VIRY.CZ

Logfile of random's system information tool 1.07 (written by random/random)
Run by Zbyněk at 2010-06-01 10:55:52
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 447 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:12, on 1.6.2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SmartClock\SmartClock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zbyněk\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Zbyněk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SmartClock] C:\Program Files\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6517 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2002-12-05 844828]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-01-11 143360]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2003-10-26 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-11-14 33792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartClock"=C:\Program Files\SmartClock\SmartClock.exe [2003-04-26 880128]
"SIDEBAR"=C:\Program Files\Desktop Sidebar\dsidebar.exe [2006-07-09 1777664]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Zbyněk\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-06-01 10:55:52 ----D---- C:\rsit
2010-06-01 10:30:45 ----D---- C:\WINDOWS\temp
2010-06-01 10:30:39 ----A---- C:\ComboFix.txt
2010-06-01 09:52:30 ----A---- C:\WINDOWS\MBR.exe
2010-06-01 09:52:25 ----A---- C:\WINDOWS\PEV.exe
2010-06-01 09:46:01 ----A---- C:\WINDOWS\System32\CF3532.exe
2010-05-18 15:03:47 ----D---- C:\Documents and Settings\Zbyněk\Data aplikací\GRETECH
2010-05-18 15:03:06 ----D---- C:\Program Files\GRETECH
2010-05-06 18:53:02 ----D---- C:\Program Files\ICQ7.1

======List of files/folders modified in the last 1 months======

2010-06-01 10:56:12 ----D---- C:\Program Files\Trend Micro
2010-06-01 10:30:45 ----D---- C:\WINDOWS
2010-06-01 10:30:28 ----D---- C:\QooBox
2010-06-01 10:29:37 ----D---- C:\WINDOWS\Prefetch
2010-06-01 10:27:48 ----D---- C:\WINDOWS\erdnt
2010-06-01 10:27:42 ----D---- C:\WINDOWS\System32\CatRoot2
2010-06-01 10:26:16 ----D---- C:\Documents and Settings\Zbyněk\Data aplikací\Desktop Sidebar
2010-06-01 10:25:56 ----A---- C:\WINDOWS\system.ini
2010-06-01 10:24:55 ----D---- C:\WINDOWS\Debug
2010-06-01 10:24:30 ----D---- C:\WINDOWS\System32\drivers
2010-06-01 10:12:29 ----D---- C:\WINDOWS\system32
2010-06-01 10:12:21 ----RSHDC---- C:\WINDOWS\System32\dllcache
2010-06-01 10:12:08 ----RD---- C:\Program Files
2010-06-01 10:09:03 ----D---- C:\WINDOWS\AppPatch
2010-06-01 10:09:01 ----D---- C:\Program Files\Common Files
2010-06-01 09:52:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-01 09:38:33 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-06-01 09:11:05 ----HD---- C:\WINDOWS\inf
2010-06-01 09:11:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-01 09:11:04 ----D---- C:\WINDOWS\Help
2010-05-31 15:08:38 ----A---- C:\WINDOWS\wincmd.ini
2010-05-28 13:09:57 ----A---- C:\WINDOWS\winamp.ini
2010-05-25 18:07:31 ----D---- C:\Documents and Settings\Zbyněk\Data aplikací\ICQ
2010-05-18 15:28:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-18 15:27:27 ----D---- C:\Program Files\JetMailMonitor
2010-05-18 15:26:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-18 15:26:46 ----D---- C:\Documents and Settings\Zbyněk\Data aplikací\COWON
2010-05-16 17:05:52 ----AC---- C:\WINDOWS\cdplayer.ini
2010-05-14 09:33:02 ----D---- C:\Documents and Settings\Zbyněk\Data aplikací\MyPhoneExplorer
2010-05-06 11:07:04 ----AC---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-03-08 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-03-08 9464]
R1 easdrv;easdrv; C:\WINDOWS\System32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 eamon;EAMON; C:\WINDOWS\System32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 HPFECP13;HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [1998-09-25 52800]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys [2003-08-14 21861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-08-14 30235]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-09 3968]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-12-05 19328]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-12-05 51968]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-12-05 19328]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-12-05 68864]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-12-05 68864]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-08-14 146812]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-08-14 51848]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\System32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\System32\DRIVERS\k750obex.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\ZBYNK~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-12-05 38272]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\System32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\System32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\System32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 StMp3Rec;%SvcDesc%; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-05-13 68204]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-27 611664]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003-08-14 135168]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]

-----------------EOF-----------------
počítač se zablokuje před načtením systému,někdy se podaří spustit nouzový režim a potom jde restartem spustit v normálním režimu

Hezké odpoledne
Poprosím o tento log C:\ComboFix.txt

Dobrý den ! tady je to

ComboFix 10-05-31.03 - Zbyněk 01.06.2010 10:03:10.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.447.116 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zbyněk\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\C.tmp
c:\documents and settings\All Users\Data aplikací\hpe260.dll
c:\program files\INSTALL.LOG
c:\windows\desktop
c:\windows\desktop\Fish.scr
c:\windows\system32\VB40032.DLL
c:\windows\wiaservb.log

c:\windows\system32\qmgr.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-01 do 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 07:46 . 2002-12-05 12:00 376832 ----a-w- c:\windows\system32\CF3532.exe
2010-05-18 13:03 . 2010-05-18 13:03 -------- d-----w- c:\program files\GRETECH
2010-05-06 16:53 . 2010-05-06 17:04 -------- d-----w- c:\program files\ICQ7.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 07:12 . 2008-08-18 18:05 823 -c--a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-18 13:27 . 2006-04-07 17:40 -------- d-----w- c:\program files\JetMailMonitor
2010-05-18 13:26 . 2005-11-25 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 12:15 . 2005-12-01 21:19 -------- d-----w- c:\program files\ICQ
2010-04-24 06:11 . 2010-04-24 06:11 -------- d-----w- c:\program files\Sony Ericsson
2010-04-16 18:49 . 2008-12-14 16:59 -------- d-----w- c:\program files\Fotostar
2010-03-28 11:41 . 2002-12-05 12:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 11:41 . 2002-12-05 12:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2008-07-13 17:54 . 2008-07-13 17:54 492 -c--a-w- c:\program files\mpc5.reg
2008-07-13 17:54 . 2008-07-13 17:54 30040 -c--a-w- c:\program files\ffdsvsetts.reg
2008-07-13 17:54 . 2008-07-13 17:54 1172 -c--a-w- c:\program files\ffdsasetts.reg
2008-07-13 17:54 . 2008-07-13 17:54 30654 -c--a-w- c:\program files\ffdssetts.reg
2006-01-21 17:19 . 2006-01-21 17:19 499495 -c--a-w- c:\program files\SmartClock21.exe
2005-12-29 21:34 . 2005-12-29 21:34 7256768 -c--a-w- c:\program files\SkypeSetup.exe
2005-01-18 19:55 . 2005-01-18 19:55 8472 -c--a-w- c:\program files\Common Files\GBA2_Config.xsl
2004-08-25 06:43 . 2004-08-25 06:43 1470 -c--a-w- c:\program files\Common Files\GBA2_cntycode.xsl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartClock"="c:\program files\SmartClock\SmartClock.exe" [2003-04-26 880128]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-20 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-01-10 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-11-14 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-12-05 13312]

c:\documents and settings\ZbynŘk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-23 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-8-29 499779]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.10.2009 10:18 35168]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25.9.1998 10:55 52800]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.4.2010 8:11 90112]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [24.4.2010 8:13 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [24.4.2010 8:13 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [24.4.2010 8:13 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [24.4.2010 8:13 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [24.4.2010 8:13 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [24.4.2010 8:13 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [24.4.2010 8:13 109736]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Zbyněk\Data aplikací\Mozilla\Firefox\Profiles\cepv43wd.default\
FF - prefs.js: browser.startup.homepage - About:Blank

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-TraMet - c:\program files\TraMet\TraMet.exe
AddRemove-CloneCD - c:\program files\SlySoft\CloneCD\ccd-uninst.exe
AddRemove-InfoMapa 6.0 - d:\infom~12\Setup.exe
AddRemove-Slovácko - Bílé Karpaty - 0:\program files\Cyklotrasy\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 10:25
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\docume~1\ZBYNK~1\LOCALS~1\Temp\dsbB.tmp 0 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\System32\ODBC32.dll
c:\windows\System32\vorbis.dll
c:\windows\System32\ogg.dll

- - - - - - - > 'lsass.exe'(844)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3656)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\vorbis.dll
c:\windows\System32\ogg.dll
c:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\VTTimer.exe
c:\windows\System32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-06-01 10:30:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-01 08:30
ComboFix2.txt 2008-08-25 18:24
ComboFix3.txt 2008-08-23 16:50
ComboFix4.txt 2008-08-22 17:08

Před spuštěním: 4 179 460 096
Po spuštění: 6 347 530 240

- - End Of File - - F538198285C15DDFFD46AD6397D9B8D3

Změnilo se něco po použití combofixu?



Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte - klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

Jestli se něco změnilo po použití combofixu ještě nevím,zatím jsem počítač nevypínal.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:04 on 01/06/2010 by Zbyněk (Administrator - Elevation successful)

========== filefind ==========

Searching for "qmgr.dll"
C:\WINDOWS\erdnt\cache\qmgr.dll --a--- 221184 bytes [08:27 01/06/2010] [12:00 05/12/2002] D8681F65568AC0C6C7ED11E028EE3503
C:\WINDOWS\system32\qmgr.dll --a--- 221184 bytes [20:16 25/11/2005] [12:00 05/12/2002] D8681F65568AC0C6C7ED11E028EE3503

-=End Of File=-

Otestujte na www.virustotal.com
C:\WINDOWS\erdnt\cache\qmgr.dll
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

http://www.virustotal.com/cs/analisis/b ... 1275401122

chvilku to trvalo čekal jsem ve frontě

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-05-31.03 - Zbyněk 01.06.2010 16:57:39.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.447.145 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zbyněk\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zbyněk\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\docume~1\ZBYNK~1\LOCALS~1\Temp\dsbB.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\qmgr.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\qmgr.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-01 do 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 08:55 . 2010-06-01 08:56 -------- d-----w- C:\rsit
2010-06-01 07:46 . 2002-12-05 12:00 376832 ----a-w- c:\windows\system32\CF3532.exe
2010-05-18 13:03 . 2010-05-18 13:03 -------- d-----w- c:\program files\GRETECH
2010-05-06 16:53 . 2010-05-06 17:04 -------- d-----w- c:\program files\ICQ7.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 08:56 . 2008-08-21 17:35 -------- d-----w- c:\program files\Trend Micro
2010-06-01 07:12 . 2008-08-18 18:05 823 -c--a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-18 13:27 . 2006-04-07 17:40 -------- d-----w- c:\program files\JetMailMonitor
2010-05-18 13:26 . 2005-11-25 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 12:15 . 2005-12-01 21:19 -------- d-----w- c:\program files\ICQ
2010-04-24 06:11 . 2010-04-24 06:11 -------- d-----w- c:\program files\Sony Ericsson
2010-04-16 18:49 . 2008-12-14 16:59 -------- d-----w- c:\program files\Fotostar
2010-03-28 11:41 . 2002-12-05 12:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 11:41 . 2002-12-05 12:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2008-07-13 17:54 . 2008-07-13 17:54 492 -c--a-w- c:\program files\mpc5.reg
2008-07-13 17:54 . 2008-07-13 17:54 30040 -c--a-w- c:\program files\ffdsvsetts.reg
2008-07-13 17:54 . 2008-07-13 17:54 1172 -c--a-w- c:\program files\ffdsasetts.reg
2008-07-13 17:54 . 2008-07-13 17:54 30654 -c--a-w- c:\program files\ffdssetts.reg
2006-01-21 17:19 . 2006-01-21 17:19 499495 -c--a-w- c:\program files\SmartClock21.exe
2005-12-29 21:34 . 2005-12-29 21:34 7256768 -c--a-w- c:\program files\SkypeSetup.exe
2005-01-18 19:55 . 2005-01-18 19:55 8472 -c--a-w- c:\program files\Common Files\GBA2_Config.xsl
2004-08-25 06:43 . 2004-08-25 06:43 1470 -c--a-w- c:\program files\Common Files\GBA2_cntycode.xsl
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartClock"="c:\program files\SmartClock\SmartClock.exe" [2003-04-26 880128]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-20 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-01-10 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-11-14 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-12-05 13312]

c:\documents and settings\ZbynŘk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-23 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-8-29 499779]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.10.2009 10:18 35168]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [25.9.1998 10:55 52800]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [24.4.2010 8:11 90112]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [24.4.2010 8:13 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [24.4.2010 8:13 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [24.4.2010 8:13 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [24.4.2010 8:13 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [24.4.2010 8:13 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [24.4.2010 8:13 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [24.4.2010 8:13 109736]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Zbyněk\Data aplikací\Mozilla\Firefox\Profiles\cepv43wd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 17:08
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\System32\ODBC32.dll
c:\windows\System32\vorbis.dll
c:\windows\System32\ogg.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3520)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\System32\msi.dll
c:\windows\System32\vorbis.dll
c:\windows\System32\ogg.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\VTTimer.exe
c:\windows\System32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\System32\wdfmgr.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-06-01 17:14:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-01 15:13
ComboFix2.txt 2010-06-01 08:30
ComboFix3.txt 2008-08-25 18:24
ComboFix4.txt 2008-08-23 16:50
ComboFix5.txt 2010-06-01 14:55

Před spuštěním: 6 390 505 472
Po spuštění: 6 397 042 688

- - End Of File - - 77AFA039802000438939F6946ABD60F5

Jak to ted vypadá s počítačem?

Tyto soubory znáte?
c:\program files\mpc5.reg
c:\program files\ffdsvsetts.reg
c:\program files\ffdsasetts.reg
c:\program files\ffdssetts.reg

Můžu ještě udělat sken na rootkity?

Dobrý den!
Včera jsem počitač vypnul a až teď se mi ho podařilo zapnouut a to v nouzovém
režimu.
tyto soubory : c:\program files\mpc5.reg
c:\program files\ffdsvsetts.reg
c:\program files\ffdsasetts.reg
c:\program files\ffdssetts.reg
neznám a ani nevím kde se tu vzaly, co s nima?

To se Vám jako počítač vůbec nechtěl zapnout? proč, psalo to něco?

Systém Microsoft Windows XP Professional Service Pack 1

Chtělo by to doinstalovat minimálně sp2, ideálně sp3.


Zkuste pár těch reg souborů otevřít v poznámkovém bloku (pravým myšítkem - otevřít v notepadu) a text vložte zde.

Jo aten sken klidně, když to pomůže

Jak to bylo s tím zapnutím počítače? Proč nešel? Než budu dělat další skeny, tak bych měla vědět stav pc, protože Gmer může také způsobit Bsod.

Můžete nejdřív doinstalovat ten sp?

Tak jsem teda nainstaloval SP3 a po dlouhých útrapách se mi podařilo znovu zapnout PC. Při zobrazení že XP nabíhají se PC zablokuje,někdy jsou na monitoru barevné čárky někdy černobílé,kontrolka hrd.někdy svítí nekdy ne!Potom musím zmáčknout reset a nekdy se podaří počítač spustit,jako ted ale jen v nuzovém režimu.