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[marian0801]

ComboFix 11-01-20.04 - Simona . 01. 2011 16:04:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.2037.814 [GMT 1:00]
Running from: c:\users\Simona\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\program files\Setup.exe
c:\users\Public\nvsvc32.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 15:09 . 2011-01-21 15:09 -------- d-----w- c:\users\Simona\AppData\Local\temp
2011-01-21 15:09 . 2011-01-21 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 15:02 . 2011-01-21 15:03 -------- d-----w- C:\32788R22FWJFW
2011-01-21 13:33 . 2011-01-21 13:33 -------- d-----w- c:\users\Simona\AppData\Roaming\Malwarebytes
2011-01-21 13:32 . 2011-01-21 13:32 -------- d-----w- c:\programdata\Malwarebytes
2011-01-21 13:32 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 13:32 . 2011-01-21 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 13:32 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 12:49 . 2011-01-21 14:44 -------- d-----w- c:\program files\trend micro
2011-01-21 12:49 . 2011-01-21 12:51 -------- d-----w- C:\rsit
2011-01-21 12:17 . 2011-01-21 12:18 -------- d-----w- c:\windows\LastGood
2011-01-21 11:33 . 2011-01-21 12:14 -------- d-----w- c:\program files\ESET
2011-01-20 21:54 . 2011-01-20 21:54 -------- d-----w- c:\program files\Common Files\Java
2011-01-20 21:53 . 2011-01-20 21:52 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-20 21:53 . 2011-01-20 21:52 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-01-20 21:52 . 2011-01-20 21:52 -------- d-----w- c:\program files\Java
2011-01-18 20:32 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{665F3447-9ADB-432E-8FC9-F7D52F6D7F19}\mpengine.dll
2011-01-12 10:15 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 10:15 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 10:15 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 10:15 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 10:15 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 10:15 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 10:14 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-27 14:29 . 2010-12-28 17:40 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-12-27 14:16 . 2010-12-30 21:06 -------- d-----w- c:\program files\VDownloader
2010-12-24 13:54 . 2011-01-21 12:19 -------- d-----w- c:\users\Simona\AppData\Local\ESET
2010-12-24 13:16 . 2010-12-24 13:16 -------- d-----w- c:\users\Simona\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ---ha-w- c:\windows\system32\GPhotos.scr
2010-11-10 00:05 . 2010-11-10 00:05 216064 ---ha-w- c:\windows\iun3405.exe
2010-11-04 18:56 . 2010-12-14 22:24 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 22:24 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 22:24 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 22:24 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 22:24 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44 . 2010-12-14 22:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 22:24 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 22:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-18 09:29 . 2010-02-18 09:29 10158080 ----a-w- c:\program files\openofficeorg32.msi
2010-02-10 02:18 . 2010-07-11 15:33 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]

c:\users\Simona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-11-7 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AirLive WN-360USB Utility.lnk - c:\program files\Ovislink\Common\RaUI.exe [2010-11-6 1753088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-08-03 735232]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - EAMONM
*NewlyCreated* - EPFW
*NewlyCreated* - EPFWWFP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\Simona\AppData\Roaming\Mozilla\Firefox\Profiles\xy9ocdn2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 16:09
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-21 16:10:51
ComboFix-quarantined-files.txt 2011-01-21 15:10

Pre-Run: 35 907 670 016 bytes free
Post-Run: 35 864 567 808 bytes free

- - End Of File - - CFB0663EA40721D51C9C4FAC67CA3342

[stell]

Ok, malo by to byt ok,
premenuj ikonu combofixu na uninstall
spust>.combofix sa odinstaluje.
CCleaner stiahneme nainštalujeme.
a)Download from Piriform.com CCleaner
Download from FileHippo.com CCleaner
b)Všetky spustené programy,prehliadač zatvoríme.
c)Spustíme CCleaner,nastavenie necháme tak ako je.Stlačte gombík Analyzovať a po analýze stlačte Gombík Spustiť Cleaner.
d)Kliknite na záložku Aplikácie a stlačte gombík Analyzovať a po analýze stlačte Gombík Spustiť Cleaner.
e)Kliknite na Register,stlačte Hľadaj problémy, po dokončení skenování kliknite na Opraviť vybrané problémy, zvoľte ANO pre vytvorenie zálohy, uložte súbor a kliknite na Opraviť všetky problémy

A napis ako sa chova pc

[marian0801]

ako odnistalovat combo???

[stell]

Pravy klik na ikonku combofixu>>premenovat>>napis uninstall
a spust.

[marian0801]

defender uz pri spusteni nehlasi Backdoor,tak asi je to ok????ci???
ked hej tak Dakujem prispejem

[stell]

Tak, tak,
Dakujeme.
Nemas zaco.