Preventivní kontrola logu z RSIT

Zpráva

mrkva_os · #16 Příspěvek od **mrkva_os** » 28 led 2010 13:12

Soubor ms.exe přijatý 2010.01.28 12:10:43 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 7/40 (17.5%)

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.28 -
AhnLab-V3 5.0.0.2 2010.01.28 -
AntiVir 7.9.1.154 2010.01.28 -
Antiy-AVL 2.0.3.7 2010.01.28 Backdoor/Win32.Agobot.gen
Authentium 5.2.0.5 2010.01.28 W32/Damaged_File.gen!Eldorado
Avast 4.8.1351.0 2010.01.28 -
AVG 9.0.0.730 2010.01.28 -
BitDefender 7.2 2010.01.28 -
CAT-QuickHeal 10.00 2010.01.28 -
ClamAV 0.94.1 2010.01.28 -
Comodo 3738 2010.01.28 -
DrWeb 5.0.1.12222 2010.01.28 -
eSafe 7.0.17.0 2010.01.28 -
eTrust-Vet 35.2.7264 2010.01.27 -
F-Prot 4.5.1.85 2010.01.28 W32/Damaged_File.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.28 -
Fortinet 4.0.14.0 2010.01.28 -
GData 19 2010.01.28 -
Ikarus T3.1.1.80.0 2010.01.28 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.957 2010.01.26 -
Kaspersky 7.0.0.125 2010.01.28 -
McAfee 5874 2010.01.27 potentially unwanted program Corrupt-EP
McAfee+Artemis 5874 2010.01.27 potentially unwanted program Corrupt-EP
McAfee-GW-Edition 6.8.5 2010.01.28 Heuristic.BehavesLike.Win32.ModifiedUPX.A!92
Microsoft 1.5406 2010.01.28 -
NOD32 4813 2010.01.28 -
Norman 6.04.03 2010.01.27 -
nProtect 2009.1.8.0 2010.01.28 -
Panda 10.0.2.2 2010.01.28 -
PCTools 7.0.3.5 2010.01.28 -
Rising 22.32.03.04 2010.01.28 -
Sophos 4.50.0 2010.01.28 -
Sunbelt 3.2.1858.2 2010.01.28 -
Symantec 20091.2.0.41 2010.01.28 -
TheHacker 6.5.0.9.167 2010.01.28 W32/Behav-Heuristic-CorruptFile-EP
TrendMicro 9.120.0.1004 2010.01.28 -
VBA32 3.12.12.1 2010.01.28 -
ViRobot 2010.1.28.2160 2010.01.28 -
VirusBuster 5.0.21.0 2010.01.27 -
Rozšiřující informace
File size: 41040 bytes
MD5...: cf93db203ee4019579dd80d6b71ded1e
SHA1..: 523c439f8ad2a2a1d615548bbaeb3a8d4e7779d9
SHA256: a6615085a3c6833f1d6495a6ff09e0f42838830cc603c3dd8d0515966beafadf
ssdeep: 768:Bu9vroX1D4a75yaJ5KGcbm/nEJbGI2UOklasekhF1sLBGau9SQNKA:BuNroX
pM5GcK/EJbGI2UOklayFoBG/9h
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x24830
timedatestamp.....: 0x4b50b9a9 (Fri Jan 15 18:53:29 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xe000 0x17000 0x16a00 7.95 948781bf5722a09865849eac8aad371e
.rsrc 0x25000 0x1000 0xa00 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports )

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

mrkva_os · #17 Příspěvek od **mrkva_os** » 28 led 2010 13:15

Soubor msd.exe přijatý 2010.01.28 12:13:43 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 27/41 (65.86%)

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.28 Net-Worm.Win32.Kolab!IK
AhnLab-V3 5.0.0.2 2010.01.28 Win32/Kolab.worm.172032.E
AntiVir 7.9.1.154 2010.01.28 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.28 -
Avast 4.8.1351.0 2010.01.28 Win32:Malware-gen
AVG 9.0.0.730 2010.01.28 Dropper.Generic.BNTV
BitDefender 7.2 2010.01.28 -
CAT-QuickHeal 10.00 2010.01.28 I-Worm.Kolab.fsu
ClamAV 0.94.1 2010.01.28 -
Comodo 3738 2010.01.28 NetWorm.Win32.Kolab.fsu
DrWeb 5.0.1.12222 2010.01.28 BackDoor.IRC.Sdbot.8084
eSafe 7.0.17.0 2010.01.28 Win32.IRCBot
eTrust-Vet 35.2.7264 2010.01.27 -
F-Prot 4.5.1.85 2010.01.28 -
F-Secure 9.0.15370.0 2010.01.28 -
Fortinet 4.0.14.0 2010.01.28 W32/Kolab.FSU!worm.im
GData 19 2010.01.28 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.01.28 Net-Worm.Win32.Kolab
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.957 2010.01.26 Net-Worm.Win32.Kolab.fsu
Kaspersky 7.0.0.125 2010.01.28 Net-Worm.Win32.Kolab.fsu
McAfee 5874 2010.01.27 Generic.dx!lrl
McAfee+Artemis 5874 2010.01.27 Generic.dx!lrl
McAfee-GW-Edition 6.8.5 2010.01.28 Trojan.Dropper.Gen
Microsoft 1.5406 2010.01.28 VirTool:Win32/VBInject.DN
NOD32 4813 2010.01.28 a variant of Win32/Injector.ARY
Norman 6.04.03 2010.01.27 -
nProtect 2009.1.8.0 2010.01.28 -
Panda 10.0.2.2 2010.01.28 W32/Gaobot.OXI.worm
PCTools 7.0.3.5 2010.01.28 Trojan.IRCBot
Prevx 3.0 2010.01.28 -
Rising 22.32.03.04 2010.01.28 -
Sophos 4.50.0 2010.01.28 -
Sunbelt 3.2.1858.2 2010.01.28 -
Symantec 20091.2.0.41 2010.01.28 W32.IRCBot
TheHacker 6.5.0.9.167 2010.01.28 W32/Kolab.fsu
TrendMicro 9.120.0.1004 2010.01.28 WORM_KOLAB.DE
VBA32 3.12.12.1 2010.01.28 Net-Worm.Win32.Kolab.fsu
ViRobot 2010.1.28.2160 2010.01.28 Worm.Win32.Net-Kolab.172032
VirusBuster 5.0.21.0 2010.01.27 Trojan.DR.Agent.RZHG
Rozšiřující informace
File size: 172032 bytes
MD5...: f2960109404e72ad969a2cffa0ab241f
SHA1..: 2ec15a9ddfe2f68fdb39e8978c19f9eca75608a5
SHA256: 38a663ca33cddc3aa66c1bb55d1ff984c93e86fade8631b70645a94305dee132
ssdeep: 3072:LklIm1w9Rsy1qy0nA63HFMQ3Ee3HOaG+jCcS4dXrpRiF:LVceRsytwln3vG
Aw4db6
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1100
timedatestamp.....: 0x4b50c676 (Fri Jan 15 19:48:06 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15e60 0x16000 5.42 705062726626f0bda2e16c9d80bdb727
.data 0x17000 0x558 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x18000 0x12b28 0x13000 7.94 1423a7d45fbf811c6487e003fbdb1073

( 1 imports )
> MSVBVM60.DLL: -, -, -, -, MethCallEngine, -, -, -, -, -, -, EVENT_SINK_AddRef, -, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, ProcCallEngine, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: XG4vlSPNW2L4H9
copyright....: n/a
product......: W00eBR
description..: n/a
original name: UmzlO62xBh.exe
internal name: UmzlO62xBh
file version.: 3.04.0005
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
pdfid.: -

mrkva_os · #18 Příspěvek od **mrkva_os** » 28 led 2010 13:30

Bohuzel sem nenasel, ani ja ani vyhledavac, soubor ze slozky C:\windows\DHVP.exe
jedine co nasel je dhvp.exe-00727FEI.pf tak zde mas jeho kontrolu...

Soubor DHVP.EXE-00727FE1.pf přijatý 2010.01.28 12:26:16 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Načítám informace ze serveru...

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.28 -
AhnLab-V3 5.0.0.2 2010.01.28 -
AntiVir 7.9.1.154 2010.01.28 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.28 -
Avast 4.8.1351.0 2010.01.28 -
AVG 9.0.0.730 2010.01.28 -
BitDefender 7.2 2010.01.28 -
CAT-QuickHeal 10.00 2010.01.28 -
ClamAV 0.94.1 2010.01.28 -
Comodo 3738 2010.01.28 -
DrWeb 5.0.1.12222 2010.01.28 -
eSafe 7.0.17.0 2010.01.28 -
eTrust-Vet 35.2.7264 2010.01.27 -
F-Prot 4.5.1.85 2010.01.28 -
F-Secure 9.0.15370.0 2010.01.28 -
Fortinet 4.0.14.0 2010.01.28 -
GData 19 2010.01.28 -
Ikarus T3.1.1.80.0 2010.01.28 -
K7AntiVirus 7.10.957 2010.01.26 -
McAfee 5874 2010.01.27 -
McAfee+Artemis 5874 2010.01.27 -
McAfee-GW-Edition 6.8.5 2010.01.28 -
Microsoft 1.5406 2010.01.28 -
NOD32 4813 2010.01.28 -
Norman 6.04.03 2010.01.27 -
nProtect 2009.1.8.0 2010.01.28 -
Panda 10.0.2.2 2010.01.28 -
PCTools 7.0.3.5 2010.01.28 -
Prevx 3.0 2010.01.28 -
Rising 22.32.03.04 2010.01.28 -
Sophos 4.50.0 2010.01.28 -
Sunbelt 3.2.1858.2 2010.01.28 -
Symantec 20091.2.0.41 2010.01.28 -
TheHacker 6.5.0.9.167 2010.01.28 -
TrendMicro 9.120.0.1004 2010.01.28 -
VBA32 3.12.12.1 2010.01.28 -
ViRobot 2010.1.28.2160 2010.01.28 -
VirusBuster 5.0.21.0 2010.01.27 -
Rozšiřující informace
File size: 22022 bytes
MD5...: b63944af841deabbd5fd740d6a6b133a
SHA1..: d29d0b5d4fd3748ddd77bc2b2b72bbf224d412e4
SHA256: 65b2f560fb2c7121dfb73b3499dfa5b5e9cd97a47f416d71c4c82c61f9fd5f2d
ssdeep: 384:fRIn0yf9NuohuUTkdBTertzMIUQivyBCugVGCFmVQz+64ydnAjudT81i+:fS
n0yFIoEukdiqQihGQfESm1i
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Microsoft Windows XP Prefetch file (98.9%)
LTAC compressed audio (v1.71) (1.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#19 Příspěvek od **JaRon** » 28 led 2010 13:43

vsetky 3 subory najdi a ZMAZ
restart - a vloz kolegovi RSIT na kontrolu

mrkva_os · #20 Příspěvek od **mrkva_os** » 28 led 2010 19:30

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stanicka at 2010-01-28 19:23:50
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (63%) free of 20 GB
Total RAM: 479 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:56, on 28.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stanicka\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Stanicka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\Winampa.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Turbo Debugger SVC Manager (TDMgrSvc32) - Unknown owner - C:\WINDOWS\system32\PwrMgr32.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Stanicka/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 5844 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-05-19 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-05-19 757760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SiSPower"=SiSPower.dll,ModeAgent []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-16 917504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-25 198160]
"WinampAgent"=d:\Program Files\Winamp\Winampa.exe [2001-03-03 7680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\W [2010-01-17 74]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\dhvp.exe"="C:\WINDOWS\dhvp.exe:*:Disabled:dhvp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-09 17:52:18 ----D---- C:\Program Files\Eset
2010-01-28 13:19:25 ----SHD---- C:\RECYCLER
2010-01-27 15:55:55 ----D---- C:\WINDOWS\temp
2010-01-27 15:55:53 ----A---- C:\ComboFix.txt
2010-01-27 15:32:06 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-27 08:35:29 ----A---- C:\Boot.bak
2010-01-27 08:35:25 ----RASHD---- C:\cmdcons
2010-01-27 08:22:27 ----A---- C:\WINDOWS\zip.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\SWSC.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\SWREG.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\sed.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\PEV.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\MBR.exe
2010-01-27 08:22:27 ----A---- C:\WINDOWS\grep.exe
2010-01-27 08:22:15 ----D---- C:\WINDOWS\ERDNT
2010-01-27 08:08:28 ----D---- C:\Qoobox
2010-01-26 11:09:43 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\Malwarebytes
2010-01-26 11:09:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-26 11:09:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-26 09:55:28 ----D---- C:\rsit
2010-01-17 14:07:20 ----A---- C:\WINDOWS\pothead.txt
2010-01-17 14:07:03 ----RSH---- C:\WINDOWS\dhvp.exe
2010-01-17 14:06:23 ----A---- C:\WINDOWS\system32\msd.exe

======List of files/folders modified in the last 1 months======

2010-01-28 19:21:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-28 19:19:14 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 19:13:56 ----D---- C:\WINDOWS\system32
2010-01-28 19:11:44 ----D---- C:\WINDOWS\Prefetch
2010-01-28 13:25:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 13:25:49 ----RD---- C:\WINDOWS\Web
2010-01-28 13:25:44 ----D---- C:\WINDOWS\SHELLNEW
2010-01-27 16:06:24 ----A---- C:\WINDOWS\wincmd.ini
2010-01-27 15:55:55 ----D---- C:\WINDOWS
2010-01-27 15:54:33 ----SD---- C:\WINDOWS\Tasks
2010-01-27 15:53:31 ----A---- C:\WINDOWS\system.ini
2010-01-27 15:52:11 ----D---- C:\WINDOWS\system32\drivers
2010-01-27 15:51:15 ----D---- C:\WINDOWS\AppPatch
2010-01-27 15:51:11 ----D---- C:\Program Files\Common Files
2010-01-27 15:47:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 15:41:33 ----SHD---- C:\WINDOWS\CSC
2010-01-27 08:47:55 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\uTorrent
2010-01-27 08:35:29 ----RASH---- C:\boot.ini
2010-01-27 08:22:22 ----SHD---- C:\System Volume Information
2010-01-27 08:22:22 ----D---- C:\WINDOWS\system32\Restore
2010-01-26 16:28:54 ----D---- C:\WINDOWS\Registration
2010-01-26 11:09:30 ----RD---- C:\Program Files
2010-01-26 09:37:33 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\ICQ
2009-12-30 16:01:34 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-05-05 12288]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-05-08 254976]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\Stanicka\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-08-19 54784]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-12 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-16 495616]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 TDMgrSvc32;Turbo Debugger SVC Manager; C:\WINDOWS\system32\PwrMgr32.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#21 Příspěvek od **cernohous13** » 29 led 2010 07:44

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\dh.exe
c:\windows\dhvp.exe
c:\windows\system32\msd.exe
c:\windows\system32\ms.exe
c:\program files\RngInterstitial.dll

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"HP Software Update"=-
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\dhvp.exe"=-

Driver::
TDMgrSvc3
gusvc

mrkva_os · #22 Příspěvek od **mrkva_os** » 30 led 2010 15:27

ComboFix 10-01-29.09 - Stanicka 30.01.2010 15:19:38.10.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.479.307 [GMT 1:00]
Spuštěný z: c:\documents and settings\Stanicka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Stanicka\Plocha\CFscript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\program files\RngInterstitial.dll"
"c:\windows\dhvp.exe"
"c:\windows\system32\dh.exe"
"c:\windows\system32\ms.exe"
"c:\windows\system32\msd.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\RngInterstitial.dll
c:\windows\dhvp.exe
c:\windows\system32\msd.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gusvc

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-03-09 16:52 . 2008-02-08 08:25 -------- d-----w- c:\program files\Eset
2010-01-26 10:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-26 10:09 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-26 10:09 . 2010-01-26 10:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 08:55 . 2010-01-26 08:55 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 19:13 . 2001-10-25 12:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2009-11-26 19:13 . 2001-10-25 12:00 441086 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiSPower"="SiSPower.dll" [2006-05-05 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-16 917504]
"WinampAgent"="d:\program files\Winamp\Winampa.exe" [2001-03-03 7680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-3-4 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"d:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.3.2007 18:20 639224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4.6.2009 17:52 233472]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [20.12.2008 18:48 222456]
S2 TDMgrSvc32;Turbo Debugger SVC Manager;"c:\windows\system32\PwrMgr32.exe" --> c:\windows\system32\PwrMgr32.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4.6.2009 17:52 36608]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Stanicka\Data aplikací\Mozilla\Firefox\Profiles\dvopv3wv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59757&p=
FF - plugin: c:\documents and settings\Stanicka\Plocha\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 15:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x853DB1D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf785bfc3
\Driver\ACPI -> ACPI.sys @ 0xf76dfcb8
\Driver\atapi -> 0x853db1d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: SiS 900 PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf757faf9
PacketIndicateHandler -> NDIS.sys @ 0xf758ab21
SendHandler -> NDIS.sys @ 0xf757f938
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Celkový čas: 2010-01-30 15:29:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-30 14:29
ComboFix2.txt 2010-01-27 15:02

Před spuštěním: Volných bajtů: 13 108 711 424
Po spuštění: Volných bajtů: 13 076 107 264

- - End Of File - - E37DBFAD55183A38BA6CBDBD07734EB2

#23 Příspěvek od **cernohous13** » 30 led 2010 16:40

Vypnout driver sptd.sys takto:
stáhni http://jpshortstuff.247fixes.com/beta/Defogger.exe
spusť - klik "Disable" - potvrď hlášku "Continue" - dej sem log který se vytvoří - samozřejmě nech restartovat PC

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe ulož ho na plochu
klik Start -> Spustit... - do okna zkopíruj celý červený příkaz
"%userprofile%\plocha\mbr" -t -> OK
na ploše vznikne mbr.log - jeho obsah sem zkopíruj

Napiš jak se chová PC - ještě nějaké problémy?

mrkva_os · #24 Příspěvek od **mrkva_os** » 31 led 2010 10:12

deffoger nevytvoril zadny log...

mrkva_os · #25 Příspěvek od **mrkva_os** » 31 led 2010 10:19

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

#26 Příspěvek od **cernohous13** » 31 led 2010 11:02

teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

pak použij

Stáhni z mého podpisu T-cleaner - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - odkaz v mém podpisu.
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Obnova systému" - 1.řádek zachovej, ostatní "Odstranit"
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Dej mi pro kontrolu aktuální RSIT

Popiš práci PC - ještě nějaké problémy?

mrkva_os · #27 Příspěvek od **mrkva_os** » 02 úno 2010 10:25

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stanicka at 2010-02-02 10:27:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (64%) free of 20 GB
Total RAM: 479 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:26, on 2.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Stanicka\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Stanicka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "d:\Program Files\Winamp\Winampa.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Turbo Debugger SVC Manager (TDMgrSvc32) - Unknown owner - C:\WINDOWS\system32\PwrMgr32.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Stanicka/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 5186 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-05-19 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2008-05-19 757760]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SiSPower"=SiSPower.dll,ModeAgent []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-16 917504]
"WinampAgent"=d:\Program Files\Winamp\Winampa.exe [2001-03-03 7680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\W [2010-01-17 74]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-09 17:52:18 ----D---- C:\Program Files\Eset
2010-02-02 10:27:20 ----D---- C:\rsit
2010-02-02 10:17:10 ----SHD---- C:\RECYCLER
2010-01-30 15:29:19 ----D---- C:\WINDOWS\temp
2010-01-27 08:35:29 ----A---- C:\Boot.bak
2010-01-27 08:35:25 ----RASHD---- C:\cmdcons
2010-01-26 11:09:43 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\Malwarebytes
2010-01-26 11:09:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-26 11:09:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-17 14:07:20 ----A---- C:\WINDOWS\pothead.txt

======List of files/folders modified in the last 1 months======

2010-02-02 10:25:29 ----D---- C:\WINDOWS\Prefetch
2010-02-02 10:21:00 ----D---- C:\WINDOWS
2010-02-02 10:19:00 ----D---- C:\Program Files\Mozilla Firefox
2010-02-02 10:18:34 ----SHD---- C:\System Volume Information
2010-02-02 10:18:34 ----D---- C:\WINDOWS\system32\Restore
2010-02-02 10:17:21 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-02 10:17:09 ----D---- C:\WINDOWS\system32
2010-01-30 15:28:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-30 15:26:18 ----A---- C:\WINDOWS\system.ini
2010-01-30 15:25:50 ----D---- C:\WINDOWS\system32\drivers
2010-01-30 15:23:00 ----D---- C:\WINDOWS\AppPatch
2010-01-30 15:22:56 ----D---- C:\Program Files\Common Files
2010-01-30 15:13:49 ----SHD---- C:\WINDOWS\CSC
2010-01-30 15:07:39 ----D---- C:\WINDOWS\system32\config
2010-01-30 15:06:13 ----RD---- C:\Program Files
2010-01-28 13:25:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-28 13:25:49 ----RD---- C:\WINDOWS\Web
2010-01-28 13:25:44 ----D---- C:\WINDOWS\SHELLNEW
2010-01-27 16:06:24 ----A---- C:\WINDOWS\wincmd.ini
2010-01-27 15:54:33 ----SD---- C:\WINDOWS\Tasks
2010-01-27 08:47:55 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\uTorrent
2010-01-27 08:35:29 ----RASH---- C:\boot.ini
2010-01-26 16:28:54 ----D---- C:\WINDOWS\Registration
2010-01-26 09:37:33 ----D---- C:\Documents and Settings\Stanicka\Data aplikací\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-05-05 12288]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-05-08 254976]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-03-09 639224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-08-19 54784]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-12 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-16 495616]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 TDMgrSvc32;Turbo Debugger SVC Manager; C:\WINDOWS\system32\PwrMgr32.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

mrkva_os · #28 Příspěvek od **mrkva_os** » 02 úno 2010 10:30

Okna se otviraji relativne normalne, internet bezi v ramci moznosti.
Zatim zadny dalsi problem nenastal, Tvuj postup sel relativne v pohode.
Jestli ej to vse tak mockrate dekuji za Tvuj cas

#29 Příspěvek od **cernohous13** » 02 úno 2010 10:38

Zkontroluj ještě systémový čas a datum

2010-03-09 17:52:18 ----D---- C:\Program Files\Eset

Jinak tam snad už nic škodlivého není.

Nemáš zač - rádo se stalo a jsme tady i příště Obrázek

VIRY.CZ

Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT

Re: Preventivní kontrola logu z RSIT