Podivné chováni NOD a Firefox - nějaký záškodník ?

[Jen tak]

Dobrý den, před pár dny jsem tu řešil problém se zamrzajícím pc. To se vyřešilo , ale ted mam zase jiný problém
Potřeboval bych skontrolovat log jestli tam nemám nějakýho záškodnika. Přestalo mi fungovat odesílání a přijímani pošty v Outlook Express, občas se mi jakoby kousne antivir mam Eset smart security4 - přestává mi fungovat antivirus a ochrana při sufování. Normálně se ikonka NODU změni na červenou , když je nějaká jeji část vypnutá, ale při tomhle je ikonka normálni, jen když otevři okno tak tam mam vykřičniky že jsou služby vypnutý. Nejdou spustit a najedou zase do normálniho stavu až po restartování pc. To podobné mi dělá internet , prohlížeš mam Firefox a ten při nefunčním spojení piše zprávu, že nejde připojit. Mě ovšem dělá to, že při otevření prohlížeče zůstane celé okna zcela bílé bez jakékoliv hlašky a dole v levo se objeví hotovo, jako že je načteno. Opět se to zpraví restartem pc. V čera se mi sám od sebe taky restartovalo pc při zpuštění Skype , po jeho sluštěni se pc restarovalo a znovu najelo do win bez jakékoliv hlášky. Přeinstaloval sjem všechny ovladače v pc a dal poslední verzy Skype a pak se to už nestalo. Za pomoc moc děkuji


Logfile of random's system information tool 1.08 (written by random/random)
Run by administrátor at 2011-03-13 13:40:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (34%) free of 25 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:41:34, on 13.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\administrátor\Plocha\RSIT.exe
C:\Program Files\trend micro\administrátor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0589192097
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{862822B5-9FE5-4B2B-B3EB-86A695060DBC}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5238 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-13 13:32:39 ----D---- C:\rsit
2011-03-12 15:26:36 ----D---- C:\Program Files\Common Files\Skype
2011-03-12 15:26:35 ----RD---- C:\Program Files\Skype
2011-03-12 15:26:35 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Skype
2011-03-12 15:17:38 ----A---- C:\WINDOWS\VidCap32.exe
2011-03-12 15:17:38 ----A---- C:\WINDOWS\JAPI2.DLL
2011-03-12 15:17:38 ----A---- C:\WINDOWS\JAPI.DLL
2011-03-12 15:16:50 ----D---- C:\VP-EYE
2011-03-12 15:16:24 ----RA---- C:\WINDOWS\VM305Cap.exe
2011-03-12 15:16:24 ----RA---- C:\WINDOWS\VM305_STI.EXE
2011-03-12 15:16:24 ----RA---- C:\WINDOWS\system32\VM305STI.dll
2011-03-12 15:16:24 ----RA---- C:\WINDOWS\system32\drivers\usbVM305.sys
2011-03-12 15:16:24 ----R---- C:\WINDOWS\Zoom.exe
2011-03-12 15:16:24 ----R---- C:\WINDOWS\VMPipe.dll
2011-03-12 15:16:24 ----R---- C:\WINDOWS\amcap.exe
2011-03-12 15:16:24 ----A---- C:\WINDOWS\VMInstNT.exe
2011-03-12 15:16:23 ----A---- C:\WINDOWS\VM303UninstNT.exe
2011-03-12 15:16:22 ----D---- C:\WINDOWS\EffectResources
2011-03-12 14:53:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-03-12 14:46:49 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2011-03-12 14:45:49 ----D---- C:\Program Files\ATI Technologies
2011-03-12 14:38:38 ----RA---- C:\WINDOWS\system32\drivers\viasraid.sys
2011-03-12 14:30:48 ----RA---- C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011-03-12 14:30:45 ----RA---- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011-03-12 14:30:45 ----RA---- C:\WINDOWS\SOUNDMAN.EXE
2011-03-12 14:27:47 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2011-03-12 11:42:03 ----HD---- C:\Program Files\WindowsUpdate
2011-03-12 11:31:31 ----HD---- C:\Program Files\Uninstall Information
2011-03-12 10:53:11 ----D---- C:\WINDOWS\Prefetch
2011-03-12 10:22:50 ----D---- C:\Program Files\Yamicsoft
2011-03-11 22:59:05 ----D---- C:\Program Files\Adobe
2011-03-11 17:59:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-11 14:44:54 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Malwarebytes
2011-03-11 14:44:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-03-11 14:44:45 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-03-11 14:44:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-03-11 14:44:40 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\zts2.exe
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\system32\vcmgcd32.dll
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\system32\systems.txt
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\system32\iifgfgf.dll
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\rundll16.exe
2011-03-10 18:22:49 ----AD---- C:\WINDOWS\logo1_.exe
2011-03-10 18:19:13 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-03-10 18:19:13 ----A---- C:\WINDOWS\system32\T.COM
2011-03-10 18:19:13 ----A---- C:\WINDOWS\REGEDIT.COM
2011-03-10 18:19:13 ----A---- C:\WINDOWS\R.COM
2011-03-10 17:26:47 ----SHD---- C:\RECYCLER
2011-03-10 12:28:02 ----A---- C:\WINDOWS\system32\lsdelete.exe
2011-03-10 12:15:25 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2011-03-10 12:08:47 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2011-03-10 12:08:40 ----D---- C:\Program Files\Lavasoft
2011-03-10 10:58:37 ----D---- C:\Program Files\CCleaner
2011-03-10 10:46:58 ----D---- C:\WINDOWS\temp
2011-03-09 20:10:09 ----D---- C:\Program Files\trend micro
2011-03-09 19:16:29 ----AD---- C:\WINDOWS\rundl132.dll
2011-03-09 18:32:51 ----RASHD---- C:\cmdcons
2011-03-08 20:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 20:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-06 17:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-25 20:01:20 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Mozilla
2011-02-25 20:01:06 ----D---- C:\Program Files\Mozilla Firefox
2011-02-15 13:21:01 ----D---- C:\Program Files\Common Files\Futuremark Shared
2011-02-15 13:18:58 ----D---- C:\Program Files\Futuremark

======List of files/folders modified in the last 1 months======

2011-03-13 13:41:16 ----SD---- C:\WINDOWS\Tasks
2011-03-13 13:38:02 ----D---- C:\WINDOWS
2011-03-13 13:34:52 ----D---- C:\WINDOWS\system32\drivers
2011-03-13 13:34:51 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-12 23:45:31 ----A---- C:\WINDOWS\wininit.ini
2011-03-12 22:04:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-03-12 21:11:45 ----A---- C:\WINDOWS\win.ini
2011-03-12 21:10:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-12 21:10:29 ----D---- C:\WINDOWS\system32
2011-03-12 21:10:17 ----HD---- C:\WINDOWS\inf
2011-03-12 17:22:52 ----SHD---- C:\WINDOWS\Installer
2011-03-12 15:26:35 ----RD---- C:\Program Files
2011-03-12 15:17:38 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-12 14:48:19 ----RSD---- C:\WINDOWS\assembly
2011-03-12 14:48:11 ----D---- C:\WINDOWS\WinSxS
2011-03-12 14:30:48 ----D---- C:\WINDOWS\system
2011-03-12 14:30:42 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-12 14:20:25 ----D---- C:\WINDOWS\system32\config
2011-03-12 13:48:32 ----D---- C:\WINDOWS\twain_32
2011-03-12 11:41:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-12 11:41:01 ----RD---- C:\WINDOWS\Web
2011-03-12 11:38:20 ----A---- C:\WINDOWS\ODBCINST.INI
2011-03-12 11:34:10 ----D---- C:\WINDOWS\system32\ias
2011-03-12 11:33:52 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-03-12 10:56:15 ----D---- C:\Garmin
2011-03-11 22:59:24 ----D---- C:\Program Files\Common Files\Adobe
2011-03-11 22:55:08 ----D---- C:\Documents and Settings\administrátor\Data aplikací\OpenOffice.org2
2011-03-11 17:01:50 ----RASH---- C:\boot.ini
2011-03-11 17:01:50 ----A---- C:\WINDOWS\system.ini
2011-03-11 16:57:44 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-11 14:00:05 ----D---- C:\WINDOWS\SxsCaPendDel
2011-03-11 13:52:25 ----D---- C:\Program Files\Common Files
2011-03-10 17:25:47 ----SHD---- C:\System Volume Information
2011-03-10 17:25:47 ----D---- C:\WINDOWS\system32\Restore
2011-03-10 16:28:42 ----D---- C:\WINDOWS\AppPatch
2011-03-10 12:15:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-10 10:59:15 ----D---- C:\WINDOWS\Debug
2011-03-09 19:38:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-09 18:40:53 ----D---- C:\audiograbber
2011-03-08 20:13:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-08 20:12:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-06 18:13:15 ----D---- C:\Documents and Settings\administrátor\Data aplikací\Smart PC Solutions
2011-02-28 16:59:03 ----D---- C:\Documents and Settings
2011-02-28 16:11:05 ----D---- C:\WINDOWS\system32\wbem
2011-02-28 16:11:05 ----D---- C:\WINDOWS\Registration
2011-02-28 14:53:25 ----D---- C:\Program Files\Unlocker
2011-02-16 16:37:55 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-16 16:37:51 ----D---- C:\Program Files\Internet Explorer
2011-02-16 16:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-16 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-16 16:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-16 16:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-16 16:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-16 16:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-16 16:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-16 15:43:27 ----D---- C:\WINDOWS\network diagnostic
2011-02-15 15:50:53 ----D---- C:\Documents and Settings\administrátor\Data aplikací\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-08-05 80240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-30 15424]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-26 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-26 10368]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-30 512096]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;A4Tech PC Camera; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S4 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-12-18 135048]
S4 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-10 1181328]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Nic nebezpečného nevidím. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Jen tak]

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6018

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.3.2011 18:36:09
mbam-log-2011-03-13 (18-36-09).txt

Typ kontroly: Úplný test (C:\|J:\|)
Testované objekty: 213900
Uplynulý čas: 19 minut, 41 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

řekl bych , že to nic nenašlo. Na jednu stranu to je dobře, na druhou nevím čím to teda je . Zase se mi to stalo s tím nodem

[Rudy]

FF zkuste reinstalovat pomocí MozBackup: http://www.slunecnice.cz/sw/mozbackup/ . Jeden dotaz: NOD máte legálně?

[Jen tak]

Ano NOD mam zakoupený do 1.7.2011
Myslíte , že tedy žádný vir ani jinej záškodník u mě v PC neni ?

[Rudy]

No, nic tam nevidím. Jistotu budeme mít až po skenu ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Jen tak]

ComboFix 11-03-12.01 - administrátor 13.03.2011 21:03:10.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1504 [GMT 1:00]
Spuštěný z: c:\documents and settings\administrátor\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Sunbelt Personal Firewall *Disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-13 do 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 12:32 . 2011-03-13 12:33 -------- d-----w- C:\rsit
2011-03-12 14:26 . 2011-03-12 14:26 -------- d-----w- c:\program files\Common Files\Skype
2011-03-12 14:26 . 2011-03-12 16:22 -------- d-----r- c:\program files\Skype
2011-03-12 14:26 . 2011-03-12 14:27 -------- d-----w- c:\documents and settings\administrátor\Data aplikací\Skype
2011-03-12 14:17 . 2002-05-28 08:52 106496 ----a-w- c:\windows\JAPI.DLL
2011-03-12 14:17 . 2001-06-24 16:32 172032 ----a-w- c:\windows\JAPI2.DLL
2011-03-12 14:17 . 1999-10-24 09:25 20992 ----a-w- c:\windows\MMVCB.AX
2011-03-12 14:17 . 1999-07-26 09:47 109840 ----a-w- c:\windows\VidCap32.exe
2011-03-12 13:53 . 2011-03-12 13:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-03-12 13:46 . 2011-03-12 13:46 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-12 13:46 . 2011-03-12 13:46 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-12 13:46 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-12 13:46 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-12 13:46 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-12 13:46 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-12 13:46 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-12 13:46 . 2010-02-10 20:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-03-12 13:45 . 2011-03-12 13:48 -------- d-----w- c:\program files\ATI Technologies
2011-03-12 13:38 . 2003-08-05 06:14 80240 ----a-r- c:\windows\system32\drivers\viasraid.sys
2011-03-12 13:30 . 2003-08-14 15:16 404736 ----a-r- c:\windows\system32\drivers\ALCXSENS.SYS
2011-03-12 13:30 . 2003-08-15 07:53 462684 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2011-03-12 13:30 . 2003-08-15 07:37 10435072 ----a-r- c:\windows\system32\ALSNDMGR.CPL
2011-03-12 13:30 . 2003-08-15 07:34 57344 ----a-r- c:\windows\SOUNDMAN.EXE
2011-03-12 13:27 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2011-03-12 11:09 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-03-12 11:09 . 2001-10-24 10:51 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2011-03-12 11:09 . 2001-10-24 10:51 22044 -c--a-w- c:\windows\system32\dllcache\cem33n5.sys
2011-03-12 11:09 . 2001-10-24 10:51 22044 -c--a-w- c:\windows\system32\dllcache\cem28n5.sys
2011-03-12 11:09 . 2001-10-24 10:51 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2011-03-12 11:09 . 2001-10-24 10:51 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2011-03-12 11:09 . 2001-08-17 20:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2011-03-12 11:09 . 2001-10-24 10:51 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2011-03-12 11:09 . 2001-08-17 19:13 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2011-03-12 11:09 . 2001-08-17 19:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-03-12 11:08 . 2001-08-17 19:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-03-12 11:08 . 2001-10-24 11:24 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-03-12 11:08 . 2001-08-17 19:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2011-03-12 11:08 . 2008-04-14 03:21 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-03-12 11:08 . 2001-10-24 11:24 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-03-12 11:08 . 2001-10-24 11:24 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2011-03-12 11:08 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-03-12 11:08 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-03-12 11:08 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2011-03-12 10:48 . 2001-10-24 11:24 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2011-03-12 10:47 . 2001-08-17 19:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2011-03-12 10:34 . 2001-08-17 19:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-03-12 10:34 . 2001-08-17 20:51 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2011-03-12 10:34 . 2001-08-17 20:52 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2011-03-12 10:34 . 2001-08-17 20:52 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
2011-03-12 10:33 . 2004-08-03 21:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-03-12 10:33 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-03-12 10:33 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2011-03-12 10:33 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2011-03-12 10:33 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-03-12 10:33 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-03-12 10:33 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-03-12 10:33 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2011-03-12 10:33 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2011-03-12 10:33 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2011-03-12 10:30 . 2001-10-24 11:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-12 09:22 . 2011-03-12 09:22 -------- d-----w- c:\program files\Yamicsoft
2011-03-11 14:44 . 2011-03-11 14:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-11 13:44 . 2011-03-11 13:44 -------- d-----w- c:\documents and settings\administrátor\Data aplikací\Malwarebytes
2011-03-11 13:44 . 2011-03-11 13:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-11 13:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 13:44 . 2011-03-11 13:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 13:44 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-11 13:22 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{2F2485C4-98F1-4695-87EB-ECACC1C17A70}\mpengine.dll
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\zts2.exe
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\system32\systems.txt
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\rundll16.exe
2011-03-10 17:22 . 2011-03-10 17:22 -------- d---a-w- c:\windows\logo1_.exe
2011-03-10 17:19 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-03-10 17:19 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-03-10 09:58 . 2011-03-10 09:58 -------- d-----w- c:\program files\CCleaner
2011-03-09 19:10 . 2011-03-13 12:41 -------- d-----w- c:\program files\trend micro
2011-03-09 18:16 . 2011-03-09 18:16 -------- d---a-w- c:\windows\rundl132.dll
2011-03-08 19:40 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-08 19:40 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-08 19:40 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-03-06 16:21 . 2009-07-27 23:19 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-28 15:59 . 2011-03-08 19:02 -------- d-----w- c:\documents and settings\int
2011-02-28 15:11 . 2011-02-28 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Temp
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Mozilla
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Microsoft
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ATI
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\ApplicationHistory
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\bb\Local Settings\Data aplikací\Adobe
2011-02-28 15:10 . 2011-02-28 15:10 -------- d--h--w- c:\documents and settings\Default User
2011-02-28 15:10 . 2011-03-10 11:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací
2011-02-28 15:10 . 2011-03-02 00:39 -------- d-sh--w- c:\documents and settings\LocalService
2011-02-28 15:10 . 2011-02-28 15:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-02-15 12:21 . 2011-02-15 12:21 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-02-15 12:18 . 2011-02-15 12:18 -------- d-----w- c:\program files\Futuremark
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-04-17 09:36 5943120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 16:11 . 2009-10-03 13:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2008-12-29 20:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-12-29 20:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2006-03-02 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-02 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2006-03-02 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.3.2011 20:38 64512]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.3.2011 14:38 80240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30.12.2008 12:44 15424]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [16.2.2009 16:26 269736]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [18.9.2010 14:42 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [30.7.2008 10:36 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [30.7.2008 10:36 1361192]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [18.9.2010 14:44 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [18.9.2010 14:40 167040]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [16.2.2009 16:26 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [18.9.2010 14:45 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [18.9.2010 14:43 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [18.9.2010 14:43 10368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2011 8:47 1405384]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 ZSMC0305;A4Tech PC Camera;c:\windows\system32\drivers\usbVM305.sys [12.3.2011 15:16 391688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-09 07:47]
.
2011-03-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
TCP: {862822B5-9FE5-4B2B-B3EB-86A695060DBC} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\administrátor\Data aplikací\Mozilla\Firefox\Profiles\x3rsn3gj.default\
FF - prefs.js: browser.startup.homepage - seznam
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-03-13 21:14:18
ComboFix-quarantined-files.txt 2011-03-13 20:14
.
Před spuštěním: 8 917 577 728
Po spuštění: 8 894 701 568
.
- - End Of File - - BAA96E500D742CF98442F545EA0F7A2A


Něco to smazalo, jen nevím co to je

[Rudy]

To je OK. Log již vypadá čistý. Nastala nějaká změna?

[Jen tak]

Zatím vše vypadá normálně

[Rudy]

To jsem rád!

[Jen tak]

NO to já taky
Ten combofix mam nechat ?

[Rudy]

CF odinstalujte příkazem Start>spustit>(napsat) combofix /uninstall>OK. CF se spustí a odinstaluje.