Infiltrace Protector.N virus

[motji]

Já tu budu až po 9. hodině večer.
Hlásí antivir ještě něco v souboru cdrom.sys?

[Kobrik]

Zatím nic, zkusím ještě hloubkový scan v normálním režimu XP. Uvidíme, jak se bude PC chovat (rychlost odezvy......). Měl bych dotázek, co říkáte na antivirový systém od Microsoftu Esential Security? Má smysl jej používat?

[motji]

Už jsem tu .

Otestujte na www.virustotal.com

C:\WINDOWS\system32\dllcache\cdrom.sys
C:\Windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\omdrv.sys
c:\windows\system32\dgdersvc.exe
c:\windows\system32\weda.exe
c:\windows\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
c:\program files\Digsby Donates\ShoppingBHO.dll


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

[Kobrik]

Takže:

C:\WINDOWS\system32\dllcache\cdrom.sys - bez infiltrace
C:\Windows\system32\drivers\cdrom.sys - bez infiltrace
c:\windows\system32\drivers\omdrv.sys - bez infiltrace
c:\windows\system32\dgdersvc.exe - bez infiltrace
c:\windows\system32\weda.exe - NENALEZENO
c:\windows\Installer\{B8A2256E-6225-4D9E-B1C9C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe - bez infiltrace
c:\program files\Digsby Donates\ShoppingBHO.dll - NENALEZENO

Nutno podotknout, že jsem ještě některé věci jako třeba Digsby Donates (přidružená aplikace IM clienta Digsby) odinstalovával. Doufám, že jsem neudělal nějakou hloupost

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\windows\system32\weda.exe

Driver::
cerc6
ekeiidyko6koty

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

DDS::
uStart Page = hxxp://10.1.112.9/

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Doporučuji odinstalovat
c:\program files\DNA\btdna.exe

[Kobrik]

Tak todle se úplně dobře nepodařilo Při automatickém restartu který prováděl ComboFix naběhla při vypínání "modrá smrt". PC jsem musel resetovat sám. XP nabělhly, Combofix pokračoval v práci a při vytváření logu opět "modrá smrt". Po opětovném resetu již ComboFix dál nepracoval. v C:\Combofix\ jsem našel zřejmně nedokončenou část připravovaného logu:

ComboFix 10-09-14.05 - Bronislav Žáček 15.09.2010 22:55:39.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1482 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Bronislav Žáček\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Bronislav Žáček\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EKEIIDYKO6KOTY
-------\Service_cerc6
-------\Service_ekeiidyko6koty


((((((((((((((((((((((((( Soubory vytvořené od 2010-08-15 do 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 17:33:49 . 2010-09-15 17:33:49 -------- d--h--w- C:\WINDOWS\PIF
2010-09-13 14:25:40 . 2010-09-14 23:54:37 62976 -c--a-w- C:\WINDOWS\system32\dllcache\cdrom.sys
2010-09-13 08:01:57 . 2010-09-13 08:02:31 -------- d-----w- C:\Program Files\CCleaner
2010-09-12 05:23:09 . 2010-09-12 05:23:09 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2010-09-12 05:15:23 . 2010-09-12 05:16:21 -------- dc-h--w- C:\WINDOWS\ie8
2010-09-12 05:12:17 . 2010-06-18 11:39:18 16896 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2010-09-12 05:11:51 . 2010-06-24 12:27:22 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll
2010-09-05 00:57:14 . 2010-09-05 05:09:30 -------- d-----w- C:\Outlook záloha
2010-08-25 21:53:04 . 2010-06-21 03:26:36 12776 ----a-w- C:\WINDOWS\system32\drivers\ssadmdfl.sys
2010-08-25 21:53:04 . 2010-06-21 03:26:36 10344 ----a-w- C:\WINDOWS\system32\drivers\ssadcmnt.sys
2010-08-25 21:53:04 . 2010-06-21 03:26:36 10344 ----a-w- C:\WINDOWS\system32\drivers\ssadcm.sys
2010-08-25 21:53:03 . 2010-06-21 03:26:36 121576 ----a-w- C:\WINDOWS\system32\drivers\ssadmdm.sys
2010-08-25 21:53:01 . 2010-06-21 03:26:36 96488 ----a-w- C:\WINDOWS\system32\drivers\ssadbus.sys
2010-08-25 21:53:01 . 2010-06-21 03:26:36 10216 ----a-w- C:\WINDOWS\system32\drivers\ssadwhnt.sys
2010-08-25 21:53:01 . 2010-06-21 03:26:36 10216 ----a-w- C:\WINDOWS\system32\drivers\ssadwh.sys
2010-08-25 21:51:43 . 2010-07-26 13:15:26 36640 ----a-w- C:\WINDOWS\system32\FsUsbExDisk.Sys
2010-08-25 21:51:43 . 2010-07-26 13:15:26 217088 ----a-w- C:\WINDOWS\system32\FsUsbExService.Exe
2010-08-25 21:51:43 . 2010-07-26 13:15:26 110592 ----a-w- C:\WINDOWS\system32\FsUsbExDevice.Dll
2010-08-25 21:48:27 . 2010-08-25 21:48:27 -------- d-----w- C:\Program Files\MarkAny
2010-08-25 21:47:26 . 2010-08-25 21:47:26 -------- d-----w- C:\Program Files\Microsoft.NET
2010-08-25 21:44:26 . 2010-08-25 21:45:01 -------- d-----w- C:\3001944a79da2dc167
2010-08-25 21:40:29 . 2010-08-25 21:47:22 -------- d-----w- C:\9abd0e93463ab4957f491a
2010-08-25 21:09:59 . 2010-08-25 21:52:23 -------- d-----w- C:\Program Files\Samsung
2010-08-25 21:09:55 . 2010-08-25 21:48:32 -------- d-----w- C:\Program Files\Common Files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 21:07:17 . 2010-04-29 13:09:32 -------- d-----w- C:\Program Files\Windows Desktop Search
2010-09-15 18:13:57 . 2008-04-14 12:00:00 79220 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-09-15 18:13:57 . 2008-04-14 12:00:00 432272 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-09-15 16:52:53 . 2010-08-14 19:34:06 -------- d-----w- C:\Program Files\trend micro
2010-08-26 00:42:59 . 2010-08-26 00:42:59 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-25 21:53:31 . 2010-04-28 08:24:46 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-08-25 21:50:06 . 2010-04-28 12:58:15 -------- d-----w- C:\Program Files\PC Connectivity Solution
2010-08-14 23:14:14 . 2008-04-14 12:00:00 62976 ----a-w- C:\WINDOWS\system32\drivers\cdrom.sys
2010-08-13 04:13:43 . 2010-08-13 04:13:43 -------- d-----w- C:\Program Files\Common Files\Java
2010-08-13 04:13:18 . 2010-04-28 08:33:11 -------- d-----w- C:\Program Files\Java
2010-08-06 04:04:19 . 2010-05-08 06:18:26 -------- d-----w- C:\Program Files\SJphone 1.65
2010-07-26 13:17:06 . 2010-07-26 13:17:06 95568 ----a-w- C:\WINDOWS\system32\dgdersvc.exe
2010-07-26 13:17:06 . 2010-07-26 13:17:06 726352 ----a-w- C:\WINDOWS\system32\dgderapi.dll
2010-07-26 13:17:06 . 2010-07-26 13:17:06 319456 ----a-w- C:\WINDOWS\system32\DIFxAPI.dll
2010-07-26 13:17:06 . 2010-07-26 13:17:06 18136 ----a-w- C:\WINDOWS\system32\drivers\dgderdrv.sys
2010-07-17 16:03:24 . 2010-07-17 16:03:24 74728 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-07-17 16:00:50 . 2010-07-17 16:00:50 223440 ----a-w- C:\WINDOWS\system32\drivers\truecrypt.sys
2010-07-17 03:00:04 . 2010-04-28 10:22:55 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-06-24 12:27:28 . 2008-04-14 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-09-12 21:05:42 . 2009-09-12 21:05:42 124240 ----a-w- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06:48 . 2009-09-12 21:06:48 13136 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06:22 . 2009-09-12 21:06:22 70488 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 21:06:32 . 2009-09-12 21:06:32 91480 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06:28 . 2009-09-12 21:06:28 22360 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:07:08 . 2009-09-12 21:07:08 255312 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06:30 . 2009-09-12 21:06:30 31064 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll
2009-09-12 21:06:46 . 2009-09-12 21:06:46 40280 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2009-08-14 11:33:38 . 2009-08-14 11:33:38 652640 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:06:24 . 2009-09-12 21:06:24 23896 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-15_17.39.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-15 21:07:34 . 2010-09-15 21:07:34 16384 C:\WINDOWS\temp\Perflib_Perfdata_228.dat
+ 2008-04-14 12:00:00 . 2010-09-15 18:13:57 68292 C:\WINDOWS\system32\perfc009.dat
- 2008-04-14 12:00:00 . 2010-08-25 21:43:37 68292 C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 12:00:00 . 2010-09-15 18:13:57 435396 C:\WINDOWS\system32\perfh009.dat
- 2008-04-14 12:00:00 . 2010-08-25 21:43:37 435396 C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe" [2009-09-12 21:09:10 103768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 12:00:00 110592]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 14:51:24 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 17:28:28 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:38 976832]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\Martin Bilˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

C:\Documents and Settings\Miroslav Turźˇnek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Online plug-in.lnk - C:\WINDOWS\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-4-29 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 18:59:00 24674 ----a-w- C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16:20 357696 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-07-28 11:56:34 3365176 ----a-w- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57:36 1451520 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-10-25 09:57:56 16855552 ----a-w- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 09:04:04 1826816 ----a-w- C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SJphone 1.65\\SJphone.exe"=
"C:\\Documents and Settings\\Tomáš Stojaník\\Plocha\\config.exe"=
"C:\\Documents and Settings\\Bronislav Žáček\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"C:\\Documents and Settings\\Bronislav Žáček\\Data aplikací\\Microsoft\\Internet Explorer\\Quick Launch\\config.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Documents and Settings\\Martin Bilík\\Plocha\\config.exe"=
"C:\\Documents and Settings\\Miroslav Turčínek\\Plocha\\config.exe"=
"C:\\Documents and Settings\\Bronislav Žáček\\Plocha\\config.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\system32\drivers\ctxusbm.sys [8.9.2009 18:13:16 65584]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\drivers\VBoxDrv.sys [9.5.2010 7:29:03 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\drivers\VBoxUSBMon.sys [9.5.2010 7:28:46 41680]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [29.4.2010 10:35:28 36400]
R2 dgdersvc;Device Error Recovery Service;C:\WINDOWS\system32\dgdersvc.exe [26.7.2010 15:17:06 95568]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [25.8.2010 23:51:43 217088]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\drivers\vnasc.sys [29.4.2010 10:35:40 109072]
R2 vnccom;vnccom;C:\WINDOWS\system32\drivers\vnccom.SYS [29.4.2010 12:03:23 6016]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [29.4.2010 10:35:28 671472]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\l151x86.sys [28.4.2010 10:24:33 37376]
R3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [26.7.2010 15:17:06 18136]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [25.8.2010 23:51:43 36640]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\drivers\fw.sys [29.4.2010 10:35:48 2234320]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\WINDOWS\system32\drivers\VBoxNetFlt.sys [25.3.2010 20:06:26 110608]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\ssadbus.sys [25.8.2010 23:53:01 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\system32\drivers\ssadmdfl.sys [25.8.2010 23:53:04 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\system32\drivers\ssadmdm.sys [25.8.2010 23:53:03 121576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\WINDOWS\system32\drivers\VBoxNetAdp.sys [9.5.2010 7:29:00 99728]
S3 VBoxUSB;VirtualBox USB;C:\WINDOWS\system32\drivers\VBoxUSB.sys [9.5.2010 10:16:51 31824]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [12.5.2010 19:08:20 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-09-15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 02:31:54 . 2009-03-08 02:31:54]

2010-09-15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 02:31:54 . 2009-03-08 02:31:54]

2010-09-15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 02:31:54 . 2009-03-08 02:31:54]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 217.112.175.67:3128
uInternet Settings,ProxyOverride = 10.1.1.171;172.22.4.31:8080;10.1.112.3;synot-sd;10.1.29.187;10.1.112.9;maxpower.gamemonitoring.cz;80.251.247.117;citrix-web;10.1.29.*;10.1.1.170;<local>
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {71C0ACB6-A81D-485C-A092-8C227CDC6015} = 10.1.29.132,10.1.29.133
FF - ProfilePath - C:\Documents and Settings\Bronislav Žáček\Data aplikací\Mozilla\Firefox\Profiles\eo7xwbsa.default\
FF - prefs.js: browser.startup.homepage - hxxp://10.1.29.134/CAisd/pdmweb.exe
FF - prefs.js: network.proxy.http - 10.1.59.100
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BitTorrent DNA - C:\Program Files\DNA\btdna.exe


c:\program files\DNA\btdna.exe jsem před spuštěním scriptu odinstaloval.

[Kobrik]

Jinak zatím Vám mnohokrát děkuji za pomoc! PC se již chová jako s nově instalovanými XP . Jinak domovská odresa IE8 10.1.112.9 je v pořádku, má to tak být

[motji]

Za tu domovskou stránku se omlouvám .

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[Kobrik]

Dobrý den,
tak přikládám log z RSIT. Jinak zdá se, že jsou již XP v pořádku. Nevykazují žádné zpomalení, odezvy při práci jsou celkem v normě a ESET nahlásí žádné infiltrace.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bronislav Žáček at 2010-09-17 06:54:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (80%) free of 147 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:17, on 17.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Documents and Settings\Bronislav Žáček\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Bronislav Žáček.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.112.175.67:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.1.1.171;172.22.4.31:8080;10.1.112.3;synot-sd;10.1.29.187;10.1.112.9;maxpower.gamemonitoring.cz;80.251.247.117;citrix-web;10.1.29.*;10.1.1.170;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Online plug-in.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3831363431
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71C0ACB6-A81D-485C-A092-8C227CDC6015}: NameServer = 10.1.29.132,10.1.29.133
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

--
End of file - 7095 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{5FBF80ED-672D-4256-B380-FD88BB024233}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E7CA6F26-AD3A-4ECD-ACAD-7C779DAE33F7}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FB2531FB-FAEE-437E-A52B-003A43ED731D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-07-28 3365176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Online plug-in.lnk - C:\WINDOWS\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-29 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
C:\WINDOWS\system32\ckpNotify.dll [2006-04-09 24674]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\SJphone 1.65\SJphone.exe"="C:\Program Files\SJphone 1.65\SJphone.exe:*:Enabled:SJphone 1.65"
"C:\Documents and Settings\Tomáš Stojaník\Plocha\config.exe"="C:\Documents and Settings\Tomáš Stojaník\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Documents and Settings\Bronislav Žáček\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Bronislav Žáček\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\Internet Explorer\Quick Launch\config.exe"="C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft\Internet Explorer\Quick Launch\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Documents and Settings\Martin Bilík\Plocha\config.exe"="C:\Documents and Settings\Martin Bilík\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Documents and Settings\Miroslav Turčínek\Plocha\config.exe"="C:\Documents and Settings\Miroslav Turčínek\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"
"C:\Documents and Settings\Bronislav Žáček\Plocha\config.exe"="C:\Documents and Settings\Bronislav Žáček\Plocha\config.exe:*:Enabled:Konfigurátor SGS Monitorů"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

======List of files/folders created in the last 1 months======

2010-09-17 06:54:11 ----D---- C:\rsit
2010-09-17 06:10:03 ----SHD---- C:\RECYCLER
2010-09-16 02:13:46 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\ESET
2010-09-16 02:12:31 ----D---- C:\Program Files\ESET
2010-09-16 02:12:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-09-16 01:58:36 ----A---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-09-16 01:58:35 ----A---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-09-15 23:03:25 ----D---- C:\WINDOWS\temp
2010-09-15 20:14:36 ----D---- C:\WINDOWS\pss
2010-09-15 19:33:49 ----HD---- C:\WINDOWS\PIF
2010-09-13 10:01:57 ----D---- C:\Program Files\CCleaner
2010-09-12 07:15:23 ----HDC---- C:\WINDOWS\ie8
2010-09-05 02:57:14 ----D---- C:\Outlook záloha
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadmdfl.sys
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadcmnt.sys
2010-08-25 23:53:04 ----A---- C:\WINDOWS\system32\drivers\ssadcm.sys
2010-08-25 23:53:03 ----A---- C:\WINDOWS\system32\drivers\ssadmdm.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadwhnt.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadwh.sys
2010-08-25 23:53:01 ----A---- C:\WINDOWS\system32\drivers\ssadbus.sys
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExDisk.Sys
2010-08-25 23:51:43 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll
2010-08-25 23:48:50 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Samsung
2010-08-25 23:48:27 ----D---- C:\Program Files\MarkAny
2010-08-25 23:48:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2010-08-25 23:47:26 ----D---- C:\Program Files\Microsoft.NET
2010-08-25 23:44:26 ----D---- C:\3001944a79da2dc167
2010-08-25 23:42:24 ----D---- C:\Config.Msi
2010-08-25 23:40:29 ----D---- C:\9abd0e93463ab4957f491a
2010-08-25 23:09:59 ----D---- C:\Program Files\Samsung
2010-08-25 23:09:55 ----D---- C:\Program Files\Common Files\Samsung

======List of files/folders modified in the last 1 months======

2010-09-17 06:54:17 ----D---- C:\Program Files\trend micro
2010-09-17 06:54:15 ----D---- C:\WINDOWS\Prefetch
2010-09-17 06:51:47 ----D---- C:\WINDOWS
2010-09-17 06:50:09 ----D---- C:\WINDOWS\system32\Restore
2010-09-17 06:50:08 ----SHD---- C:\System Volume Information
2010-09-17 06:49:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-17 06:49:07 ----A---- C:\WINDOWS\wincmd.ini
2010-09-17 06:45:53 ----D---- C:\WINDOWS\Minidump
2010-09-17 06:23:27 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\OpenOffice.org2
2010-09-17 06:17:12 ----D---- C:\Program Files\Mozilla Firefox
2010-09-17 06:14:34 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-16 06:23:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 06:00:56 ----D---- C:\WINDOWS\system32
2010-09-16 06:00:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-16 02:13:29 ----SHD---- C:\WINDOWS\Installer
2010-09-16 02:13:14 ----HD---- C:\WINDOWS\inf
2010-09-16 02:13:14 ----D---- C:\WINDOWS\system32\drivers
2010-09-16 02:12:31 ----RD---- C:\Program Files
2010-09-16 02:02:32 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-09-16 01:58:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 23:12:51 ----SHD---- C:\WINDOWS\CSC
2010-09-15 23:08:41 ----A---- C:\WINDOWS\system.ini
2010-09-15 23:07:17 ----D---- C:\Program Files\Windows Desktop Search
2010-09-15 23:04:19 ----D---- C:\WINDOWS\system32\config
2010-09-15 22:58:19 ----D---- C:\WINDOWS\AppPatch
2010-09-15 22:58:17 ----D---- C:\Program Files\Common Files
2010-09-15 20:15:12 ----SH---- C:\boot.ini
2010-09-15 20:15:12 ----A---- C:\WINDOWS\win.ini
2010-09-15 20:14:34 ----SD---- C:\WINDOWS\Tasks
2010-09-15 20:14:01 ----D---- C:\WINDOWS\system32\wbem
2010-09-15 20:14:01 ----D---- C:\WINDOWS\system32\cs-cz
2010-09-13 09:33:35 ----SD---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\Microsoft
2010-09-12 22:35:14 ----D---- C:\WINDOWS\Help
2010-09-12 07:42:56 ----D---- C:\NVIDIA
2010-09-12 07:31:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-12 07:19:37 ----D---- C:\Program Files\Internet Explorer
2010-09-12 07:18:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-12 07:17:38 ----D---- C:\WINDOWS\ie8updates
2010-09-12 07:16:45 ----D---- C:\WINDOWS\WBEM
2010-09-12 07:16:37 ----D---- C:\WINDOWS\Media
2010-09-12 07:15:07 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-02 22:44:21 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\gtk-2.0
2010-08-30 01:53:05 ----D---- C:\Documents and Settings\Bronislav Žáček\Data aplikací\vlc
2010-08-26 02:07:43 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-26 02:07:27 ----RSD---- C:\WINDOWS\assembly
2010-08-25 23:53:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-25 23:53:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-25 23:50:06 ----D---- C:\Program Files\PC Connectivity Solution
2010-08-25 23:47:45 ----D---- C:\WINDOWS\WinSxS
2010-08-25 23:47:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-25 23:45:30 ----D---- C:\WINDOWS\system32\XPSViewer
2010-08-25 23:45:28 ----D---- C:\WINDOWS\system32\en-us
2010-08-25 23:45:23 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-07-17 223440]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-03-25 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-03-25 41680]
R2 CP_OMDRV;Check Point Office Mode Module; C:\WINDOWS\System32\drivers\omdrv.sys [2006-04-09 36400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 109072]
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2006-04-09 671472]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-11-12 37376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-07-26 18136]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 2234320]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-29 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-03-25 110608]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-06-21 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-06-21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-06-21 121576]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2010-03-25 31824]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-12 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-29 536576]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-07-26 95568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-07-26 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SR_Service;Check Point SecuRemote Service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2006-04-09 110691]
R2 SR_WatchDog;Check Point SecuRemote WatchDog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [2006-04-09 36964]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Tyto proxy znáte?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.1.1.171;172.22.4.31:8080;10.1.112.3;synot-sd;10.1.29.187;10.1.112.9;maxpower.gamemonitoring.cz;80.251.247.117;citrix-web;10.1.29.*;10.1.1.170;<local>

[Kobrik]

Ano, to je v pořádku.

[motji]

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

Pokud nejsou problémy, je to vše

[Kobrik]

PC vypadá opravdu v pořádku. Mnohokrát děkuji za pomoc, ale vyskytl se ještě jeden problémek. V kořenovém adresáři na USB flash discích se mi opakovaně i po smazání objevuje složka MEMINKO\netreba.exe. Soubor jsem zkusil prověřit na http://www.virustotal.com a je infikován. výsledek testu niže: . Často také autorun.inf

Antivirus Version Last Update Result
AhnLab-V3 2010.09.17.02 2010.09.17 Win-Trojan/Injector.97792.CJ
AntiVir 8.2.4.52 2010.09.17 -
Antiy-AVL 2.0.3.7 2010.09.17 -
Authentium 5.2.0.5 2010.09.17 W32/Rimecud.J.gen!Eldorado
Avast 4.8.1351.0 2010.09.17 Win32:MalOb-BZ
Avast5 5.0.594.0 2010.09.17 Win32:MalOb-BZ
AVG 9.0.0.851 2010.09.16 Cryptic.AWJ
BitDefender 7.2 2010.09.17 Gen:Variant.Bredo.15
CAT-QuickHeal 11.00 2010.09.17 Win32.Packed.Katusha.o.3.Pack
ClamAV 0.96.2.0-git 2010.09.17 -
Comodo 6107 2010.09.17 -
DrWeb 5.0.2.03300 2010.09.17 Trojan.Packed.20312
Emsisoft 5.0.0.37 2010.09.17 Trojan.Win32.Rimecud!IK
eSafe 7.0.17.0 2010.09.17 Win32.GenVariant.Bre
eTrust-Vet 36.1.7860 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 W32/Rimecud.J.gen!Eldorado
F-Secure 9.0.15370.0 2010.09.17 Gen:Variant.Bredo.15
Fortinet 4.1.143.0 2010.09.17 W32/FakeAV.EW!tr
GData 21 2010.09.17 Gen:Variant.Bredo.15
Ikarus T3.1.1.88.0 2010.09.17 Trojan.Win32.Rimecud
Jiangmin 13.0.900 2010.09.17 -
K7AntiVirus 9.63.2533 2010.09.16 Riskware
Kaspersky 7.0.0.125 2010.09.17 -
McAfee 5.400.0.1158 2010.09.17 Generic.dx!tra
McAfee-GW-Edition 2010.1C 2010.09.17 Generic.dx!tra
Microsoft 1.6201 2010.09.17 Trojan:Win32/Rimecud.A
NOD32 5457 2010.09.17 a variant of Win32/Kryptik.GRP
Norman 6.06.06 2010.09.16 W32/Suspicious_Gen2.BZHQD
nProtect 2010-09-17.01 2010.09.17 Gen:Variant.Bredo.15
Panda 10.0.2.7 2010.09.16 Trj/CI.A
PCTools 7.0.3.5 2010.09.17 Trojan.Gen
Prevx 3.0 2010.09.17 -
Rising 22.65.04.01 2010.09.17 Trojan.Win32.Generic.522E1E72
Sophos 4.57.0 2010.09.17 Mal/FakeAV-EW
Sunbelt 6886 2010.09.17 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.17 -
Symantec 20101.1.1.7 2010.09.17 Trojan.Gen
TheHacker 6.7.0.0.020 2010.09.17 -
TrendMicro 9.120.0.1004 2010.09.17 TROJ_GEN.R47E1I9
TrendMicro-HouseCall 9.120.0.1004 2010.09.17 TROJ_GEN.R47E1I9
VBA32 3.12.14.0 2010.09.16 Malware-Cryptor.Grygoryi.3
ViRobot 2010.8.25.4006 2010.09.17 -
VirusBuster 12.65.10.0 2010.09.16 Worm.Palevo.Gen!Pac.8

[vyosek]

Zdravim a pekny den preji

Omlouvam se kolegyni za vstup, zaskocim kdyz tu neni

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

[Kobrik]

Dobrý den,
tak jsem proskenoval 3 flash disky. Akorát jsem provedl test omylem 2x a tím pádem druhý scan přepsal původní log, který přikládám. Snad to nevadí


############################## | UsbFix 7.025 | [Deletion]

User: Bronislav Žáček (Administrator) # ICT-F02B2B01D19 [ ]
Updated 15/09/10 by El Desaparecido / C_XX
Started at 15:10:23 | 17/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
Antivirus: ESET Smart Security 4.2 4.2 [(!) Disabled | Updated]
Firewall: ESET personal firewall 4.2.64.12 [Enabled]
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 143 Gb (115 Mb free - 80%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 30 Gb (7 Mb free - 22%) [STORE N GO] # FAT32
F:\ -> Removable drive # 984 Mb (413 Mb free - 42%) [KINGSTON] # FAT
G:\ -> Removable drive # 4 Gb (1 Mb free - 29%) [KINGSTON] # FAT32

################## | Files # Infected Folders |



################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe

################## | Mountpoints2 |


################## | Listing |

[08/05/2010 - 08:19:19 | D ] C:\176139f34b1483e4580bb414bf6347a7
[25/08/2010 - 23:45:01 | D ] C:\3001944a79da2dc167
[25/08/2010 - 23:47:22 | D ] C:\9abd0e93463ab4957f491a
[25/08/2010 - 23:13:19 | A | 2006] C:\aqua_bitmap.cpp
[17/09/2010 - 13:35:51 | RASHD ] C:\Autorun.inf
[15/09/2010 - 20:15:12 | SH | 211] C:\boot.ini
[14/04/2008 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[16/09/2010 - 02:13:28 | D ] C:\Config.Msi
[28/04/2010 - 09:53:38 | A | 0] C:\CONFIG.SYS
[22/07/2010 - 18:04:41 | D ] C:\Documents and Settings
[22/05/2010 - 21:08:32 | D ] C:\drv
[28/04/2010 - 15:13:52 | D ] C:\I386
[28/04/2010 - 12:08:55 | D ] C:\Intel
[28/04/2010 - 09:53:38 | RASH | 0] C:\IO.SYS
[13/03/2007 - 16:07:00 | A | 326] C:\mks.cur
[28/04/2010 - 09:53:38 | RASH | 0] C:\MSDOS.SYS
[29/04/2010 - 13:32:27 | RD ] C:\MSOCache
[14/04/2008 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 14:00:00 | RASH | 250576] C:\ntldr
[12/09/2010 - 07:42:56 | D ] C:\NVIDIA
[05/09/2010 - 07:09:30 | D ] C:\Outlook záloha
[17/09/2010 - 11:28:14 | ASH | 2145386496] C:\pagefile.sys
[16/09/2010 - 02:12:31 | RD ] C:\Program Files
[17/09/2010 - 06:46:53 | SHD ] C:\RECYCLER
[15/09/2010 - 19:23:29 | A | 751] C:\rkill.log
[17/09/2010 - 06:54:18 | D ] C:\rsit
[08/08/2010 - 15:52:09 | D ] C:\spoolerlogs
[17/09/2010 - 06:50:08 | SHD ] C:\System Volume Information
[17/09/2010 - 15:22:49 | D ] C:\UsbFix
[17/09/2010 - 15:22:54 | A | 1252] C:\UsbFix.txt
[17/09/2010 - 11:29:55 | D ] C:\WINDOWS
[15/07/2010 - 12:11:30 | D ] E:\Pozvánka
[18/07/2010 - 01:26:24 | D ] E:\Instalace PC
[30/12/2009 - 13:26:30 | D ] E:\Softík FL
[08/05/2010 - 08:42:08 | A | 652] E:\3gpmoviesfree.exe.lnk
[08/05/2010 - 08:42:20 | A | 536] E:\audacity.exe.lnk
[08/05/2010 - 08:42:32 | A | 536] E:\citrusac.exe.lnk
[08/05/2010 - 08:42:42 | A | 555] E:\miranda32.exe.lnk
[08/05/2010 - 08:42:52 | A | 576] E:\Skype.exe.lnk
[24/07/2010 - 21:23:28 | D ] E:\Filmy
[01/07/2010 - 18:42:36 | D ] E:\Foto
[16/08/2010 - 20:04:10 | A | 613] E:\TeamViewer.lnk
[17/07/2010 - 12:51:56 | D ] E:\Music
[17/07/2010 - 12:40:20 | A | 1073741824] E:\TrueCrypt
[26/08/2010 - 03:23:02 | D ] E:\Others
[17/09/2010 - 06:54:02 | A | 339991] E:\RSIT.exe
[17/09/2010 - 08:53:50 | A | 575488] E:\OTL.exe
[17/09/2010 - 09:22:02 | A | 75378160] E:\setup_9.0.0.722_17.09.2010_10-24.exe
[15/09/2010 - 18:59:52 | A | 363520] E:\rkill.exe
[17/09/2010 - 13:35:52 | RASHD ] E:\Autorun.inf
[11/01/2008 - 12:28:12 | A | 1758856] F:\UltraVNC-102-Setup.exe
[23/06/2010 - 20:05:10 | D ] F:\Receiver
[16/03/2009 - 00:44:04 | D ] F:\VIS
[01/06/2009 - 14:14:36 | A | 3457800] F:\bi1003cz.exe
[06/06/2009 - 13:10:52 | A | 1898076] F:\updatetools.rar
[25/03/2009 - 19:06:48 | A | 69632] F:\SEZNAM HER.xls
[06/02/2006 - 21:50:32 | A | 1112304] F:\wrar351cz.exe
[09/07/2009 - 10:42:56 | A | 185660] F:\bowcup.jpg
[25/06/2008 - 20:15:56 | D ] F:\ovislink 2
[19/04/2010 - 09:23:24 | A | 3108240] F:\Mira a Carnet.mp3
[06/06/2009 - 13:30:06 | D ] F:\Zcomax AP
[09/07/2009 - 14:34:30 | A | 3941] F:\rotace.gif
[15/05/2009 - 14:38:18 | D ] F:\RockXP4
[15/01/2010 - 13:55:22 | A | 43] F:\spaceball.gif
[17/03/2008 - 12:46:24 | A | 871] F:\Rulety.vnc
[04/03/2010 - 12:04:32 | A | 1712640] F:\DVD seznam.xls
[24/03/2009 - 10:10:24 | D ] F:\Miranda IM
[10/05/2009 - 09:45:12 | N | 16495824] F:\install_atlas_icq65.exe
[27/03/2009 - 14:41:42 | A | 32] F:\data98.vif
[27/03/2009 - 14:41:42 | A | 1501496] F:\data98.chk
[30/04/2010 - 10:16:58 | A | 782330] F:\CD_IB100II_man.pdf
[10/02/2010 - 09:58:50 | A | 2405485] F:\qip8095.exe
[13/06/2009 - 18:18:22 | D ] F:\Diagnostika
[01/07/2009 - 22:29:34 | A | 1531992] F:\IMG_1129.JPG
[13/06/2009 - 10:25:14 | AD ] F:\VAG-COM IHR 304 cz
[11/08/2009 - 09:42:30 | A | 296] F:\WMPInfo.xml
[09/09/2009 - 18:56:18 | A | 606720] F:\DVD na prodej.xls
[25/08/2009 - 17:14:20 | D ] F:\zcomax
[26/06/2010 - 16:30:12 | D ] F:\Maxova svatba
[31/05/2010 - 12:04:24 | A | 627914] F:\Návod Jak naladit Homecast S 3000 CRCI.pdf
[29/10/2009 - 21:04:02 | D ] F:\SWAPMAGIC
[16/03/2009 - 12:07:38 | A | 19391610] F:\CC - ukázka střed-Remix.wav
[15/07/2009 - 15:52:36 | A | 20480] F:\Klubáci z okolí.doc
[21/04/2009 - 10:34:18 | A | 48640] F:\SEZNAMDVD Hany.xls
[31/05/2010 - 13:55:10 | D ] F:\hovory -)
[25/05/2009 - 12:32:44 | A | 14848] F:\Vypocet prumeru kola.xls
[13/05/2009 - 19:10:18 | A | 24476] F:\106109_SKMBT_60009050612400.pdf
[19/01/2009 - 14:18:16 | A | 6672384] F:\whitelabel_(prodigy_vs_enya)_-_smack_up_the_orinoco_flow.mp3
[10/08/2009 - 16:19:34 | A | 953676] F:\Peto a Tom.JPG
[10/09/2009 - 10:46:06 | A | 7358792] F:\Firefox%20Setup%203.0.10.exe
[13/07/2008 - 19:57:36 | A | 3500440] F:\madcon - beggin.mp3
[05/06/2010 - 16:20:28 | D ] F:\Golf
[29/10/2009 - 21:03:58 | D ] F:\Noobie_Package
[31/05/2010 - 12:04:38 | A | 163211] F:\Zadost_Reg_CZ_x.pdf
[15/01/2010 - 13:35:50 | A | 60037] F:\Stock_Car_V8_Brasil_Amir_Nasr_Racin.jpg
[10/02/2010 - 13:40:36 | A | 2113766] F:\icqsnif_setup.exe
[08/06/2010 - 19:49:34 | A | 97547048] F:\iTunesSetup.exe
[08/06/2009 - 10:03:30 | A | 4461851] F:\Bora_vs_Mondeo.wmv
[31/05/2010 - 12:04:46 | A | 213650] F:\Astra_transpondery_CZ_100505.pdf
[12/06/2010 - 17:55:46 | D ] F:\VW Club
[24/06/2010 - 12:56:22 | D ] F:\Ověření pravosti XP
[30/07/2010 - 10:32:56 | A | 10850] F:\Plná moc od Bábinky.docx
[30/07/2010 - 13:26:56 | D ] F:\Práce
[02/08/2010 - 18:15:04 | D ] F:\Cabrio
[11/08/2010 - 10:34:06 | D ] F:\Kola Zender
[17/09/2010 - 13:35:54 | RASHD ] F:\Autorun.inf
[29/08/2010 - 11:14:30 | A | 119268] F:\Zadní kotoučové brzdy na G1.docx
[09/09/2010 - 11:12:52 | A | 11289] F:\KUPNÍ SMLOUVA.docx
[09/09/2010 - 11:15:28 | A | 11286] F:\¨.docx
[09/09/2010 - 11:25:36 | A | 11428] F:\PLNÁ MOC.docx
[13/04/2008 - 00:54:02 | A | 16179] F:\config.dat
[20/04/2008 - 17:16:06 | A | 25088] F:\Kupní smlouva Vlastík.doc
[08/04/2010 - 20:10:02 | A | 223762] G:\Stěrače.jpg
[20/05/2010 - 13:02:10 | D ] G:\nálepka
[18/03/2010 - 17:21:26 | D ] G:\Tuba
[19/02/2010 - 10:07:38 | D ] G:\Driver
[19/02/2010 - 10:07:46 | D ] G:\GIMP2
[18/03/2010 - 09:55:06 | SHD ] G:\Recycled
[29/05/2010 - 19:30:56 | D ] G:\Interšpar
[07/04/2010 - 20:36:46 | A | 428333] G:\w8_leuchte2.pdf
[19/02/2010 - 10:08:48 | D ] G:\Práce
[19/02/2010 - 10:08:52 | D ] G:\Tycoon
[19/02/2010 - 10:09:54 | D ] G:\VAG-COM IHR 304 cz
[19/02/2010 - 10:10:06 | D ] G:\vis3
[20/03/2010 - 20:14:02 | A | 7830] G:\g348.jpg
[28/10/2009 - 08:31:24 | A | 37468] G:\bookmarks-2009-10-28.json
[30/05/2010 - 00:44:06 | A | 39788] G:\bookmarks-2010-05-30.json
[02/05/2009 - 18:42:10 | A | 79782346] G:\Hitchhiker.rar
[16/12/2009 - 08:50:20 | A | 856576] G:\Max_Power.ppt
[10/12/2008 - 15:10:08 | A | 17408] G:\Seznam instalací oprav výměn SGS.xls
[14/01/2010 - 10:31:10 | A | 10059] G:\SIM Rumunsko Ostatní.xls
[16/12/2009 - 14:42:08 | A | 22016] G:\Tabulka obědy.xls
[24/02/2010 - 22:23:04 | D ] G:\Foto
[07/04/2010 - 20:34:46 | A | 599616] G:\W8-Innenleuchte einbauen.pdf
[07/04/2010 - 20:34:40 | A | 792309] G:\W8-Leuchte Adapterstecker.pdf
[08/04/2010 - 20:10:06 | A | 197708] G:\Lampička W8.jpg
[08/04/2010 - 20:10:04 | A | 214491] G:\Světla Jetta MK4 GLI.jpg
[08/04/2010 - 20:10:08 | A | 146418] G:\blinkry Polo.jpg
[08/04/2010 - 20:10:04 | A | 142170] G:\Zadní lampy Polo.jpg
[19/04/2010 - 09:23:24 | A | 3108240] G:\Mira a Carnet.mp3
[21/04/2010 - 11:43:58 | A | 23552] G:\VW Passat B5 sedan.doc
[29/05/2010 - 20:38:34 | D ] G:\Adobe Lightroom v2.2+Keygen+E-books[h33t][MAMBO04]
[02/06/2006 - 00:00:00 | A | 8921061] G:\SC_NGX_R60_HFA1_simp_598001019.exe
[20/04/2010 - 20:02:50 | A | 21530179] G:\PIONEER_A339_A449.pdf
[11/07/2010 - 21:22:46 | A | 1859072] G:\Výfuk R32 na Bora V6 4Motion.doc
[01/05/2010 - 19:34:10 | A | 782330] G:\CD-IB100II_manual_EN_FR_DE_IT_ES.pdf
[13/04/2010 - 20:37:36 | A | 69613] G:\gps2day109.zip
[01/11/2009 - 15:04:44 | A | 2243681] G:\emiliana torrini - jungle drum.mp31257017617_[mp3.teledyski.info].mp3
[01/05/2010 - 19:39:40 | A | 65024] G:\Kompatibilita iPod.doc
[16/03/2010 - 06:40:46 | D ] G:\Nero 9.4.26.0
[31/08/2010 - 02:23:38 | A | 284362] G:\STAVY MAX POWER SUBLICENCE 30.8.2010.xlsx
[31/08/2010 - 20:17:32 | A | 3211396] G:\dvh-3900mp.pdf
[31/08/2010 - 19:56:54 | D ] G:\Bába 70 - Peťův foťák
[01/09/2010 - 18:33:24 | D ] G:\Bába 70 - bábin foťák
[17/09/2010 - 13:35:54 | RASHD ] G:\Autorun.inf
[17/09/2010 - 09:19:20 | D ] J:\uctarna
[14/09/2010 - 13:35:05 | D ] J:\vyvoj
[31/07/2009 - 12:14:04 | D ] J:\obchod
[17/02/2010 - 15:29:06 | D ] J:\sdileni
[28/06/2007 - 08:29:54 | D ] J:\install
[31/05/2006 - 15:40:22 | D ] J:\sklad
[10/11/2006 - 14:52:56 | N | 2407] J:\du-home-sgs.txt
[11/08/2010 - 08:14:27 | D ] J:\it
[03/09/2010 - 12:09:00 | D ] J:\callcentrum
[17/09/2010 - 13:43:29 | RASHD ] T:\Autorun.inf
[12/09/2007 - 11:29:20 | A | 778] T:\Config.cfg
[08/08/2002 - 22:13:12 | A | 418837] T:\Help.chm
[04/02/2010 - 11:57:15 | D ] T:\InBox
[04/02/2010 - 11:57:15 | D ] T:\Logs
[13/06/2003 - 08:48:38 | A | 426] T:\Marketing.osc
[04/02/2010 - 12:05:16 | A | 106] T:\Marketing.reg
[16/05/2010 - 00:16:23 | D ] T:\Nová složka
[05/03/2010 - 09:56:28 | A | 1497600] T:\OTAP.exe
[04/02/2010 - 11:57:15 | D ] T:\OutBox
[04/02/2010 - 11:57:15 | D ] T:\OutBox zaloha
[16/09/2010 - 13:25:21 | A | 320] T:\SGS_Market.ldb
[17/09/2010 - 15:15:25 | A | 79339520] T:\SGS_Market.mdb
[23/11/2007 - 13:33:11 | A | 2710528] T:\SGS_Marketing 3.8.10.exe
[15/09/2006 - 10:42:10 | A | 2706432] T:\SGS_Marketing 3.8.7.exe
[04/06/2008 - 11:07:44 | A | 2710528] T:\SGS_Marketing 3.9.0.exe
[27/07/2010 - 10:05:58 | A | 2713600] T:\SGS_Marketing.exe
[10/08/2006 - 17:09:39 | A | 0] T:\SGS_Marketing.LOG
[26/01/2005 - 22:34:52 | A | 78] T:\SMSC gate.reg
[27/07/2010 - 16:46:52 | D ] T:\SMSC_Gate
[04/01/2010 - 11:27:50 | A | 320] T:\SMSC_Gate.cfg
[22/11/2004 - 11:46:12 | A | 143360] T:\SMSC_Gate.exe
[17/10/2003 - 15:37:42 | A | 196608] T:\SMS_Server.exe
[04/02/2010 - 11:57:10 | D ] T:\Temp
[04/02/2010 - 12:06:29 | D ] T:\Uninstall
[04/06/2008 - 11:15:27 | A | 1557] T:\Update DB.sql
[17/09/2010 - 13:43:53 | RASHD ] Z:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
T:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
Z:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |