VIRY.CZ

Dobrý den,

FW Zone Alarm zachytil cizí aplikace pokoušející se o přístup na internet. Použil jsem eset online scanner a potom AVG9 našli různou havěť trojany a viry. Vše co našli jsem odstranil. Programem a-sguared HiJackFree jsem odstrelil podezřele procesy a zakázal spuštění službám viz..

C:\DOCUME~1\root\LOCALS~1\Temp\VKVCIVFAT.exe
C:\DOCUME~1\root\LOCALS~1\Temp\BWIMPS.exe []
C:\DOCUME~1\root\LOCALS~1\Temp\CJTDEO.exe []
C:\DOCUME~1\root\LOCALS~1\Temp\IOXKV.exe []

V strtup files je konfigurační wininit.ini, který obsahuje další odkaz na havět exe soubor C:\DOCUME~1\root\LOCALS~1\Temp\utildel.exe

Pravděpodobně bude v pc nějaký rootkit.

Aktulální problémy:
------------------

Při restartu PC zatuhne.
Nelze přepnout do režimu hybernace.

log z Ristu
----------------------------------------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-04-19 19:23:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (22%) free of 30 GB
Total RAM: 1535 MB (61% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-19 1615200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-12-10 49152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-19 2064736]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\hddhealth.exe -wl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2006-04-20 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-03-27 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^root^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
H:\MY_WORD\SONY\SONY_P~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServiceZMVS"=3
"OracleOraHome81TNSListener"=3
"OracleOraHome81PagingServer"=3
"OracleOraHome81HTTPServer"=3
"OracleOraHome81DataGatherer"=3
"OracleOraHome81CMan"=3
"OracleOraHome81CMAdmin"=3
"OracleOraHome81ClientCache"=3
"OracleOraHome81Agent"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-22 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-15 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.100.4#psion]
shell\Auto\command - RECYCLER\usbdriver.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c579675-6f5a-11dd-82e7-0018de161019}]
shell\AutoRun\command - H:\wd_windows_tools\WDSetup.exe

======List of files/folders created in the last 1 months======

2010-04-18 23:40:12 ----D---- C:\rsit
2010-04-18 23:40:12 ----D---- C:\Program Files\trend micro
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.ini
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.exe
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.dll
2010-04-15 23:57:13 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2010-04-15 18:12:06 ----D---- C:\Program Files\VS Revo Group
2010-04-15 17:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 17:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 17:44:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-04-15 17:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 17:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:13:00 ----D---- C:\WINDOWS\CSC
2010-04-14 00:12:49 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-13 22:24:31 ----HD---- C:\$AVG
2010-04-13 22:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-04-06 22:40:31 ----D---- C:\Documents and Settings\root\Data aplikací\Foxit

======List of files/folders modified in the last 1 months======

2010-04-19 19:22:42 ----D---- C:\WINDOWS\SMINST
2010-04-19 19:22:41 ----D---- C:\WINDOWS\Temp
2010-04-19 19:22:25 ----D---- C:\WINDOWS
2010-04-19 19:22:20 ----D---- C:\WINDOWS\system32
2010-04-19 19:20:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 19:19:43 ----D---- C:\WINDOWS\Prefetch
2010-04-19 19:19:07 ----D---- C:\WINDOWS\Internet Logs
2010-04-19 18:55:55 ----RD---- C:\Program Files
2010-04-19 18:50:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-19 18:46:52 ----HD---- C:\WINDOWS\inf
2010-04-19 18:46:52 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 18:46:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-19 18:46:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-19 00:01:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-15 22:34:57 ----SHD---- C:\System Volume Information
2010-04-15 20:05:17 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-15 19:44:53 ----D---- C:\temp
2010-04-15 19:15:14 ----SHD---- C:\WINDOWS\Installer
2010-04-15 19:15:12 ----SD---- C:\Documents and Settings\root\Data aplikací\Microsoft
2010-04-15 18:41:42 ----D---- C:\Program Files\Runtime Software
2010-04-15 18:38:18 ----D---- C:\Program Files\Common Files
2010-04-15 18:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2010-04-15 18:20:47 ----D---- C:\Program Files\Common Files\Real
2010-04-15 18:08:24 ----D---- C:\Program Files\AdVantage
2010-04-15 18:06:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-15 17:47:14 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 17:47:06 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-15 17:46:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 17:40:16 ----D---- C:\WINDOWS\ie8updates
2010-04-06 22:40:16 ----D---- C:\Program Files\Foxit Software
2010-04-06 22:39:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 22:38:22 ----D---- C:\SwSetup
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 17:57:20 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 06:47:32 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-15 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-19 242896]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-01-17 131456]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-01-17 32352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-22 2845696]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-16 57096]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-12-10 13056]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-12-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2010-04-18 68961]
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-22 512000]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 BWIMPS;BWIMPS; C:\DOCUME~1\root\LOCALS~1\Temp\BWIMPS.exe []
S4 CJTDEO;CJTDEO; C:\DOCUME~1\root\LOCALS~1\Temp\CJTDEO.exe []
S4 IOXKV;IOXKV; C:\DOCUME~1\root\LOCALS~1\Temp\IOXKV.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OBVCAJPHRR;OBVCAJPHRR; C:\DOCUME~1\root\LOCALS~1\Temp\OBVCAJPHRR.exe []
S4 OracleOraHome81Agent;OracleOraHome81Agent; C:\oracle\ora81\bin\dbsnmp.exe [2000-11-11 246332]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 411244]
S4 OracleOraHome81CMAdmin;OracleOraHome81CMAdmin; C:\oracle\ora81\BIN\CMADMIN.EXE [2000-10-19 172680]
S4 OracleOraHome81CMan;OracleOraHome81CMan; C:\oracle\ora81\BIN\CMGW.EXE [2000-10-19 179836]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer; C:\oracle\ora81\bin\vppdc.exe [2000-11-11 170724]
S4 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer; C:\oracle\ora81\Apache\Apache\Apache.exe [2000-11-09 3584]
S4 OracleOraHome81PagingServer;OracleOraHome81PagingServer; C:\oracle\ora81/bin/pagntsrv.exe [2009-04-10 52224]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener; C:\oracle\ora81\BIN\TNSLSNR []
S4 OracleServiceZMVS;OracleServiceZMVS; c:\oracle\ora81\bin\ORACLE.EXE [2000-11-05 14531344]
S4 VKVCIVFAT;VKVCIVFAT; C:\DOCUME~1\root\LOCALS~1\Temp\VKVCIVFAT.exe []

-----------------EOF-----------------

Prosím o pomoc.

Zdravím

Vložte prosím log z RSIT normálně do příspěvku.

Vložte do PC všechny flash disky, které používáte.

Obrázek

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

Spusťte, poté zvolte jazyk E - Enter
Zvolte 2 - Enter (je možný restart PC)
Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Zde jsou pozadované logy:

############################## | UsbFix V6.106 |

User : root (Users) # HP_8430NC
Update on 19/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:53:38 | 19.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Genuine Intel(R) CPU T2400 @ 1.83GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus plus Firewall 9.0 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]8.0.298.000

C:\ -> Místní pevný disk # 29,23 Go (6,29 Go free) # NTFS
D:\ -> Místní pevný disk # 6,83 Go (3,22 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Disk CD-ROM
G:\ -> Vyměnitelný disk # 3,72 Go (658,13 Mo free) [KINGSTON] # FAT32
H:\ -> Místní pevný disk # 10,06 Go (508,08 Mo free) # NTFS
J:\ -> Místní pevný disk # 465,76 Go (346,36 Go free) [FreeAgent Drive] # NTFS
W:\ -> Místní pevný disk
X:\ -> Místní pevný disk
Y:\ -> Místní pevný disk
Z:\ -> Místní pevný disk

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1454471165-113007714-839522115-500
Deleted ! C:\Recycler\S-1-5-21-3606960694-248800093-639664256-500
Deleted ! C:\Recycler\S-1-5-21-640939980-3651718724-398501144-1005
Deleted ! C:\Recycler\S-1-5-21-640939980-3651718724-398501144-1007
Deleted ! C:\Recycler\S-1-5-21-640939980-3651718724-398501144-1008
Deleted ! C:\Recycler\S-1-5-21-640939980-3651718724-398501144-500
Deleted ! D:\Recycler\S-1-5-21-640939980-3651718724-398501144-1005
Deleted ! D:\Recycler\S-1-5-21-640939980-3651718724-398501144-1007
(!) Not deleted ! G:\autorun.inf
Deleted ! G:\driver
Deleted ! H:\Recycler\S-1-5-21-640939980-3651718724-398501144-1005
Deleted ! H:\Recycler\S-1-5-21-640939980-3651718724-398501144-1007
J:\autorun.inf -> Called file : "J:\UNUCI/junaci.exe" ( Not Found ! )
J:\autorun.inf -> Called file : "J:\UNUCI/junaci.exe" ( Not Found ! )
Deleted ! J:\autorun.inf
Deleted ! J:\$Recycle.Bin\S-1-5-21-2077164581-632902740-196058165-2151
Deleted ! J:\Recycler\S-1-5-21-640939980-3651718724-398501144-1005
Deleted ! J:\Recycler\S-1-5-21-640939980-3651718724-398501144-1007

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{4c579675-6f5a-11dd-82e7-0018de161019}\Shell\AutoRun\Command

################## | Listing of the present files |

[26.04.2009 16:34|--ahs----|211] C:\boot.ini
[13.04.1999 01:12|--a------|512] C:\Boot32.w2k
[18.08.2004 10:00|-rahs----|4952] C:\Bootfont.bin
[05.10.1998 17:32|--a------|512] C:\bootsec
[07.04.1999 04:34|--a------|1536] C:\BOOTSEC.32
[?|?|?] C:\hiberfil.sys
[15.03.2010 00:16|--a------|98] C:\index.ini
[23.12.2007 20:41|-rahs----|0] C:\IO.SYS
[23.12.2007 20:41|-rahs----|0] C:\MSDOS.SYS
[18.08.2004 10:00|--ahs----|47564] C:\NTDETECT.COM
[01.10.2008 19:45|--ahs----|250576] C:\NTLDR
[?|?|?] C:\pagefile.sys
[19.04.2010 21:57|--a------|3104] C:\UsbFix.txt
[?|?|?] G:\AUTORUN.INF
[11.02.2010 10:41|--a------|140069482] G:\paragon_BR_setup_chip_full_x64.exe
[11.03.2010 17:44|--a------|1933] G:\exchange.txt
[20.01.2010 20:45|--a------|15] G:\s.txt
[19.04.2010 13:39|--a------|286] G:\chip_programy.txt
[08.12.2009 12:20|--a------|118123824] G:\avg_ipw_stf_all_90_707a1765.exe
[19.02.2010 09:38|--a------|2363103] G:\siw_setup_2010-02-10_master.exe
[19.01.2009 21:01|--a------|41] G:\pmp_usb.ini
[12.03.2010 20:15|--a------|336012] H:\SysInspector-HP_8430NC-100312-1909.zip
[11.02.2009 15:06|--a------|38622] J:\FreeAgentGoNext.ico
[17.01.2009 01:14|--a------|156312] J:\Setup.exe

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# J:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_HP_8430NC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.106 ! |

---------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-04-18.04 - root 19.04.2010 22:34:51.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.917 [GMT 2:00]
Spuštěný z: c:\documents and settings\root\Plocha\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\root\System
c:\documents and settings\root\System\win_qs8.jqx
c:\documents and settings\user\secupdat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-19 do 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 19:58 . 2010-04-19 19:58 2757 ----a-w- C:\UsbFix_Upload_Me_HP_8430NC.zip
2010-04-19 19:28 . 2010-04-19 19:58 -------- d-----w- C:\UsbFix
2010-04-18 21:40 . 2010-04-19 18:07 -------- d-----w- C:\rsit
2010-04-18 21:40 . 2010-04-19 17:23 -------- d-----w- c:\program files\trend micro
2010-04-15 16:12 . 2010-04-15 16:12 -------- d-----w- c:\program files\VS Revo Group
2010-04-15 15:44 . 2010-04-15 15:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 15:57 . 2010-04-14 15:57 -------- d-sh--w- c:\documents and settings\flok\IETldCache
2010-04-13 20:24 . 2010-04-15 16:53 -------- d-----w- C:\$AVG
2010-04-13 20:24 . 2010-04-19 16:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-13 20:24 . 2010-04-15 15:44 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-13 20:24 . 2010-04-15 15:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-13 20:24 . 2010-04-15 15:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-13 20:24 . 2010-04-19 16:09 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-29 16:25 . 2010-03-29 16:25 -------- d-sh--w- c:\documents and settings\user\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 20:30 . 2004-09-08 09:09 86124 ----a-w- c:\windows\system32\perfc005.dat
2010-04-19 20:30 . 2004-09-08 09:09 447788 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 16:44 . 2010-04-19 16:46 2018816 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-15 16:41 . 2010-03-01 22:47 -------- d-----w- c:\program files\Runtime Software
2010-04-15 16:20 . 2009-07-16 14:58 -------- d-----w- c:\program files\Common Files\Real
2010-04-15 16:08 . 2007-12-20 10:07 -------- d-----w- c:\program files\AdVantage
2010-04-13 19:43 . 2009-06-28 18:35 19850837 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-06 20:40 . 2008-01-15 20:17 -------- d-----w- c:\program files\Foxit Software
2010-04-06 20:39 . 2006-04-14 01:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 21:46 . 2010-03-14 21:46 -------- d-----w- c:\program files\a-squared HiJackFree
2010-03-14 11:21 . 2010-03-14 11:21 -------- d-----w- c:\program files\Panda USB Vaccine
2010-03-13 17:02 . 2010-03-13 17:02 -------- d-----w- c:\program files\ESET
2010-03-11 18:24 . 2010-03-11 18:26 1874944 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-03-10 06:17 . 2004-08-18 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 22:48 . 2010-03-01 22:48 -------- d-----w- c:\program files\CCleaner
2010-02-27 18:58 . 2010-02-27 18:57 -------- d-----w- c:\program files\Driver Sweeper
2010-02-25 06:18 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 08:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-18 08:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 05:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 08:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 08:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-4 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 15:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^root^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\root\Nabídka Start\Programy\Po spuštění\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 05:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-03-02 13:39 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-20 13:51 1187840 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-01-23 14:11 802816 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServiceZMVS"=3 (0x3)
"OracleOraHome81TNSListener"=3 (0x3)
"OracleOraHome81PagingServer"=3 (0x3)
"OracleOraHome81HTTPServer"=3 (0x3)
"OracleOraHome81DataGatherer"=3 (0x3)
"OracleOraHome81CMan"=3 (0x3)
"OracleOraHome81CMAdmin"=3 (0x3)
"OracleOraHome81ClientCache"=3 (0x3)
"OracleOraHome81Agent"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [13.4.2010 22:24 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23.12.2007 22:48 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23.12.2007 22:48 5248]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [25.9.2008 20:46 38448]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.4.2010 22:24 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.4.2010 22:24 242896]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [14.4.2006 3:14 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.6.2005 15:26 35968]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [12.1.2008 23:11 93440]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [26.3.2009 19:34 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [26.3.2009 19:34 13312]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-19 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-14 15:45]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://192.168.3.25/MP4DVR.cab
FF - ProfilePath - c:\documents and settings\root\Data aplikací\Mozilla\Firefox\Profiles\jt5xwzif.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJPI142_16.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-HDDHealth - c:\program files\HDD Health\hddhealth.exe
AddRemove-Might and Magic® VI - j:\dragon_age\MM6\Uninst.isu
AddRemove-TmNationsForever_is1 - j:\dragon_age\TmNationsForever\unins000.exe
AddRemove-VLC media player - h:\my_word\VLC\uninstall.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????P??????(?@???????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81PagingServer]
"ImagePath"="c:\oracle\ora81/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="c:\oracle\ora81\BIN\TNSLSNR "
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-19 22:39:18
ComboFix-quarantined-files.txt 2010-04-19 20:39

Před spuštěním: 6 641 057 792
Po spuštění: 6 641 471 488

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D2B0A163C1CDEDB6718CB0CC275277E5

Poprosím o nový log z RSIT.

Přidávám duhý log z ristu

Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-04-20 17:08:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (21%) free of 30 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:09, on 20.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Plocha\RSIT.exe
C:\Program Files\trend micro\root.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://192.168.3.25/MP4DVR.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6671 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-19 1615200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-12-10 49152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2006-04-20 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-03-27 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^root^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
H:\MY_WORD\SONY\SONY_P~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServiceZMVS"=3
"OracleOraHome81TNSListener"=3
"OracleOraHome81PagingServer"=3
"OracleOraHome81HTTPServer"=3
"OracleOraHome81DataGatherer"=3
"OracleOraHome81CMan"=3
"OracleOraHome81CMAdmin"=3
"OracleOraHome81ClientCache"=3
"OracleOraHome81Agent"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-22 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-15 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-20 17:06:31 ----D---- C:\WINDOWS\LastGood
2010-04-20 17:06:07 ----D---- C:\ss
2010-04-19 23:06:44 ----SHD---- C:\RECYCLER
2010-04-19 22:39:20 ----D---- C:\WINDOWS\temp
2010-04-19 22:39:19 ----A---- C:\ComboFix.txt
2010-04-19 22:32:36 ----A---- C:\Boot.bak
2010-04-19 22:32:32 ----RASHD---- C:\cmdcons
2010-04-19 22:31:35 ----D---- C:\ComboFix
2010-04-19 22:24:02 ----A---- C:\WINDOWS\zip.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWSC.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWREG.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\sed.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\PEV.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\MBR.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\grep.exe
2010-04-19 22:23:56 ----D---- C:\WINDOWS\ERDNT
2010-04-19 22:09:42 ----D---- C:\Qoobox
2010-04-19 21:57:35 ----RAD---- C:\autorun.inf
2010-04-19 21:53:36 ----A---- C:\UsbFix.txt
2010-04-19 21:28:14 ----D---- C:\UsbFix
2010-04-18 23:40:12 ----D---- C:\rsit
2010-04-18 23:40:12 ----D---- C:\Program Files\trend micro
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.ini
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.exe
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.dll
2010-04-15 23:57:13 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2010-04-15 18:12:06 ----D---- C:\Program Files\VS Revo Group
2010-04-15 17:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 17:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 17:44:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-04-15 17:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 17:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:13:00 ----D---- C:\WINDOWS\CSC
2010-04-14 00:12:49 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-13 22:24:31 ----D---- C:\$AVG
2010-04-13 22:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-04-06 22:40:31 ----D---- C:\Documents and Settings\root\Data aplikací\Foxit

======List of files/folders modified in the last 1 months======

2010-04-20 17:07:44 ----D---- C:\WINDOWS\Internet Logs
2010-04-20 17:06:34 ----D---- C:\WINDOWS\system32
2010-04-20 17:06:33 ----HD---- C:\WINDOWS\inf
2010-04-20 17:06:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 17:06:31 ----D---- C:\WINDOWS
2010-04-20 16:58:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-20 16:54:17 ----D---- C:\WINDOWS\SMINST
2010-04-19 22:38:21 ----A---- C:\WINDOWS\system.ini
2010-04-19 22:36:37 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 22:36:37 ----D---- C:\WINDOWS\AppPatch
2010-04-19 22:36:35 ----D---- C:\Program Files\Common Files
2010-04-19 22:32:36 ----RASH---- C:\boot.ini
2010-04-19 22:31:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-19 22:24:01 ----SHD---- C:\System Volume Information
2010-04-19 22:24:01 ----D---- C:\WINDOWS\system32\Restore
2010-04-19 21:28:56 ----D---- C:\WINDOWS\Prefetch
2010-04-19 18:55:55 ----RD---- C:\Program Files
2010-04-19 18:46:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-19 00:01:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-15 20:05:17 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-15 19:44:53 ----D---- C:\temp
2010-04-15 19:15:14 ----SHD---- C:\WINDOWS\Installer
2010-04-15 19:15:12 ----SD---- C:\Documents and Settings\root\Data aplikací\Microsoft
2010-04-15 18:41:42 ----D---- C:\Program Files\Runtime Software
2010-04-15 18:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2010-04-15 18:20:47 ----D---- C:\Program Files\Common Files\Real
2010-04-15 18:08:24 ----D---- C:\Program Files\AdVantage
2010-04-15 18:06:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-15 17:47:14 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 17:47:06 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-15 17:46:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 17:40:16 ----D---- C:\WINDOWS\ie8updates
2010-04-06 22:40:16 ----D---- C:\Program Files\Foxit Software
2010-04-06 22:39:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 22:38:22 ----D---- C:\SwSetup
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 17:57:20 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 06:47:32 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-15 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-19 242896]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-01-17 131456]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-01-17 32352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-22 2845696]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-16 57096]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-12-10 13056]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-12-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
S3 catchme;catchme; \??\C:\DOCUME~1\root\LOCALS~1\Temp\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-22 512000]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 BWIMPS;BWIMPS; C:\DOCUME~1\root\LOCALS~1\Temp\BWIMPS.exe []
S4 IOXKV;IOXKV; C:\DOCUME~1\root\LOCALS~1\Temp\IOXKV.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OBVCAJPHRR;OBVCAJPHRR; C:\DOCUME~1\root\LOCALS~1\Temp\OBVCAJPHRR.exe []
S4 OracleOraHome81Agent;OracleOraHome81Agent; C:\oracle\ora81\bin\dbsnmp.exe [2000-11-11 246332]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 411244]
S4 OracleOraHome81CMAdmin;OracleOraHome81CMAdmin; C:\oracle\ora81\BIN\CMADMIN.EXE [2000-10-19 172680]
S4 OracleOraHome81CMan;OracleOraHome81CMan; C:\oracle\ora81\BIN\CMGW.EXE [2000-10-19 179836]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer; C:\oracle\ora81\bin\vppdc.exe [2000-11-11 170724]
S4 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer; C:\oracle\ora81\Apache\Apache\Apache.exe [2000-11-09 3584]
S4 OracleOraHome81PagingServer;OracleOraHome81PagingServer; C:\oracle\ora81/bin/pagntsrv.exe [2009-04-10 52224]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener; C:\oracle\ora81\BIN\TNSLSNR []
S4 OracleServiceZMVS;OracleServiceZMVS; c:\oracle\ora81\bin\ORACLE.EXE [2000-11-05 14531344]
S4 VKVCIVFAT;VKVCIVFAT; C:\DOCUME~1\root\LOCALS~1\Temp\VKVCIVFAT.exe []

-----------------EOF-----------------

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
C:\DOCUME~1\root\LOCALS~1\Temp\VKVCIVFAT.exe
C:\DOCUME~1\root\LOCALS~1\Temp\BWIMPS.exe
C:\DOCUME~1\root\LOCALS~1\Temp\OBVCAJPHRR.exe
C:\DOCUME~1\root\LOCALS~1\Temp\IOXKV.exe

Driver::
OBVCAJPHRR
BWIMPS
VKVCIVFAT
IOXKV 

RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Log po aplikaci CFScriptu
----------------------------------------------------------------
ComboFix 10-04-18.04 - root 20.04.2010 18:22:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1004 [GMT 2:00]
Spuštěný z: c:\documents and settings\root\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\root\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\root\LOCALS~1\Temp\BWIMPS.exe"
"c:\docume~1\root\LOCALS~1\Temp\IOXKV.exe"
"c:\docume~1\root\LOCALS~1\Temp\OBVCAJPHRR.exe"
"c:\docume~1\root\LOCALS~1\Temp\VKVCIVFAT.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BWIMPS
-------\Legacy_IOXKV
-------\Legacy_OBVCAJPHRR
-------\Legacy_VKVCIVFAT
-------\Service_BWIMPS
-------\Service_IOXKV
-------\Service_OBVCAJPHRR
-------\Service_VKVCIVFAT

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-20 do 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-19 19:58 . 2010-04-19 19:58 2757 ----a-w- C:\UsbFix_Upload_Me_HP_8430NC.zip
2010-04-19 19:28 . 2010-04-19 19:58 -------- d-----w- C:\UsbFix
2010-04-18 21:40 . 2010-04-20 15:08 -------- d-----w- c:\program files\trend micro
2010-04-18 21:40 . 2010-04-19 18:07 -------- d-----w- C:\rsit
2010-04-15 16:12 . 2010-04-15 16:12 -------- d-----w- c:\program files\VS Revo Group
2010-04-15 15:44 . 2010-04-15 15:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 15:57 . 2010-04-14 15:57 -------- d-sh--w- c:\documents and settings\flok\IETldCache
2010-04-13 20:24 . 2010-04-15 16:53 -------- d-----w- C:\$AVG
2010-04-13 20:24 . 2010-04-19 16:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-13 20:24 . 2010-04-15 15:44 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-13 20:24 . 2010-04-15 15:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-13 20:24 . 2010-04-15 15:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-13 20:24 . 2010-04-20 14:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-29 16:25 . 2010-03-29 16:25 -------- d-sh--w- c:\documents and settings\user\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 14:58 . 2004-09-08 09:09 86124 ----a-w- c:\windows\system32\perfc005.dat
2010-04-20 14:58 . 2004-09-08 09:09 447788 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 16:44 . 2010-04-19 16:46 2018816 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-04-15 16:41 . 2010-03-01 22:47 -------- d-----w- c:\program files\Runtime Software
2010-04-15 16:20 . 2009-07-16 14:58 -------- d-----w- c:\program files\Common Files\Real
2010-04-15 16:08 . 2007-12-20 10:07 -------- d-----w- c:\program files\AdVantage
2010-04-13 19:43 . 2009-06-28 18:35 19850837 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-06 20:40 . 2008-01-15 20:17 -------- d-----w- c:\program files\Foxit Software
2010-04-06 20:39 . 2006-04-14 01:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 21:46 . 2010-03-14 21:46 -------- d-----w- c:\program files\a-squared HiJackFree
2010-03-14 11:21 . 2010-03-14 11:21 -------- d-----w- c:\program files\Panda USB Vaccine
2010-03-13 17:02 . 2010-03-13 17:02 -------- d-----w- c:\program files\ESET
2010-03-11 18:24 . 2010-03-11 18:26 1874944 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-03-10 06:17 . 2004-08-18 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 22:48 . 2010-03-01 22:48 -------- d-----w- c:\program files\CCleaner
2010-02-27 18:58 . 2010-02-27 18:57 -------- d-----w- c:\program files\Driver Sweeper
2010-02-25 06:18 . 2004-08-18 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2004-08-18 08:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-18 08:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 05:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 08:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 08:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-4 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 15:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^root^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\root\Nabídka Start\Programy\Po spuštění\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 05:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-03-02 13:39 131072 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-20 13:51 1187840 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-01-23 14:11 802816 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServiceZMVS"=3 (0x3)
"OracleOraHome81TNSListener"=3 (0x3)
"OracleOraHome81PagingServer"=3 (0x3)
"OracleOraHome81HTTPServer"=3 (0x3)
"OracleOraHome81DataGatherer"=3 (0x3)
"OracleOraHome81CMan"=3 (0x3)
"OracleOraHome81CMAdmin"=3 (0x3)
"OracleOraHome81ClientCache"=3 (0x3)
"OracleOraHome81Agent"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [13.4.2010 22:24 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23.12.2007 22:48 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23.12.2007 22:48 5248]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [25.9.2008 20:46 38448]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.4.2010 22:24 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.4.2010 22:24 242896]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.4.2010 17:44 308064]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [14.4.2006 3:14 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.6.2005 15:26 35968]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [12.1.2008 23:11 93440]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [26.3.2009 19:34 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [26.3.2009 19:34 13312]
S4 OracleOraHome81Agent;OracleOraHome81Agent;c:\oracle\ora81\bin\dbsnmp.exe [11.11.2000 23:48 246332]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\oracle\ora81\bin\ONRSD.EXE [19.10.2000 11:55 411244]
S4 OracleOraHome81CMAdmin;OracleOraHome81CMAdmin;c:\oracle\ora81\bin\CMADMIN.EXE [19.10.2000 11:17 172680]
S4 OracleOraHome81CMan;OracleOraHome81CMan;c:\oracle\ora81\bin\CMGW.EXE [19.10.2000 11:18 179836]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;c:\oracle\ora81\bin\vppdc.exe [11.11.2000 23:48 170724]
S4 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer;c:\oracle\ora81\Apache\Apache\Apache.exe [9.11.2000 9:12 3584]
S4 OracleOraHome81PagingServer;OracleOraHome81PagingServer;c:\oracle\ora81\bin\pagntsrv.exe [10.4.2009 8:40 52224]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener;c:\oracle\ora81\BIN\TNSLSNR --> c:\oracle\ora81\BIN\TNSLSNR [?]
S4 OracleServiceZMVS;OracleServiceZMVS;c:\oracle\ora81\bin\ORACLE.EXE ZMVS --> c:\oracle\ora81\bin\ORACLE.EXE ZMVS [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-20 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-14 15:45]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://192.168.3.25/MP4DVR.cab
FF - ProfilePath - c:\documents and settings\root\Data aplikací\Mozilla\Firefox\Profiles\jt5xwzif.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJPI142_16.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 18:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????P??????(?@???????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81PagingServer]
"ImagePath"="c:\oracle\ora81/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="c:\oracle\ora81\BIN\TNSLSNR "
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3840)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\AGRSMMSG.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-04-20 18:34:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-20 16:34
ComboFix2.txt 2010-04-19 20:39

Před spuštěním: 6 639 046 656
Po spuštění: 6 549 405 696

- - End Of File - - 2F5060D5D05E3FF79025FB158E902EB6

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Dobrý den, přidávám požadované logy. Gmer běžel přes noc.

Poznámka k SPTD uváděl jste, že mám zvolit volbu uninstall. Software po spuštění nabízel pouze instalaci. (Nenalez předchozí verzi) Mam ho tedy nainstalovat?
Provedl jsem instalaci a po restartu odinstalaci.
Je to správně?

Ostatní body splněny dle zadání.

MBR log
------------------
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK

Gmer log
--------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-21 07:39:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\root\LOCALS~1\Temp\kwlcrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA0C60FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA0C5DC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA0C78170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA0C61580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA0C75900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA0C75B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA0C79B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA0C61670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA0C5E210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA0C789F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA0C787A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA0C75280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA0C78F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA0C78F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA0C5E070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA0C77180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA0C76F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA0C796F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA0C79150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA0C60BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA0C79540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA0C61190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA0C5E440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA0C784E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA0C76200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA0C76080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [80, 15, C6, A0, 00, 59, C7, ...] {ADC BYTE [0x5900a0c6], 0xc7; MOV AL, [0xa0c75b10]}
? srescan.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB84F0000, 0x17C940, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xAD253EBF]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00418ED0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00418F40 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00418DC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00418D10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00418E90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00418D50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00418E00 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00418D80 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00418E40 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[784] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00418CD0 C:\WINDOWS\SMINST\Scheduler.exe

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A0C63E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A0C63E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A0C63E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A0C63E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A0C65B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A0C63E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A0C66260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A0C65930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [61A54AD0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [61A54B20] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [61A54AE0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [61A5C7E0] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [61A52910] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Check Point Software Technologies LTD)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] [7C8841F8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[164] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8841E9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

SPTD jste provedl správně. Jak to vypadá s PC

PC vypadá stablině vše funguje.

Děkuji Vám, dobrá práce!

PS: Máte nějaké doporučení k vylepšení zabezpečení mého PC?

Jiný FW, AV, ochrana USB (Panda USB Vaccine zřejmě není dostatečný).

Osobně doporučuji Aviru nebo Avast + ZoneAlarm. V případě placeného řešení Norton Internet Security nebo Kaspersky Internet Security.

Obrázek

Poprosím o nový log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-04-21 19:01:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (20%) free of 30 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:12, on 21.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Documents and Settings\user\Plocha\RSIT.exe
C:\Program Files\trend micro\root.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-640939980-3651718724-398501144-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'user')
O4 - HKUS\S-1-5-21-640939980-3651718724-398501144-1007\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'user')
O4 - HKUS\S-1-5-21-640939980-3651718724-398501144-1007\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe (User 'user')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_16\bin\npjpi142_16.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://192.168.3.25/MP4DVR.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6495 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-19 1615200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-10 761945]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-12-10 49152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-30 88203]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-02 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2006-01-23 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [2006-04-20 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-03-27 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^root^Nabídka Start^Programy^Po spuštění^Picture Motion Browser Media Check Tool.lnk]
H:\MY_WORD\SONY\SONY_P~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleServiceZMVS"=3
"OracleOraHome81TNSListener"=3
"OracleOraHome81PagingServer"=3
"OracleOraHome81HTTPServer"=3
"OracleOraHome81DataGatherer"=3
"OracleOraHome81CMan"=3
"OracleOraHome81CMAdmin"=3
"OracleOraHome81ClientCache"=3
"OracleOraHome81Agent"=3

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-22 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-04-15 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-21 16:35:45 ----SHD---- C:\RECYCLER
2010-04-20 19:21:36 ----D---- C:\WINDOWS\Minidump
2010-04-20 18:34:40 ----A---- C:\ComboFix.txt
2010-04-20 18:27:04 ----D---- C:\WINDOWS\temp
2010-04-20 18:21:20 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-19 22:32:36 ----A---- C:\Boot.bak
2010-04-19 22:32:32 ----RASHD---- C:\cmdcons
2010-04-19 22:24:02 ----A---- C:\WINDOWS\zip.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWSC.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\SWREG.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\sed.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\PEV.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\MBR.exe
2010-04-19 22:24:02 ----A---- C:\WINDOWS\grep.exe
2010-04-19 22:23:56 ----D---- C:\WINDOWS\ERDNT
2010-04-19 22:09:42 ----D---- C:\Qoobox
2010-04-19 21:57:35 ----RAD---- C:\autorun.inf
2010-04-19 21:53:36 ----A---- C:\UsbFix.txt
2010-04-19 21:28:14 ----D---- C:\UsbFix
2010-04-18 23:40:12 ----D---- C:\rsit
2010-04-18 23:40:12 ----D---- C:\Program Files\trend micro
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.ini
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.exe
2010-04-18 22:26:15 ----A---- C:\WINDOWS\gmer.dll
2010-04-15 23:57:13 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2010-04-15 18:12:06 ----D---- C:\Program Files\VS Revo Group
2010-04-15 17:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 17:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 17:44:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-04-15 17:40:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 17:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 00:13:00 ----D---- C:\WINDOWS\CSC
2010-04-14 00:12:49 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-13 22:24:31 ----D---- C:\$AVG
2010-04-13 22:23:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-04-06 22:40:31 ----D---- C:\Documents and Settings\root\Data aplikací\Foxit

======List of files/folders modified in the last 1 months======

2010-04-21 19:01:13 ----D---- C:\WINDOWS\Prefetch
2010-04-21 18:18:02 ----D---- C:\WINDOWS\Internet Logs
2010-04-21 18:04:09 ----D---- C:\WINDOWS\system32
2010-04-21 18:04:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-21 17:58:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-21 16:18:18 ----D---- C:\WINDOWS\SMINST
2010-04-20 20:51:05 ----D---- C:\WINDOWS\system32\drivers
2010-04-20 19:21:36 ----D---- C:\WINDOWS
2010-04-20 19:11:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-20 19:01:52 ----SHD---- C:\WINDOWS\Installer
2010-04-20 19:01:50 ----HD---- C:\WINDOWS\inf
2010-04-20 19:01:47 ----RD---- C:\Program Files
2010-04-20 19:01:25 ----D---- C:\Program Files\Driver Sweeper
2010-04-20 18:30:10 ----A---- C:\WINDOWS\system.ini
2010-04-20 18:27:18 ----D---- C:\WINDOWS\system32\config
2010-04-20 18:25:55 ----D---- C:\WINDOWS\AppPatch
2010-04-20 18:25:54 ----D---- C:\Program Files\Common Files
2010-04-19 22:32:36 ----RASH---- C:\boot.ini
2010-04-19 22:24:01 ----SHD---- C:\System Volume Information
2010-04-19 22:24:01 ----D---- C:\WINDOWS\system32\Restore
2010-04-19 18:46:52 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-19 00:01:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-15 20:05:17 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-15 19:44:53 ----D---- C:\temp
2010-04-15 19:15:12 ----SD---- C:\Documents and Settings\root\Data aplikací\Microsoft
2010-04-15 18:41:42 ----D---- C:\Program Files\Runtime Software
2010-04-15 18:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\BioWare
2010-04-15 18:20:47 ----D---- C:\Program Files\Common Files\Real
2010-04-15 18:08:24 ----D---- C:\Program Files\AdVantage
2010-04-15 18:06:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-15 17:47:14 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 17:47:06 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-15 17:46:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 17:40:16 ----D---- C:\WINDOWS\ie8updates
2010-04-06 22:40:16 ----D---- C:\Program Files\Foxit Software
2010-04-06 22:39:27 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 22:38:22 ----D---- C:\SwSetup
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 17:57:20 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 06:47:32 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-04-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-04-15 29512]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-04-19 242896]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-01-17 131456]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-01-17 32352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-30 1120352]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-22 2845696]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-10 130048]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-16 57096]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-12-10 13056]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-12-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-10 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-22 512000]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-04-15 308064]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-04-20 1520688]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-01-10 98304]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OracleOraHome81Agent;OracleOraHome81Agent; C:\oracle\ora81\bin\dbsnmp.exe [2000-11-11 246332]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 411244]
S4 OracleOraHome81CMAdmin;OracleOraHome81CMAdmin; C:\oracle\ora81\BIN\CMADMIN.EXE [2000-10-19 172680]
S4 OracleOraHome81CMan;OracleOraHome81CMan; C:\oracle\ora81\BIN\CMGW.EXE [2000-10-19 179836]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer; C:\oracle\ora81\bin\vppdc.exe [2000-11-11 170724]
S4 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer; C:\oracle\ora81\Apache\Apache\Apache.exe [2000-11-09 3584]
S4 OracleOraHome81PagingServer;OracleOraHome81PagingServer; C:\oracle\ora81/bin/pagntsrv.exe [2009-04-10 52224]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener; C:\oracle\ora81\BIN\TNSLSNR []
S4 OracleServiceZMVS;OracleServiceZMVS; c:\oracle\ora81\bin\ORACLE.EXE [2000-11-05 14531344]

-----------------EOF-----------------

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

VIRY.CZ

Podezření na rootkity

Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity

Re: Podezření na rootkity