Operačná pamäť - Win32/Rustock trójsky kôň

[Caroprd111]

Ponechte si zapnutý pouze jeden firewall.


Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[adolf]

mbr.log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


gmer prvy log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-07 21:19:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\jano\LOCALS~1\Temp\awtdypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----


uplny log gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 22:22:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\jano\LOCALS~1\Temp\awtdypod.sys


---- System - GMER 1.0.15 ----

SSDT 85F63580 ZwAssignProcessToJobObject
SSDT 85F64100 ZwDebugActiveProcess
SSDT 85F63B30 ZwDuplicateObject
SSDT 85F62CC0 ZwOpenProcess
SSDT 85F62FC0 ZwOpenThread
SSDT 85F639C0 ZwProtectVirtualMemory
SSDT 85F63860 ZwSetContextThread
SSDT 85F636E0 ZwSetInformationThread
SSDT 85F60700 ZwSetSecurityObject
SSDT 85F63420 ZwSuspendProcess
SSDT 85F632C0 ZwSuspendThread
SSDT 85F62E50 ZwTerminateProcess
SSDT 85F63150 ZwTerminateThread
SSDT 85F63F50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF62F3360, 0x1DE5ED, 0xE8000020]
? C:\DOCUME~1\jano\LOCALS~1\Temp\mbr.sys Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1704] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
udffsrec

RegLock::
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{250FD340-7660-41FF-9BB9-86870A6B2EB8}\ProgID*]
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{7A7507FE-3046-4852-86E8-7D44DA14A5A2}\ProgID*]

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=18&q=

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[adolf]

nech sa paci vysledok z combofix-u

ComboFix 10-06-09.01 - jano 09.06.2010 21:41:06.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.528 [GMT 2:00]
Running from: c:\documents and settings\jano\My Documents\Preberanie\ComboFix.exe
Command switches used :: c:\documents and settings\jano\My Documents\Preberanie\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UDFFSREC
-------\Service_udffsrec


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-06 08:43 . 2010-06-06 08:43 -------- d-----w- C:\_OTL
2010-06-05 20:13 . 2010-06-05 22:13 -------- d-----w- C:\UsbFix
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- C:\rsit
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- c:\program files\trend micro
2010-06-05 18:33 . 2010-06-05 20:08 -------- d-----w- c:\program files\Spyware Doctor
2010-06-05 17:16 . 2010-06-05 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 19:31 . 2008-10-04 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-07 18:46 . 2009-02-02 20:56 -------- d-----w- c:\program files\Lavasoft
2010-06-05 22:32 . 2007-09-18 20:22 -------- d-----w- c:\program files\Google
2010-06-05 20:08 . 2008-11-18 20:41 -------- d-----w- c:\program files\uTorrent
2010-06-05 20:06 . 2010-04-17 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-05 18:32 . 2010-01-24 19:53 -------- d-----w- c:\documents and settings\jano\Application Data\GetRightToGo
2010-06-05 18:16 . 2008-11-18 20:40 -------- d-----w- c:\documents and settings\jano\Application Data\uTorrent
2010-05-16 15:52 . 2010-01-23 00:30 -------- d-----w- c:\documents and settings\jano\Application Data\vlc
2010-05-16 09:21 . 2008-09-01 07:55 181096 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\FlashGot.exe
2010-05-07 10:55 . 2010-05-07 10:55 255472 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-09-23 19:02 . 2007-09-23 19:02 65 ----a-w- c:\program files\Common Files\appop.log
.

((((((((((((((((((((((((((((( SnapShot@2010-06-06_19.33.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 19:32 . 2010-06-09 19:32 305664 c:\windows\Installer\e34d7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Google Update"="c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-08 86016]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\documents and settings\jano\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-2-14 275736]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\oldgames\\bulanci.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\old\\d\\GAMES\\Aoe2\\empires2.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19945:TCP"= 19945:TCP:BitComet 19945 TCP
"19945:UDP"= 19945:UDP:BitComet 19945 UDP

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [23.9.2007 21:02 38784]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [28.2.2008 20:59 51072]
R2 bt848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [24.1.2010 23:38 371349]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2007 23:22 8192]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 tffsmon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 tfsysmon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c99c1be46c4eff;Google Update Service (gupdate1c99c1be46c4eff);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2009 18:19 133104]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [22.1.2009 18:51 2831232]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [22.1.2009 20:32 4134]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [23.9.2007 21:02 116224]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 siwio;SIW low-level I/O driver;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 tfnetmon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004Core.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jano\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 21:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{250FD340-7660-41FF-9BB9-86870A6B2EB8}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40

[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{7A7507FE-3046-4852-86E8-7D44DA14A5A2}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(4044)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\nvappfilter.dll
d:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia\Nokia PC Suite 7\NGSCM.DLL
d:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-09 21:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 19:50
ComboFix2.txt 2010-06-09 19:31
ComboFix3.txt 2010-06-06 19:37

Pre-Run: 1 734 819 840 bytes free
Post-Run: 1 718 288 384 bytes free

- - End Of File - - 462410B29389B8C7D45806068813502A

[Caroprd111]

Jak se chová PC

[adolf]

Zda sa ze trojan je z pamate prec. Velka vdaka.
Ak mozem este by som mal zopar otazok. V jednom prispevku ste mi odporucili odinstalovat Ad-Aware. Mal som pocit ze by ma mal chranit pred podobnymi problemami ako som mal teraz. Bol to klamny pocit? Existuje nieco lepsie/ucinnejsie?
vopred dakujem

[Caroprd111]

Ad-Aware je zastaralý. Používáte ESET Smart Security, je to kompletní bezpečnostní balík, tudíž není třeba nic dalšího.


Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Dejte nový log z RSIT.

[adolf]

vykonane, nech sa paci log z RSITu

Logfile of random's system information tool 1.07 (written by random/random)
Run by jano at 2010-06-11 16:31:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:32:10, on 11.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jano\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\jano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c99c1be46c4eff) (gupdate1c99c1be46c4eff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 10487 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-04 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-01-21 270336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-06-19 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-05-12 831488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl"=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [2007-02-12 65536]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"Google Update"=C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^bluetooth.lnk]
C:\PROGRA~1\MSI\STARKE~1\BTTray.exe [2005-09-19 581693]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe

C:\Documents and Settings\jano\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\oldgames\bulanci.exe"="E:\oldgames\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\old\d\GAMES\Aoe2\empires2.exe"="E:\old\d\GAMES\Aoe2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2010-06-11 16:31:59 ----D---- C:\rsit
2010-06-11 16:05:34 ----SHD---- C:\RECYCLER
2010-06-09 21:50:57 ----D---- C:\WINDOWS\temp
2010-06-06 21:27:16 ----A---- C:\Boot.bak
2010-06-06 21:27:12 ----RASHD---- C:\cmdcons
2010-06-06 00:11:01 ----RAD---- C:\Autorun.inf
2010-06-05 20:44:54 ----D---- C:\Program Files\trend micro
2010-06-05 20:33:08 ----D---- C:\Program Files\Spyware Doctor
2010-06-05 19:16:54 ----D---- C:\Documents and Settings\All Users\Application Data\PassMark
2010-04-17 20:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-04-05 06:36:02 ----D---- C:\WINDOWS\pss
2010-04-05 06:24:31 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-04-05 06:17:32 ----A---- C:\WINDOWS\system32\MRT.exe

======List of files/folders modified in the last 3 months======

2010-06-11 16:32:03 ----D---- C:\WINDOWS\Prefetch
2010-06-11 16:29:45 ----D---- C:\WINDOWS\Debug
2010-06-11 16:29:45 ----D---- C:\WINDOWS
2010-06-11 16:28:48 ----D---- C:\Program Files\CCleaner
2010-06-11 16:20:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-06-11 16:02:07 ----SHD---- C:\System Volume Information
2010-06-11 16:02:07 ----D---- C:\WINDOWS\system32\Restore
2010-06-09 21:50:59 ----D---- C:\WINDOWS\system32\drivers
2010-06-09 21:49:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-09 21:47:58 ----A---- C:\WINDOWS\system.ini
2010-06-09 21:44:05 ----D---- C:\WINDOWS\system32\config
2010-06-09 21:42:27 ----D---- C:\WINDOWS\system32
2010-06-09 21:42:27 ----D---- C:\WINDOWS\AppPatch
2010-06-09 21:42:25 ----D---- C:\Program Files\Common Files
2010-06-09 21:32:32 ----SHD---- C:\WINDOWS\Installer
2010-06-09 21:32:32 ----D---- C:\Documents and Settings\jano\Application Data\Mozilla
2010-06-09 21:31:55 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-06-09 21:30:22 ----SD---- C:\WINDOWS\Tasks
2010-06-07 21:15:32 ----D---- C:\Program Files\Mozilla Firefox
2010-06-07 20:50:44 ----RD---- C:\Program Files
2010-06-07 20:46:55 ----D---- C:\Program Files\Lavasoft
2010-06-07 20:46:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-06 21:27:16 ----RASH---- C:\boot.ini
2010-06-06 15:12:32 ----A---- C:\WINDOWS\wincmd.ini
2010-06-06 10:43:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-06 00:32:49 ----D---- C:\Program Files\Google
2010-06-05 22:08:39 ----D---- C:\Program Files\uTorrent
2010-06-05 20:34:44 ----D---- C:\WINDOWS\WinSxS
2010-06-05 20:32:53 ----D---- C:\Documents and Settings\jano\Application Data\GetRightToGo
2010-06-05 20:16:33 ----D---- C:\Documents and Settings\jano\Application Data\uTorrent
2010-05-16 17:52:06 ----D---- C:\Documents and Settings\jano\Application Data\vlc
2010-04-17 20:03:08 ----HD---- C:\WINDOWS\inf
2010-03-30 20:37:34 ----D---- C:\Program Files\Eset
2010-03-29 17:47:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-20 16:23:31 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-09-18 82380]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-06-09 23040]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-02-28 51072]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 bt848;Conexant's BtPCI WDM Video Capture; C:\WINDOWS\system32\DRIVERS\BT848.sys [2010-01-24 371349]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-05-31 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 Cap7134;Philips SAA7133(5) WDM Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-11-05 334816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dsdrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 siwio;SIW low-level I/O driver; \??\C:\WINDOWS\TEMP\SiwIo.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;StarCam Clip; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-06-27 10148480]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tfnetmon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-08-07 253952]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-09-19 258103]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1c99c1be46c4eff;Google Update Service (gupdate1c99c1be46c4eff); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [2007-07-06 5730304]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

[Caroprd111]

Ponechte si zapnutý pouze jeden firewall.


Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100