VIRY.CZ

Na jednom PC je zrejme vir, ktery nedovoli instalaci antiviru. Prosim o kontrolu logu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by spravce at 2011-01-27 10:22:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 68 GB (89%) free of 76 GB
Total RAM: 1014 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:14, on 27.1.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\spravce.PRAHA2\Local Settings\Temporary Internet Files\Content.IE5\BT92EVVC\RSIT[1].exe
C:\Program Files\trend micro\spravce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.10.33:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.33.4.*;10.33.5.*;10.33.6.*;10.33.7.*;10.33.8.*;10.33.9.*;10.33.10.33;*.p2.mepnet.cz,helpdesk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKUS\S-1-5-21-1445019073-709728891-461039229-2380\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'kleckao')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://10.33.7.215/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3059198468
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = praha2.p2.mepnet.cz
O17 - HKLM\Software\..\Telephony: DomainName = praha2.p2.mepnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4616FC-F269-42F8-90F3-D90D5F20FB8D}: NameServer = 10.33.10.21,10.33.4.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = praha2.p2.mepnet.cz
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4616FC-F269-42F8-90F3-D90D5F20FB8D}: NameServer = 10.33.10.21,10.33.4.150
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 4919 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-17 143872]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-02-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\Aplcity\geovap\cityware\poplatky\Poplatky.exe"="\\Aplcity\geovap\cityware\poplatky\Poplatky.exe:*:Disabled:Poplatky"

======List of files/folders created in the last 1 months======

2011-01-27 10:22:01 ----D---- C:\rsit
2011-01-27 10:22:01 ----D---- C:\Program Files\trend micro
2011-01-27 10:21:15 ----A---- C:\ComboFix.txt
2011-01-26 09:56:57 ----A---- C:\WINDOWS\MBR.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\zip.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWSC.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWREG.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\sed.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\PEV.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\grep.exe
2011-01-26 09:51:57 ----D---- C:\WINDOWS\ERDNT
2011-01-26 09:50:00 ----D---- C:\Qoobox
2011-01-25 10:44:12 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-25 10:34:53 ----D---- C:\Program Files\CCleaner
2011-01-25 10:32:56 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Macromedia
2011-01-25 10:22:56 ----D---- C:\Program Files\Symantec
2011-01-25 10:22:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-25 10:22:15 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\pdfforge
2011-01-25 10:06:11 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Search Settings
2011-01-25 10:06:07 ----D---- C:\Program Files\pdfforge Toolbar
2011-01-25 10:06:07 ----D---- C:\Program Files\Common Files\Spigot
2011-01-25 10:06:07 ----D---- C:\Program Files\Application Updater
2011-01-25 10:05:30 ----D---- C:\Program Files\IrfanView
2011-01-25 10:04:56 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-01-25 10:04:55 ----D---- C:\Program Files\PDFCreator
2011-01-25 10:04:55 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-01-25 10:01:55 ----D---- C:\WINDOWS\SchCache
2011-01-13 10:36:16 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-01-13 10:36:15 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-01-13 10:36:15 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-01-13 08:29:36 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Adobe
2011-01-13 08:28:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-01-13 08:25:35 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Google
2011-01-13 08:23:56 ----A---- C:\WINDOWS\system32\MFC71.DLL
2011-01-13 08:23:56 ----A---- C:\WINDOWS\system32\capicom.dll
2011-01-13 08:23:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2011-01-13 08:17:22 ----A---- C:\WINDOWS\User Profile Migration Service.exe
2011-01-13 08:17:08 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\HP
2011-01-13 08:10:57 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Identities
2011-01-13 08:10:44 ----ASH---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\desktop.ini
2011-01-13 08:10:43 ----SD---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Microsoft

======List of files/folders modified in the last 1 months======

2011-01-27 10:22:08 ----D---- C:\WINDOWS\Prefetch
2011-01-27 10:22:01 ----RD---- C:\Program Files
2011-01-27 10:19:50 ----D---- C:\WINDOWS
2011-01-27 10:19:50 ----A---- C:\WINDOWS\system.ini
2011-01-27 10:19:44 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-27 10:18:56 ----D---- C:\WINDOWS\Temp
2011-01-27 10:18:10 ----D---- C:\WINDOWS\system32\drivers
2011-01-27 10:18:10 ----D---- C:\WINDOWS\system32
2011-01-27 10:18:10 ----D---- C:\WINDOWS\AppPatch
2011-01-27 10:18:06 ----D---- C:\Program Files\Common Files
2011-01-27 10:12:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-27 10:12:52 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-27 10:12:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-27 10:12:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-01-27 10:10:43 ----SHD---- C:\WINDOWS\Installer
2011-01-27 10:10:42 ----D---- C:\Config.Msi
2011-01-27 10:06:22 ----D---- C:\WINDOWS\WinSxS
2011-01-27 10:05:03 ----D---- C:\Temp
2011-01-27 07:38:18 ----D---- C:\WINDOWS\security
2011-01-25 10:45:57 ----D---- C:\WINDOWS\system32\appmgmt
2011-01-25 10:35:22 ----D---- C:\WINDOWS\Debug
2011-01-25 09:46:59 ----D---- C:\VITA
2011-01-14 07:30:58 ----D---- C:\WINDOWS\system32\config
2011-01-13 10:36:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-13 08:44:32 ----D---- C:\Program Files\BackSave
2011-01-13 08:44:26 ----A---- C:\WINDOWS\ST6UNST.EXE
2011-01-13 08:44:23 ----D---- C:\Program Files\Info
2011-01-13 08:39:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-13 08:39:38 ----D---- C:\WINDOWS\ShellNew
2011-01-13 08:39:38 ----D---- C:\WINDOWS\Help
2011-01-13 08:38:45 ----A---- C:\WINDOWS\ODBC.INI
2011-01-13 08:38:40 ----RSD---- C:\WINDOWS\Fonts
2011-01-13 08:37:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-13 08:37:51 ----D---- C:\WINDOWS\Downloaded Installations
2011-01-13 08:37:49 ----D---- C:\Program Files\Kaspersky Lab
2011-01-13 08:31:41 ----D---- C:\Documents and Settings
2011-01-13 08:28:32 ----D---- C:\Program Files\Common Files\Adobe
2011-01-13 08:28:16 ----D---- C:\Program Files\Adobe
2011-01-13 08:26:28 ----D---- C:\Program Files\Google
2011-01-13 08:26:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-11-09 26656]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 catchme;catchme; \??\C:\DOCUME~1\SPRAVC~1.PRA\LOCALS~1\Temp\catchme.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-08-07 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-08-07 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-08-07 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2004-11-16 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-10-22 69632]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-17 32256]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2010-02-17 3093880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-17 8704]

-----------------EOF-----------------

Hezké odpoledne
To se jedná o služební počítač?

jj

Já Vám pro začátek trošku vynadám, ale pak už budu hodná

Combofix nedoporučujeme používat bez dozoru rádce, můžete si poškodit počítač .
A služební pc tu také neradi vidíme, nesuplujeme tu placené IT. Ale já Vám to pro dnešek odpustím .

Poprosím o log z combofixu, co jste dělal
C:\ComboFix.txt


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Já bych zase s dovolením nesouhlasil. To, že je někdo placený IT neznamená, že má patent na rozum a rozumí úplně komplet celému oboru IT. Někdo je na databáze, někdo na servery, někdo na programování, někdo na hardware, někdo na support, někdo na virovou problematiku. Chápete, kam tím mířím ? Můj obor je úplně jiný, ale to neznamená, že se nemůžu zeptat zdarma na radu na foru, ktere je k tomu urcene. Neco jineho by asi bylo, kdybych mel firmu na odvirovavani pc a zde bych hledal odpovedi na problemy lidi, kteri mi pak zaplati za "vase" sluzby. Ale zpet k tomu pecku. Zde je log z comba:

ComboFix 11-01-25.01 - spravce 27.01.2011 10:15:43.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1014.733 [GMT 1:00]
Spuštěný z: c:\documents and settings\spravce.PRAHA2\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\spravce.PRAHA2\Dokumenty\cc_20110126_102134.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-27 do 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 09:05 . 2011-01-27 09:05 142192 ----a-w- c:\temp\Clt-Inst\vpremote.exe
2011-01-25 09:34 . 2011-01-25 09:34 -------- d-----w- c:\program files\CCleaner
2011-01-25 09:22 . 2011-01-27 09:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-25 09:22 . 2011-01-27 09:06 -------- d-----w- c:\program files\Symantec
2011-01-25 09:06 . 2011-01-25 09:06 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-01-25 09:06 . 2011-01-25 09:06 -------- d-----w- c:\program files\pdfforge Toolbar
2011-01-25 09:06 . 2011-01-25 09:06 -------- d-----w- c:\program files\Common Files\Spigot
2011-01-25 09:06 . 2011-01-25 09:06 -------- d-----w- c:\program files\Application Updater
2011-01-25 09:05 . 2011-01-25 09:12 -------- d-----w- c:\program files\IrfanView
2011-01-25 09:04 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-01-25 09:04 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-01-25 09:04 . 2011-01-25 09:06 -------- d-----w- c:\program files\PDFCreator
2011-01-25 09:04 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-01-25 09:01 . 2011-01-25 09:01 -------- d-----w- c:\windows\SchCache
2011-01-13 09:36 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-13 09:36 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-13 09:36 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-01-13 09:36 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-01-13 07:31 . 2011-01-27 09:01 -------- d-----w- c:\documents and settings\kleckao
2011-01-13 07:23 . 2007-03-21 20:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-01-13 07:23 . 2011-01-27 09:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Symantec
2011-01-13 07:17 . 2011-01-13 07:17 278296 ----a-w- c:\windows\User Profile Migration Service.exe
2011-01-13 07:10 . 2011-01-25 09:55 -------- d-----w- c:\documents and settings\spravce.PRAHA2
2011-01-13 07:07 . 2011-01-13 07:07 -------- d-----w- c:\documents and settings\spravce\Data aplikací\HP
2011-01-13 07:07 . 2011-01-13 07:07 -------- d-----w- c:\documents and settings\spravce\Local Settings\Data aplikací\ApplicationHistory

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 07:44 . 2005-06-22 18:44 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_09.12.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-27 09:04 . 2011-01-27 09:04 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2010-09-06 12:58 . 2010-09-06 12:58 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2011-01-27 06:32 . 2011-01-27 06:32 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-17 143872]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1445019073-709728891-461039229-2380\Scripts\Logon\0\0]
"Script"=\\DCAD1\Remote_install\Link_helpdesk\copy.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1445019073-709728891-461039229-2392\Scripts\Logon\0\0]
"Script"=\\DCAD1\Remote_install\Link_helpdesk\copy.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [22.8.2005 10:56 26656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [22.8.2005 10:56 163856]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - LIVEUPDATE
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = 10.33.4.*;10.33.5.*;10.33.6.*;10.33.7.*;10.33.8.*;10.33.9.*;10.33.10.33;*.p2.mepnet.cz,helpdesk;<local>
uInternet Settings,ProxyServer = 10.33.10.33:3128
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0F4616FC-F269-42F8-90F3-D90D5F20FB8D} = 10.33.10.21,10.33.4.150
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://10.33.7.215/VatDec.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 10:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\ShudderLTD\PSGuard\PSGuard\License*]
"Data"="InstallTime=1c5945e:fe3e9c80\0d\0aLastRunTime=1c598bd:1bc20c30\0d\0a"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2011-01-27 10:21:14
ComboFix-quarantined-files.txt 2011-01-27 09:21
ComboFix2.txt 2011-01-26 09:14

Před spuštěním: Volných bajtů: 70 940 573 696
Po spuštění: Volných bajtů: 70 946 488 320

- - End Of File - - AB62267CA065D0BF2273CCFFAE77B26D

Co to tam máte od Pandy? Antivir?

To máte pravdu . My se tu v poslední době bohužel setkáváme s tím, že se na nás obrací lidé, kteří mají svůj pc servis, dávají sem jeden log za druhým a pak za to od zákazníků vyberou peníze. Je to nemorální, my tu pomáháme zadarmo a ve svém volném čase.
To ale není Váš případ, pokud nám sem nenahrnete 10 počítačů s tím, že jste si je v práci zavirovali

tak to opravdu neni muj pripad zde na foru jsem registrovan 5 let a za svou 10letou praxi jsem zde vyuzil rad jen parkrat (13 prispevku celkem)
Vetsinou se s tim umim poprat sam. Spis jen kdyz mi dochazi energie, napady, programy a nevim kudy kam, jdu sem pro nakopnuti Treba to vubec neni zavirovany. Jen mi proste nejde nainstalovat symantec antivir, ktery pada na knihovne

Od pandy by tam byt nic nemelo. To je fakt divny.. mrknu na to.

EDIT: Tak od pandy je tam skutecne adresar s exe soubory.. divny, uzivatel nema prava a ja bych tam pandu nikdy neinstaloval :/

Zde je log z MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5629

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.1.2011 13:25:47
mbam-log-2011-01-28 (13-25-42).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 260588
Uplynulý čas: 13 minut, 33 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1480 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken.
c:\program files\pdfforge toolbar\widgihelper.exe (PUP.Dealio) -> No action taken.
c:\Qoobox\quarantine\C\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll.vir (PUP.Dealio) -> No action taken.
c:\system volume information\_restore{197c8f38-1868-4fc9-8748-a3a183e9e583}\RP840\A0269535.dll (PUP.Dealio) -> No action taken.

V mbamu vše smažte
Už jste s tou Pandou něco dělal? Pokud ne, tak Vám odpálím její služby a soubory

Pravděpodobně právě tyto služby blokují nainstalování jiného antiviru.

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [22.8.2005 10:56 26656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [22.8.2005 10:56 163856]

V mbam jsem vse odstranil.
S pandou jsem se snazil delat, ale sluzby nejdou vypnout. Hijackthis je taky neumi odstrelit. Cim se toho mam zbavit ?

prikladam novy log z rsit

Logfile of random's system information tool 1.08 (written by random/random)
Run by spravce at 2011-02-01 10:39:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 68 GB (89%) free of 76 GB
Total RAM: 1014 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:02, on 1.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\spravce.PRAHA2\Local Settings\Temporary Internet Files\Content.IE5\BT92EVVC\RSIT[1].exe
C:\Program Files\trend micro\HiJackThis\spravce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.33.10.33:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.33.4.*;10.33.5.*;10.33.6.*;10.33.7.*;10.33.8.*;10.33.9.*;10.33.10.33;*.p2.mepnet.cz,helpdesk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://10.33.7.215/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3059198468
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = praha2.p2.mepnet.cz
O17 - HKLM\Software\..\Telephony: DomainName = praha2.p2.mepnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F4616FC-F269-42F8-90F3-D90D5F20FB8D}: NameServer = 10.33.10.21,10.33.4.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = praha2.p2.mepnet.cz
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F4616FC-F269-42F8-90F3-D90D5F20FB8D}: NameServer = 10.33.10.21,10.33.4.150
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 4663 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-17 143872]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-02-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\Aplcity\geovap\cityware\poplatky\Poplatky.exe"="\\Aplcity\geovap\cityware\poplatky\Poplatky.exe:*:Disabled:Poplatky"

======List of files/folders created in the last 1 months======

2011-01-28 12:05:22 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Malwarebytes
2011-01-28 12:05:14 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-28 12:05:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-01-28 12:05:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-28 12:05:10 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-27 13:29:55 ----SHD---- C:\RECYCLER
2011-01-27 10:22:01 ----D---- C:\rsit
2011-01-27 10:22:01 ----D---- C:\Program Files\trend micro
2011-01-27 10:21:15 ----A---- C:\ComboFix.txt
2011-01-26 09:56:57 ----A---- C:\WINDOWS\MBR.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\zip.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWSC.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\SWREG.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\sed.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\PEV.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-26 09:56:56 ----A---- C:\WINDOWS\grep.exe
2011-01-26 09:51:57 ----D---- C:\WINDOWS\ERDNT
2011-01-26 09:50:00 ----D---- C:\Qoobox
2011-01-25 10:44:12 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-25 10:34:53 ----D---- C:\Program Files\CCleaner
2011-01-25 10:32:56 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Macromedia
2011-01-25 10:22:56 ----D---- C:\Program Files\Symantec
2011-01-25 10:22:56 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-01-25 10:22:15 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\pdfforge
2011-01-25 10:06:11 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Search Settings
2011-01-25 10:06:07 ----D---- C:\Program Files\pdfforge Toolbar
2011-01-25 10:06:07 ----D---- C:\Program Files\Common Files\Spigot
2011-01-25 10:06:07 ----D---- C:\Program Files\Application Updater
2011-01-25 10:05:30 ----D---- C:\Program Files\IrfanView
2011-01-25 10:04:56 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2011-01-25 10:04:55 ----D---- C:\Program Files\PDFCreator
2011-01-25 10:04:55 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2011-01-25 10:01:55 ----D---- C:\WINDOWS\SchCache
2011-01-13 10:36:16 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-01-13 10:36:15 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-01-13 10:36:15 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-01-13 08:29:36 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Adobe
2011-01-13 08:28:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-01-13 08:25:35 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Google
2011-01-13 08:23:56 ----A---- C:\WINDOWS\system32\MFC71.DLL
2011-01-13 08:23:56 ----A---- C:\WINDOWS\system32\capicom.dll
2011-01-13 08:23:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec
2011-01-13 08:17:22 ----A---- C:\WINDOWS\User Profile Migration Service.exe
2011-01-13 08:17:08 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\HP
2011-01-13 08:10:57 ----D---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Identities
2011-01-13 08:10:44 ----ASH---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\desktop.ini
2011-01-13 08:10:43 ----SD---- C:\Documents and Settings\spravce.PRAHA2\Data aplikací\Microsoft

======List of files/folders modified in the last 1 months======

2011-02-01 10:34:56 ----D---- C:\WINDOWS
2011-02-01 10:34:53 ----D---- C:\WINDOWS\Temp
2011-02-01 10:34:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-01 10:33:19 ----D---- C:\WINDOWS\system32\drivers
2011-02-01 10:33:09 ----D---- C:\WINDOWS\security
2011-02-01 10:30:08 ----D---- C:\WINDOWS\Prefetch
2011-02-01 10:22:12 ----SHD---- C:\WINDOWS\Installer
2011-02-01 10:22:12 ----D---- C:\Config.Msi
2011-01-28 12:05:10 ----RD---- C:\Program Files
2011-01-28 07:30:09 ----D---- C:\Temp
2011-01-27 10:19:50 ----A---- C:\WINDOWS\system.ini
2011-01-27 10:19:44 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-27 10:18:10 ----D---- C:\WINDOWS\system32
2011-01-27 10:18:10 ----D---- C:\WINDOWS\AppPatch
2011-01-27 10:18:06 ----D---- C:\Program Files\Common Files
2011-01-27 10:12:52 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-27 10:12:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-01-27 10:12:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-01-27 10:06:22 ----D---- C:\WINDOWS\WinSxS
2011-01-25 10:45:57 ----D---- C:\WINDOWS\system32\appmgmt
2011-01-25 10:35:22 ----D---- C:\WINDOWS\Debug
2011-01-25 09:46:59 ----D---- C:\VITA
2011-01-14 07:30:58 ----D---- C:\WINDOWS\system32\config
2011-01-13 10:36:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-13 08:44:32 ----D---- C:\Program Files\BackSave
2011-01-13 08:44:26 ----A---- C:\WINDOWS\ST6UNST.EXE
2011-01-13 08:44:23 ----D---- C:\Program Files\Info
2011-01-13 08:39:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-13 08:39:38 ----D---- C:\WINDOWS\ShellNew
2011-01-13 08:39:38 ----D---- C:\WINDOWS\Help
2011-01-13 08:38:45 ----A---- C:\WINDOWS\ODBC.INI
2011-01-13 08:38:40 ----RSD---- C:\WINDOWS\Fonts
2011-01-13 08:37:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-13 08:37:51 ----D---- C:\WINDOWS\Downloaded Installations
2011-01-13 08:37:49 ----D---- C:\Program Files\Kaspersky Lab
2011-01-13 08:31:41 ----D---- C:\Documents and Settings
2011-01-13 08:28:32 ----D---- C:\Program Files\Common Files\Adobe
2011-01-13 08:28:16 ----D---- C:\Program Files\Adobe
2011-01-13 08:26:28 ----D---- C:\Program Files\Google
2011-01-13 08:26:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-11-09 26656]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-08-07 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-08-07 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\SPRAVC~1.PRA\LOCALS~1\Temp\catchme.sys []
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-08-07 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2004-11-16 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-10-22 69632]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-17 32256]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2010-02-17 3093880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-17 8704]

-----------------EOF-----------------

Odpálím je přes combofix
Pokud by po restartu nešel internet, zkuste obnovu systému.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci