MS Removal Tool version 2.20

[Wonder.x]

Zdravím všechny zkoušel jsem se téhle havěti zbavit podle různých návodů ale neúspěšně.
Vkládám log z RSIT.

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Wonder at 2011-05-24 17:58:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (44%) free of 30 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:58, on 24.5.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Wonder\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Wonder.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [bM26400MaOpC26400] C:\Documents and Settings\All Users\Data aplikací\bM26400MaOpC26400\bM26400MaOpC26400.exe
O4 - HKCU\..\RunOnce: [3BDCF4DC] C:\WINDOWS\3BDCF4DC.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IMAPI CD-Burning COM Service (jff67niy) - Unknown owner - C:\WINDOWS\system32\wuroudy.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 6810 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-04-07 188416]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"bM26400MaOpC26400"=C:\Documents and Settings\All Users\Data aplikací\bM26400MaOpC26400\bM26400MaOpC26400 [2011-05-24 192]
"3BDCF4DC"=C:\WINDOWS\3BDCF4DC [2011-05-24 192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus AntiSpyware 2011 Security]
C:\Documents and Settings\LocalService\Data aplikací\AntiVirus_AntiSpyware_2011\securitymanager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\qwhfupjw.exe"="C:\WINDOWS\system32\qwhfupjw.exe:*:Enabled:tawcekff"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-05-24 17:58:54 ----D---- C:\rsit
2011-05-24 17:58:54 ----D---- C:\Program Files\trend micro
2011-05-24 17:19:49 ----A---- C:\WINDOWS\3BDCF4DC.exe
2011-05-24 17:07:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-05-24 17:07:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 16:50:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\bM26400MaOpC26400
2011-05-24 16:16:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-05-24 16:16:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-05-24 16:16:46 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-05-24 16:08:30 ----A---- C:\WINDOWS\ntbtlog.txt
2011-05-24 15:55:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\hP26400DpCfJ26400
2011-05-24 15:46:53 ----A---- C:\WINDOWS\462B3D83.exe
2011-05-24 15:43:05 ----A---- C:\WINDOWS\48C626FE.exe
2011-05-24 15:39:34 ----D---- C:\_OTM
2011-05-24 14:57:36 ----A---- C:\WINDOWS\4C022957.exe
2011-05-24 14:18:30 ----A---- C:\WINDOWS\6204F4A1.exe
2011-05-23 21:27:49 ----A---- C:\WINDOWS\1EC10B9B.exe
2011-05-23 21:24:37 ----A---- C:\WINDOWS\53FCE379.exe
2011-05-23 19:52:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\eA26400CbGbD26400
2011-05-23 19:46:18 ----D---- C:\Documents and Settings\Wonder\Data aplikací\Malwarebytes
2011-05-23 19:21:07 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-05-23 19:17:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-05-23 18:21:06 ----A---- C:\WINDOWS\28A68B82.exe
2011-05-22 22:26:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\mF26400EbMcH26400
2011-05-17 15:27:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-05-17 15:24:06 ----D---- C:\How to remove Essential Cleaner virus _ My Anti Spyware_soubory
2011-05-08 15:05:50 ----D---- C:\Program Files\GridinSoft Trojan Killer
2011-05-08 14:55:51 ----SHD---- C:\WINDOWS\CSC
2011-05-02 13:42:13 ----A---- C:\WINDOWS\68C8AA52.exe
2011-05-02 12:42:02 ----A---- C:\WINDOWS\4862E393.exe
2011-04-29 12:38:29 ----A---- C:\WINDOWS\320A1743.exe
2011-04-29 11:30:16 ----A---- C:\WINDOWS\4C8BC0AA.exe
2011-04-27 10:28:15 ----A---- C:\WINDOWS\system32\msonpmon.dll
2011-04-27 10:27:36 ----D---- C:\Program Files\Microsoft Works
2011-04-27 10:27:28 ----D---- C:\Program Files\MSBuild
2011-04-27 10:27:07 ----D---- C:\Program Files\Microsoft Visual Studio
2011-04-27 10:27:06 ----D---- C:\Program Files\Common Files\DESIGNER
2011-04-27 10:26:15 ----D---- C:\Program Files\Microsoft.NET
2011-04-27 10:24:33 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-04-27 10:23:07 ----D---- C:\WINDOWS\SHELLNEW
2011-04-27 10:22:47 ----D---- C:\Program Files\Microsoft Office
2011-04-27 10:22:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-04-27 10:22:20 ----RHD---- C:\MSOCache
2011-04-26 07:56:31 ----A---- C:\WINDOWS\0374DAD1.exe

======List of files/folders modified in the last 1 months======

2011-05-24 17:58:54 ----RD---- C:\Program Files
2011-05-24 17:48:52 ----D---- C:\Program Files\Mozilla Firefox
2011-05-24 17:21:13 ----D---- C:\WINDOWS
2011-05-24 17:21:11 ----AD---- C:\WINDOWS\Temp
2011-05-24 16:46:57 ----D---- C:\WINDOWS\system32\drivers
2011-05-24 16:45:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-24 16:05:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-24 16:04:17 ----D---- C:\WINDOWS\Minidump
2011-05-24 16:04:17 ----D---- C:\WINDOWS\Debug
2011-05-24 15:57:36 ----D---- C:\WINDOWS\Prefetch
2011-05-24 15:54:04 ----D---- C:\Program Files\Common Files
2011-05-24 15:41:37 ----D---- C:\WINDOWS\system32
2011-05-24 15:40:44 ----RD---- C:\WINDOWS\Offline Web Pages
2011-05-23 22:54:10 ----RASH---- C:\boot.ini
2011-05-23 21:22:03 ----SD---- C:\WINDOWS\Tasks
2011-05-23 21:21:06 ----D---- C:\Qoobox
2011-05-17 12:02:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-17 12:02:08 ----HD---- C:\WINDOWS\inf
2011-05-16 15:21:12 ----D---- C:\Documents and Settings\Wonder\Data aplikací\vlc
2011-05-16 13:26:29 ----D---- C:\Program Files\Garena
2011-05-09 14:55:04 ----D---- C:\Documents and Settings\Wonder\Data aplikací\AIMP
2011-05-08 15:29:24 ----D---- C:\Program Files\TNod User & Password Finder
2011-05-03 17:26:26 ----D---- C:\Documents and Settings\Wonder\Data aplikací\Skype
2011-05-03 08:05:55 ----D---- C:\Documents and Settings\Wonder\Data aplikací\skypePM
2011-05-02 15:12:02 ----SD---- C:\Documents and Settings\Wonder\Data aplikací\Microsoft
2011-05-02 15:11:54 ----SHD---- C:\WINDOWS\Installer
2011-04-27 10:28:23 ----RSD---- C:\WINDOWS\assembly
2011-04-27 10:28:07 ----D---- C:\WINDOWS\system32\config
2011-04-27 10:27:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-04-27 10:27:30 ----D---- C:\WINDOWS\WinSxS
2011-04-27 10:26:36 ----RSD---- C:\WINDOWS\Fonts
2011-04-27 10:26:15 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-04-27 10:23:38 ----A---- C:\WINDOWS\win.ini
2011-04-27 10:23:33 ----D---- C:\Program Files\Common Files\System
2011-04-26 17:27:00 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2006-03-02 61056]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\system32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\system32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\system32\drivers\sfsync04.sys [2006-05-10 52224]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-05 691696]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
S2 eumzmori;eumzmori; C:\WINDOWS\system32\drivers\eumzmori.sys [2010-11-21 82944]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2006-03-02 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2006-03-02 71552]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys []
S3 syvzcfp;syvzcfp; \??\C:\WINDOWS\system32\01.tmp []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-02-02 520192]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S2 jff67niy;IMAPI CD-Burning COM Service; C:\WINDOWS\system32\wuroudy.exe []
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
S2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Předem díky za ochotu.

[Rudy]

V nouz. režimu spusťte ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Wonder.x]

Log ComboFixu

Kód: Vybrat vše

ComboFix 11-05-23.02 - Wonder 24.05.2011  19:52:53.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.2047.1786 [GMT 2:00]
Spuštěný z: c:\documents and settings\Wonder\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\bM26400MaOpC26400
c:\documents and settings\All Users\Data aplikací\bM26400MaOpC26400\bM26400MaOpC26400
c:\documents and settings\All Users\Data aplikací\bM26400MaOpC26400\bM26400MaOpC26400.exe
c:\documents and settings\Wonder\Data aplikací\Mikrotik
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\advtool.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\advtool.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\dhcp.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\dhcp.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\hotspot.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\hotspot.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\mpls.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\mpls.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\ppp.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\ppp.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\roteros.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\roteros.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\roting4.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\roting4.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\secure.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\secure.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\system.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\system.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\wlan4.crc
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\4.14-2206732506\wlan4.dll
c:\documents and settings\Wonder\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\windows\0374DAD1.exe
c:\windows\189E4BFA.exe
c:\windows\320A1743.exe
c:\windows\462B3D83.exe
c:\windows\48C626FE.exe
c:\windows\53FCE379.exe
c:\windows\system32\wsodsini.dll
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-04-24 do 2011-05-24  )))))))))))))))))))))))))))))))
.
.
2011-05-24 15:58 . 2011-05-24 15:59	--------	d-----w-	C:\rsit
2011-05-24 15:58 . 2011-05-24 15:58	--------	d-----w-	c:\program files\trend micro
2011-05-24 15:19 . 2011-05-24 15:21	395264	----a-w-	c:\windows\3BDCF4DC.exe
2011-05-24 15:07 . 2011-05-24 15:18	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 15:07 . 2011-05-24 15:08	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-05-24 14:16 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 14:16 . 2011-05-24 14:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-24 14:16 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-24 13:55 . 2011-05-24 14:42	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\hP26400DpCfJ26400
2011-05-24 13:41 . 2011-05-24 13:41	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 13:39 . 2011-05-24 13:39	--------	d-----w-	C:\_OTM
2011-05-24 12:57 . 2011-05-24 12:58	395264	----a-w-	c:\windows\4C022957.exe
2011-05-24 12:18 . 2011-05-24 12:19	395264	----a-w-	c:\windows\6204F4A1.exe
2011-05-23 19:27 . 2011-05-23 19:28	336384	----a-w-	c:\windows\1EC10B9B.exe
2011-05-23 17:52 . 2011-05-24 13:37	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\eA26400CbGbD26400
2011-05-23 17:46 . 2011-05-23 17:46	--------	d-----w-	c:\documents and settings\Wonder\Data aplikací\Malwarebytes
2011-05-23 17:44 . 2011-05-23 17:44	--------	d-----w-	c:\documents and settings\LocalService\Nabídka Start
2011-05-23 17:21 . 2011-05-24 13:53	--------	d---a-w-	c:\documents and settings\All Users\Data aplikací\TEMP
2011-05-23 17:17 . 2011-05-24 13:53	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\PC Tools
2011-05-23 16:21 . 2011-05-23 16:21	336384	----a-w-	c:\windows\28A68B82.exe
2011-05-22 20:26 . 2011-05-23 17:38	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\mF26400EbMcH26400
2011-05-17 13:27 . 2011-05-17 13:27	--------	d-----w-	c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-05-17 13:27 . 2011-05-17 13:27	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-17 13:24 . 2011-05-17 13:24	--------	d-----w-	C:\How to remove Essential Cleaner virus _ My Anti Spyware_soubory
2011-05-08 13:05 . 2011-05-24 13:52	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2011-05-02 11:42 . 2011-05-02 11:42	40960	----a-w-	c:\windows\68C8AA52.exe
2011-05-02 10:42 . 2011-05-02 10:42	790528	----a-w-	c:\windows\4862E393.exe
2011-04-29 09:30 . 2011-04-29 09:38	1869302	----a-w-	c:\windows\4C8BC0AA.exe
2011-04-27 08:28 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-04-27 08:28 . 2006-10-26 17:56	32592	----a-w-	c:\windows\system32\msonpmon.dll
2011-04-27 08:27 . 2011-04-27 08:27	--------	d-----w-	c:\program files\Microsoft Works
2011-04-27 08:27 . 2011-04-27 08:27	--------	d-----w-	c:\program files\MSBuild
2011-04-27 08:26 . 2011-04-27 08:26	--------	d-----w-	c:\program files\Microsoft.NET
2011-04-27 08:24 . 2011-04-27 08:24	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-04-27 08:23 . 2011-04-27 08:27	--------	d-----w-	c:\windows\SHELLNEW
2011-04-27 08:22 . 2011-04-27 08:22	--------	d-----w-	c:\documents and settings\Wonder\Local Settings\Data aplikací\Microsoft Help
2011-04-27 08:22 . 2011-05-02 13:11	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-04-27 08:22 . 2011-04-27 08:22	--------	d-----r-	C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:38 . 2011-02-16 21:46	376832	----a-w-	c:\windows\system32\AegisI5Installer.exe
2011-04-03 11:52 . 2006-03-02 12:00	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys
2011-04-03 11:34 . 2011-04-03 11:34	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49	14940040	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2554:TCP"= 2554:TCP:ffpvmo
"18191:TCP"= 18191:TCP:spport
"5451:TCP"= 5451:TCP:spport
"13426:TCP"= 13426:TCP:spport
"12126:TCP"= 12126:TCP:spport
"21862:TCP"= 21862:TCP:spport
"11763:TCP"= 11763:TCP:spport
"20732:TCP"= 20732:TCP:spport
"10056:TCP"= 10056:TCP:spport
"29661:TCP"= 29661:TCP:spport
"20879:TCP"= 20879:TCP:spport
"9470:TCP"= 9470:TCP:spport
"10203:TCP"= 10203:TCP:spport
"15406:TCP"= 15406:TCP:spport
"20709:TCP"= 20709:TCP:spport
"22695:TCP"= 22695:TCP:spport
"5718:TCP"= 5718:TCP:spport
"12313:TCP"= 12313:TCP:spport
"24104:TCP"= 24104:TCP:spport
"19826:TCP"= 19826:TCP:spport
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 22:08 95872]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.8.2010 22:04 691696]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 22:07 114984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 22:07 810120]
S2 eumzmori;eumzmori;c:\windows\system32\drivers\eumzmori.sys [21.11.2010 13:02 82944]
S2 jff67niy;IMAPI CD-Burning COM Service;c:\windows\system32\wuroudy.exe --> c:\windows\system32\wuroudy.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.5.2011 16:16 363344]
S2 uaimjda;Installer Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S2 yquwfitew;Installer Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.9.2010 10:29 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.5.2011 16:16 20952]
S3 syvzcfp;syvzcfp;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
yquwfitew
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Wonder\Data aplikací\Mozilla\Firefox\Profiles\g7blqbbe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-AntiVirus AntiSpyware 2011 Security - c:\documents and settings\LocalService\Data aplikací\AntiVirus_AntiSpyware_2011\securitymanager.exe
AddRemove-Vietcong 2 - c:\program files\Vietcong2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 19:56
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...  
.
skenování skrytých položek 'Po spuštění' ... 
.
skenování skrytých souborů ...  
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\syvzcfp]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\uaimjda]
"ServiceDll"="c:\windows\system32\rcmia.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\yquwfitew]
"ServiceDll"="c:\windows\system32\rcmia.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-05-24  19:57:01
ComboFix-quarantined-files.txt  2011-05-24 17:57
.
Před spuštěním: Volných bajtů: 13 792 903 168
Po spuštění: Volných bajtů: 13 792 976 896
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 82E820B55C4BDFB88DE98315C196B50B

PS: CF mi při spuštění napsal že jede NOD ale přitom neběžel aji ve správci úloh jsem nic nenašel. Doufám že to scan neovlivnilo.

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\3BDCF4DC.exe
c:\windows\4C022957.exe
c:\windows\6204F4A1.exe
c:\windows\1EC10B9B.exe
c:\windows\28A68B82.exe
c:\windows\68C8AA52.exe
c:\windows\4862E393.exe
c:\windows\4C8BC0AA.exe
c:\windows\system32\drivers\eumzmori.sys
c:\windows\system32\wuroudy.exe
c:\windows\system32\01.tmp

Driver::
eumzmori
jff67niy
uaimjda
yquwfitew
syvzcfp

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2554:TCP"=-
"18191:TCP"=-
"5451:TCP"=-
"13426:TCP"=-
"12126:TCP"=-
"21862:TCP"=-
"11763:TCP"=-
"20732:TCP"=-
"10056:TCP"=-
"29661:TCP"=-
"20879:TCP"=-
"9470:TCP"=-
"10203:TCP"=-
"15406:TCP"=-
"20709:TCP"=-
"22695:TCP"=-
"5718:TCP"=-
"24104:TCP"=-
"19826:TCP"=-
"12313:TCP"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Wonder.x]

Znovu log z Combofixu

Kód: Vybrat vše

ComboFix 11-05-23.02 - Wonder 24.05.2011  20:58:45.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.420.1029.18.2047.1737 [GMT 2:00]
Spuštěný z: c:\documents and settings\Wonder\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Wonder\Plocha\CFscript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
file zipped: c:\windows\1EC10B9B.exe
file zipped: c:\windows\28A68B82.exe
file zipped: c:\windows\3BDCF4DC.exe
file zipped: c:\windows\4862E393.exe
file zipped: c:\windows\4C022957.exe
file zipped: c:\windows\4C8BC0AA.exe
file zipped: c:\windows\6204F4A1.exe
file zipped: c:\windows\68C8AA52.exe
file zipped: c:\windows\system32\drivers\eumzmori.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\1EC10B9B.exe
c:\windows\28A68B82.exe
c:\windows\3BDCF4DC.exe
c:\windows\4862E393.exe
c:\windows\4C022957.exe
c:\windows\4C8BC0AA.exe
c:\windows\6204F4A1.exe
c:\windows\68C8AA52.exe
c:\windows\system32\drivers\eumzmori.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Ovladače/Služby   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EUMZMORI
-------\Legacy_JFF67NIY
-------\Legacy_UAIMJDA
-------\Legacy_YQUWFITEW
-------\Service_eumzmori
-------\Service_jff67niy
-------\Service_syvzcfp
-------\Service_uaimjda
-------\Service_yquwfitew
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2011-04-24 do 2011-05-24  )))))))))))))))))))))))))))))))
.
.
2011-05-24 15:58 . 2011-05-24 15:59	--------	d-----w-	C:\rsit
2011-05-24 15:58 . 2011-05-24 15:58	--------	d-----w-	c:\program files\trend micro
2011-05-24 15:07 . 2011-05-24 15:18	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 15:07 . 2011-05-24 15:08	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-05-24 14:16 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-24 14:16 . 2011-05-24 14:16	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-24 14:16 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-24 13:55 . 2011-05-24 14:42	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\hP26400DpCfJ26400
2011-05-24 13:41 . 2011-05-24 13:41	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 13:39 . 2011-05-24 13:39	--------	d-----w-	C:\_OTM
2011-05-23 17:52 . 2011-05-24 13:37	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\eA26400CbGbD26400
2011-05-23 17:46 . 2011-05-23 17:46	--------	d-----w-	c:\documents and settings\Wonder\Data aplikací\Malwarebytes
2011-05-23 17:44 . 2011-05-23 17:44	--------	d-----w-	c:\documents and settings\LocalService\Nabídka Start
2011-05-23 17:21 . 2011-05-24 13:53	--------	d---a-w-	c:\documents and settings\All Users\Data aplikací\TEMP
2011-05-23 17:17 . 2011-05-24 13:53	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\PC Tools
2011-05-22 20:26 . 2011-05-23 17:38	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\mF26400EbMcH26400
2011-05-17 13:27 . 2011-05-17 13:27	--------	d-----w-	c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-05-17 13:27 . 2011-05-17 13:27	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-17 13:24 . 2011-05-17 13:24	--------	d-----w-	C:\How to remove Essential Cleaner virus _ My Anti Spyware_soubory
2011-05-08 13:05 . 2011-05-24 13:52	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2011-04-27 08:28 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-04-27 08:28 . 2006-10-26 17:56	32592	----a-w-	c:\windows\system32\msonpmon.dll
2011-04-27 08:27 . 2011-04-27 08:27	--------	d-----w-	c:\program files\Microsoft Works
2011-04-27 08:27 . 2011-04-27 08:27	--------	d-----w-	c:\program files\MSBuild
2011-04-27 08:26 . 2011-04-27 08:26	--------	d-----w-	c:\program files\Microsoft.NET
2011-04-27 08:24 . 2011-04-27 08:24	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-04-27 08:23 . 2011-04-27 08:27	--------	d-----w-	c:\windows\SHELLNEW
2011-04-27 08:22 . 2011-04-27 08:22	--------	d-----w-	c:\documents and settings\Wonder\Local Settings\Data aplikací\Microsoft Help
2011-04-27 08:22 . 2011-05-02 13:11	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-04-27 08:22 . 2011-04-27 08:22	--------	d-----r-	C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 13:38 . 2011-02-16 21:46	376832	----a-w-	c:\windows\system32\AegisI5Installer.exe
2011-04-03 11:52 . 2006-03-02 12:00	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys
2011-04-03 11:34 . 2011-04-03 11:34	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-24_17.56.11   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-24 19:01 . 2011-05-24 19:01	16384              c:\windows\temp\Perflib_Perfdata_69c.dat
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49	14940040	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.8.2010 22:04 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 22:07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7.4.2010 22:08 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.4.2010 22:07 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.5.2011 16:16 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.5.2011 16:16 20952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.9.2010 10:29 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Wonder\Data aplikací\Mozilla\Firefox\Profiles\g7blqbbe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz/firefox
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 21:02
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...  
.
skenování skrytých položek 'Po spuštění' ... 
.
skenování skrytých souborů ...  
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\nvappfilter.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-24  21:05:14 - počítač byl restartován
ComboFix-quarantined-files.txt  2011-05-24 19:05
ComboFix2.txt  2011-05-24 17:57
.
Před spuštěním: Volných bajtů: 13 803 724 800
Po spuštění: Volných bajtů: 13 754 773 504
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 2F03FE2102BFDB9FB458F759E04D24AA
Nahr nˇ probŘhlo ŁspŘçnŘ 

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[Wonder.x]

Komp jede bez problému zdá se že je vše ok. Díky moc za pomoc

[Rudy]

Nemáte zač!