Nod hlasí červy...prosím o pomoc

Zpráva

#16 Příspěvek od **motji** » 17 lis 2010 11:59

To bych neřekla, v logu jde vidět, že je jiná, ty jste musel mít naráz

C:\ (%systemdrive%) -> Fixed drive # 16 Gb (3 Mb free - 19%) [] # NTFS
D:\ -> Fixed drive # 78 Gb (39 Mb free - 50%) [Nový svazek] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (458 Mb free - 12%) [PKBACK# 001] # FAT32
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [NOVÝ SVAZEK] # FAT

Duhen · #17 Příspěvek od **Duhen** » 17 lis 2010 12:13

Začištěno a tady je log.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Andrea at 2010-11-17 12:12:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (28%) free of 16 GB
Total RAM: 895 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:14, on 17.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrea\Plocha\RSIT.exe
C:\Program Files\trend micro\Andrea.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9837765500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6540 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-02-23 106496]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-03-08 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-14 90112]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-12-13 917504]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-12-18 25365032]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\HryCounter Strike 1.6\hl.exe"="D:\HryCounter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Stahování z NETU\bulanci.exe"="D:\Stahování z NETU\bulanci.exe:*:Enabled:bulanci"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\lfs W\LFS.exe"="D:\Hry\lfs W\LFS.exe:*:Enabled:LFS"
"D:\Hry\hamachi\hamachi.exe"="D:\Hry\hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-17 12:12:08 ----D---- C:\rsit
2010-11-17 12:08:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-11-17 12:03:22 ----SHD---- C:\RECYCLER
2010-11-17 12:03:14 ----D---- C:\Program Files\Google
2010-11-17 11:43:14 ----D---- C:\WINDOWS\temp
2010-11-17 10:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-17 10:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-11-17 10:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-11-17 10:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-11-17 10:24:40 ----RAD---- C:\Autorun.inf
2010-11-16 11:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-16 10:49:48 ----D---- C:\BJPrinter
2010-11-16 10:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-16 10:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-11-16 10:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-11-16 10:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-11-16 10:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-11-16 10:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-16 10:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-11-16 10:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-11-16 10:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-11-16 10:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-11-16 10:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-16 10:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-11-16 09:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-11-16 09:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-11-16 09:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-11-16 09:39:29 ----D---- C:\Program Files\trend micro
2010-11-16 09:25:59 ----D---- C:\WINDOWS\ie8updates
2010-11-16 09:05:59 ----D---- C:\WINDOWS\WBEM
2010-11-16 08:54:25 ----HDC---- C:\WINDOWS\ie8
2010-11-15 18:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-11-15 18:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-11-15 18:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-15 18:45:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-11-15 18:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-11-15 18:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-11-15 18:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-11-15 18:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-11-15 18:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-11-15 18:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-11-15 18:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-11-15 18:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-11-15 18:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-11-15 18:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-15 18:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-11-15 18:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-11-15 18:34:18 ----D---- C:\Config.Msi
2010-11-15 18:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-11-15 18:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-11-15 18:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-11-15 18:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-11-15 18:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-11-15 18:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-11-15 18:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-11-15 18:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-11-15 18:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-11-15 18:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-11-15 18:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-11-15 18:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-11-15 18:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-15 18:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-11-15 18:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-11-15 18:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-11-15 18:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-11-15 18:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-11-15 18:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-11-15 18:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-11-15 18:20:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-11-15 18:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-11-15 18:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-11-15 18:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-15 17:27:12 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-11-15 17:21:21 ----RSH---- C:\Documents and Settings\Andrea\Data aplikací\juzjf.exe
2010-11-15 17:16:19 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-11-15 15:49:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-15 15:49:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-15 15:49:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2010-11-17 12:09:28 ----D---- C:\WINDOWS
2010-11-17 12:08:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-17 12:08:17 ----A---- C:\WINDOWS\wincmd.ini
2010-11-17 12:08:01 ----SD---- C:\WINDOWS\Tasks
2010-11-17 12:08:00 ----SHD---- C:\WINDOWS\Installer
2010-11-17 12:06:45 ----D---- C:\WINDOWS\Debug
2010-11-17 12:06:45 ----D---- C:\Program Files\Winamp
2010-11-17 12:03:57 ----D---- C:\Program Files\CCleaner
2010-11-17 12:03:14 ----RD---- C:\Program Files
2010-11-17 11:59:41 ----D---- C:\WINDOWS\Prefetch
2010-11-17 11:59:36 ----D---- C:\WINDOWS\system32
2010-11-17 11:58:07 ----SHD---- C:\System Volume Information
2010-11-17 11:41:18 ----A---- C:\WINDOWS\system.ini
2010-11-17 11:41:08 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-17 11:39:34 ----D---- C:\WINDOWS\system32\drivers
2010-11-17 11:39:34 ----D---- C:\WINDOWS\AppPatch
2010-11-17 11:39:31 ----D---- C:\Program Files\Common Files
2010-11-17 11:34:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-17 11:14:31 ----HD---- C:\WINDOWS\inf
2010-11-17 10:37:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-17 10:31:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-17 10:31:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-17 09:53:51 ----D---- C:\WINDOWS\system32\config
2010-11-16 10:43:45 ----D---- C:\WINDOWS\WinSxS
2010-11-16 10:42:09 ----D---- C:\WINDOWS\SoftwareDistribution
2010-11-16 10:39:48 ----D---- C:\WINDOWS\system32\cs-cz
2010-11-16 10:39:48 ----D---- C:\WINDOWS\Help
2010-11-16 10:39:48 ----D---- C:\Program Files\Internet Explorer
2010-11-16 09:05:17 ----D---- C:\WINDOWS\Media
2010-11-15 18:50:37 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-15 18:50:35 ----RSD---- C:\WINDOWS\assembly
2010-11-15 18:45:40 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-15 18:28:05 ----D---- C:\Program Files\Outlook Express
2010-11-15 18:27:11 ----D---- C:\Program Files\Movie Maker
2010-11-15 17:31:13 ----D---- C:\Program Files\DreamCom
2010-11-15 17:16:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-15 17:11:31 ----D---- C:\WINDOWS\Config
2010-11-15 17:10:46 ----D---- C:\Program Files\DAEMON Tools
2010-11-15 15:49:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-15 15:48:52 ----D---- C:\WINDOWS\Minidump
2010-11-15 15:44:31 ----D---- C:\Program Files\Mozilla Firefox
2010-11-03 18:10:32 ----D---- C:\Program Files\ESET
2010-11-02 16:47:16 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-25 36528]
R0 risdptsk;risdptsk; C:\WINDOWS\System32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-12-26 639224]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 AMON;AMON; \??\C:\WINDOWS\System32\drivers\amon.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\System32\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-05-09 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-23 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-12-26 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimsptsk;rimsptsk; C:\WINDOWS\System32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 smserial;smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [2006-01-20 862340]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-03 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-30 8064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 ao2o5owq;ao2o5owq; C:\WINDOWS\system32\drivers\ao2o5owq.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-03-08 405504]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-12-26 495616]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#18 Příspěvek od **motji** » 17 lis 2010 12:18

Hlídejte si místo na disku, 4 GB je tak akorát.

Doinstalujte firewall.

Poprosím o log ze Rsitu a z combofixu z druhého počítače. Ještě tak hodinu tu budu

Duhen · #19 Příspěvek od **Duhen** » 17 lis 2010 12:20

Asi jsem je neměl vytahovat, ale asi to byla ta co byla téměř prázdná, no každopádně na žádné a nikde tentoI:\yam.exe
nevidím, tak snad by to mělo být v pořádku.

Book se chová normálně a žádné vyskakování NOD oken, tak snad to bude OK.

Duhen · #20 Příspěvek od **Duhen** » 17 lis 2010 12:21

Za moment vložím rsit a combo PC II

Duhen · #21 Příspěvek od **Duhen** » 17 lis 2010 12:50

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-11-17 12:25:25
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 766 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:35, on 17.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SensorsViewPro41\svservice.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Plocha\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [outbackxxx.exe] C:\outbackxxx.exe\outbackxxx.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SensorsVService - Unknown owner - C:\Program Files\SensorsViewPro41\svservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7154 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-30 69632]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2007-04-16 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2007-04-16 143360]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-12-13 917504]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"BtcMaestro"=C:\Program Files\HP Wireless Keyboard\KMaestro.exe [2007-11-15 348160]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-06-27 1211176]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe [2007-06-23 330752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2010-09-21 353736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe

C:\Documents and Settings\User\Nabídka Start\Programy\Po spuštění
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-02 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe:*:Enabled:HipServ DesktopMirror (rsync)"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe:*:Enabled:HipServ DesktopMirror (ssh)"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe:*:Enabled:HipServ Pictures Wizard"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe:*:Enabled:HipServ SmartShortcut"
"C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe"="C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe:*:Enabled:HipServAgent"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\HipServDesktopMirror.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\HipServDesktopMirror.exe:*:Enabled:HipServ DesktopMirror"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-11-17 12:25:25 ----D---- C:\rsit
2010-10-27 15:05:31 ----D---- C:\zzzzzzzzzuuuub
2010-10-27 15:03:24 ----D---- C:\Documents and Settings\User\Data aplikací\ACD Systems
2010-10-27 14:58:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2010-10-27 14:58:51 ----D---- C:\Program Files\Common Files\ACD Systems
2010-10-27 14:58:51 ----D---- C:\Program Files\ACD Systems
2010-10-27 14:58:43 ----A---- C:\WINDOWS\system32\drivers\pfc.sys

======List of files/folders modified in the last 1 months======

2010-11-17 12:25:33 ----D---- C:\WINDOWS\Prefetch
2010-11-17 12:25:31 ----D---- C:\Program Files\trend micro
2010-11-17 12:23:55 ----D---- C:\WINDOWS\temp
2010-11-17 12:23:48 ----A---- C:\WINDOWS\wincmd.ini
2010-11-17 09:37:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-17 09:35:28 ----D---- C:\WINDOWS
2010-11-17 09:34:46 ----D---- C:\Program Files\LogMeIn
2010-11-16 10:24:09 ----D---- C:\WINDOWS\Minidump
2010-11-16 10:20:21 ----SHD---- C:\System Volume Information
2010-11-16 10:20:21 ----D---- C:\WINDOWS\system32\Restore
2010-11-16 10:13:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-15 18:18:13 ----D---- C:\WINDOWS\system32
2010-11-13 09:52:52 ----D---- C:\EEE PC 4G
2010-11-01 09:11:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 08:08:33 ----D---- C:\Program Files\Mozilla Firefox
2010-10-27 14:59:26 ----SHD---- C:\WINDOWS\Installer
2010-10-27 14:58:51 ----RD---- C:\Program Files
2010-10-27 14:58:51 ----D---- C:\Program Files\Common Files
2010-10-27 14:58:43 ----D---- C:\WINDOWS\system32\drivers
2010-10-27 14:56:57 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\System32\DRIVERS\uagp35.sys [2004-08-03 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sensorsview;sensorsview; \??\C:\Program Files\SensorsViewPro41\drv\sensorsview32.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2010-10-27 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 ntiomin;ntiomin; C:\WINDOWS\system32\drivers\ntiomin.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-07-24 47360]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-04-16 168192]
S3 vsc32;Virtual Sound Canvas 3.2; C:\WINDOWS\system32\DRIVERS\vsc.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-02-09 392444]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-09-19 258103]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-02 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-05-12 495616]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SensorsVService;SensorsVService; C:\Program Files\SensorsViewPro41\svservice.exe [2010-06-17 923648]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-01-06 540672]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

Duhen · #22 Příspěvek od **Duhen** » 17 lis 2010 12:52

Combofux trval trochu déle , protože detekoval napadení rootkity a musel se restartovat.

ComboFix 10-11-16.05 - User 17.11.2010 12:38:39.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.766.499 [GMT 1:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\SAVSAVPMAD.exe
c:\windows\system32\spool\prtprocs\w32x86\CNMPD82.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP82.DLL
c:\windows\VM305Cap.exe

Nakažená kopie c:\windows\system32\drivers\pciide.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-17 do 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 11:27 . 2010-11-17 11:26 389632 ----a-w- c:\windows\system32\CF19264.exe
2010-11-17 11:25 . 2010-11-17 11:25 -------- d-----w- C:\rsit
2010-10-27 14:05 . 2010-11-01 12:30 -------- d-----w- C:\zzzzzzzzzuuuub
2010-10-27 14:03 . 2010-10-27 14:03 -------- d-----w- c:\documents and settings\User\Local Settings\Data aplikací\ACD Systems
2010-10-27 14:03 . 2010-10-27 14:03 -------- d-----w- c:\documents and settings\User\Data aplikací\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:59 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 -------- d-----w- c:\program files\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 10368 ----a-w- c:\windows\system32\drivers\pfc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-06-23 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"VTTimer"="VTTimer.exe" [2007-04-16 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-16 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-12-13 917504]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2007-11-15 348160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-9-19 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 11:12 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-09-21 12:10 353736 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 sensorsview;sensorsview;c:\program files\SensorsViewPro41\drv\sensorsview32.sys [26.7.2008 19:30 14416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.1.2009 13:45 142592]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [4.10.2008 9:59 15872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28.2.2008 14:31 12856]
S1 ntiomin;ntiomin; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.10.2010 8:51 136176]
S2 SensorsVService;SensorsVService;c:\program files\SensorsViewPro41\svservice.exe [17.6.2010 18:01 923648]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [5.4.2008 8:22 392444]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 07:51]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 07:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/english/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
LSP: imon.dll
Trusted Zone: tabery.cz\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\z5ovxk6s.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKU-Default-Run-outbackxxx.exe - c:\outbackxxx.exe\outbackxxx.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 12:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1229272821-2147108053-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CFCEFE4-3AEC-05F6-ABB2-65A096F7126E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iamihapbjkefblbhcn"=hex:6a,61,62,6b,66,6c,68,66,69,6f,68,6f,6c,64,70,6a,61,6d,
6c,6c,00,00
"hagljchojkaildmi"=hex:6a,61,62,6b,66,6c,68,66,69,6f,68,6f,6c,64,70,6a,61,6d,
6c,6c,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-11-17 12:49:05
ComboFix-quarantined-files.txt 2010-11-17 11:49

Před spuštěním: Volných bajtů: 112 552 517 632
Po spuštění: Volných bajtů: 112 546 484 224

- - End Of File - - A47DCF075A449A5AA4FEC35972355E12

#23 Příspěvek od **motji** » 17 lis 2010 13:04

Kde Vy na ty vir chodíte?

Tuhle složku znáte?
C:\zzzzzzzzzuuuub

Duhen · #24 Příspěvek od **Duhen** » 17 lis 2010 13:05

Ano znám. A jinak jsem pouze uživatel, nic moc nestahuji, tak nevím, kde se ty mrchy stále berou.

#25 Příspěvek od **motji** » 17 lis 2010 13:19

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Regnull::
[HKEY_USERS\S-1-5-21-1229272821-2147108053-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CFCEFE4-3AEC-05F6-ABB2-65A096F7126E}*]

Firefox::
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\z5ovxk6s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... fs&search=

DDS::
uStart Page = hxxp://mystart.incredimail.com/english/

Driver::
ntiomin

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Otestujte na www.virustotal.com
C:\WINDOWS\system32\drivers\pfc.sys

Duhen · #26 Příspěvek od **Duhen** » 17 lis 2010 13:43

ComboFix 10-11-16.05 - User 17.11.2010 13:31:07.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.766.443 [GMT 1:00]
Spuštěný z: c:\documents and settings\User\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Plocha\CFScript.csc.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ntiomin

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-17 do 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 11:27 . 2010-11-17 11:26 389632 ----a-w- c:\windows\system32\CF19264.exe
2010-11-17 11:25 . 2010-11-17 11:25 -------- d-----w- C:\rsit
2010-10-27 14:05 . 2010-11-01 12:30 -------- d-----w- C:\zzzzzzzzzuuuub
2010-10-27 14:03 . 2010-10-27 14:03 -------- d-----w- c:\documents and settings\User\Local Settings\Data aplikací\ACD Systems
2010-10-27 14:03 . 2010-10-27 14:03 -------- d-----w- c:\documents and settings\User\Data aplikací\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:59 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 -------- d-----w- c:\program files\ACD Systems
2010-10-27 13:58 . 2010-10-27 13:58 10368 ----a-w- c:\windows\system32\drivers\pfc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-06-23 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"VTTimer"="VTTimer.exe" [2007-04-16 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-16 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-12-13 917504]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2007-11-15 348160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\User\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-9-19 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 11:12 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-09-21 12:10 353736 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 sensorsview;sensorsview;c:\program files\SensorsViewPro41\drv\sensorsview32.sys [26.7.2008 19:30 14416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.1.2009 13:45 142592]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [4.10.2008 9:59 15872]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28.2.2008 14:31 12856]
R2 SensorsVService;SensorsVService;c:\program files\SensorsViewPro41\svservice.exe [17.6.2010 18:01 923648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.10.2010 8:51 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [5.4.2008 8:22 392444]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 07:51]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 07:51]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
LSP: imon.dll
Trusted Zone: tabery.cz\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\User\Data aplikací\Mozilla\Firefox\Profiles\z5ovxk6s.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 13:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83F3DAB8]
3 CLASSPNP[0xF767505B] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x83F8EB00]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\VTTimer.exe
c:\progra~1\MI3AA1~1\wcescomm.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-11-17 13:42:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-17 12:42
ComboFix2.txt 2010-11-17 11:49

Před spuštěním: Volných bajtů: 112 558 997 504
Po spuštění: Volných bajtů: 112 494 743 552

- - End Of File - - AAF0C50E8F7877875FAC2CABC4F24A0E

Duhen · #27 Příspěvek od **Duhen** » 17 lis 2010 13:46

File name:
pfc.sys
Submission date:
2010-11-17 12:44:34 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.17.01 2010.11.17 -
AntiVir 7.10.14.29 2010.11.17 -
Antiy-AVL 2.0.3.7 2010.11.17 -
Avast 4.8.1351.0 2010.11.17 -
Avast5 5.0.594.0 2010.11.17 -
AVG 9.0.0.851 2010.11.17 -
BitDefender 7.2 2010.11.17 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.17 -
Command 5.2.11.5 2010.11.17 -
Comodo 6746 2010.11.16 -
DrWeb 5.0.2.03300 2010.11.17 -
Emsisoft 5.0.0.50 2010.11.17 -
eSafe 7.0.17.0 2010.11.16 -
eTrust-Vet 36.1.7982 2010.11.17 -
F-Prot 4.6.2.117 2010.11.17 -
F-Secure 9.0.16160.0 2010.11.17 -
Fortinet 4.2.254.0 2010.11.17 -
GData 21 2010.11.17 -
Ikarus T3.1.1.90.0 2010.11.17 -
Jiangmin 13.0.900 2010.11.17 -
K7AntiVirus 9.67.3003 2010.11.17 -
Kaspersky 7.0.0.125 2010.11.17 -
McAfee 5.400.0.1158 2010.11.17 -
McAfee-GW-Edition 2010.1C 2010.11.17 -
Microsoft 1.6402 2010.11.17 -
NOD32 5626 2010.11.17 -
Norman 6.06.10 2010.11.17 -
nProtect 2010-11-17.01 2010.11.17 -
PCTools 7.0.3.5 2010.11.17 -
Prevx 3.0 2010.11.17 -
Rising 22.74.02.03 2010.11.17 -
Sophos 4.59.0 2010.11.17 -
SUPERAntiSpyware 4.40.0.1006 2010.11.17 -
Symantec 20101.2.0.161 2010.11.17 -
TheHacker 6.7.0.1.086 2010.11.17 -
TrendMicro 9.120.0.1004 2010.11.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.17 -
VBA32 3.12.14.2 2010.11.16 -
VIPRE 7331 2010.11.17 -
ViRobot 2010.11.17.4153 2010.11.17 -
VirusBuster 12.76.3.0 2010.11.16 -
Additional information
Show all
MD5 : 957b82ec80ad7ead64e5e47df6b0dc40
SHA1 : f40f76dfc1a89cfdc76e6b4a020a0795a7360713
SHA256: 2485243b79697df31db01e5415bed8eff00c23cfa666871f2606f47bfd4178db

#28 Příspěvek od **motji** » 17 lis 2010 14:03

Ještě Vás trochu potrápím

, vzhledem k tomu, že jste měl infikovaný systémový soubor, koukla bych ještě po tdl rootkitovi.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

Návod od kolegy Stella

Stiahnite si prosím TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresari

Duhen · #29 Příspěvek od **Duhen** » 17 lis 2010 14:23

SPTD mi dává po spuštění možnos jen install.

#30 Příspěvek od **motji** » 17 lis 2010 14:35

Pokračujte dále, bez SPDT

.
Já tu budu sem tam nakukovat

VIRY.CZ

Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc