VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
RSIT:
Run by ivo at 2011-07-26 15:17:16
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (9%) free of 100 GB
Total RAM: 2047 MB (14% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-583907252-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-583907252-1417001333-1003UA.job
C:\WINDOWS\tasks\Norton Security Scan for ivo.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B}]
BrowserPlugin - C:\Documents and Settings\ivo\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll [2011-04-25 436864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\ivo\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Documents and Settings\ivo\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll [2011-04-25 436864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-12-09 3911776]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_0.dll [2011-01-17 175912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\ivo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-04-06 1242448]
"QIP Internet Guardian"=C:\Documents and Settings\ivo\Data aplikací\QipGuard\QipGuard.exe [2011-07-18 190336]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-05-26 15147400]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]

C:\Documents and Settings\ivo\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\3DO\Heroes 3 Complete\Heroes3.exe"="C:\Program Files\3DO\Heroes 3 Complete\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Steam\steamapps\rollyyyy\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\rollyyyy\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 15:08:00 ----D---- C:\rsit
2011-07-26 15:08:00 ----D---- C:\Program Files\trend micro
2011-07-26 14:19:42 ----D---- C:\Program Files\Hamachi
2011-07-26 13:55:31 ----D---- C:\WINDOWS\SxsCaPendDel
2011-07-26 13:40:55 ----D---- C:\WINDOWS\LastGood
2011-07-26 13:37:12 ----D---- C:\Documents and Settings\ivo\Data aplikací\TeamViewer
2011-07-26 13:37:04 ----A---- C:\WINDOWS\system32\drivers\teamviewervpn.sys
2011-07-26 13:37:02 ----D---- C:\Program Files\TeamViewer
2011-07-25 16:25:01 ----A---- C:\WINDOWS\system32\rp_stats.dat
2011-07-25 16:25:01 ----A---- C:\WINDOWS\system32\rp_rules.dat
2011-07-25 16:24:36 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2011-07-25 16:24:28 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2011-07-25 16:19:37 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-07-25 16:18:36 ----D---- C:\Program Files\Lavasoft
2011-07-25 16:18:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2011-07-25 16:10:13 ----D---- C:\Documents and Settings\ivo\Data aplikací\Kerio
2011-07-25 15:12:21 ----D---- C:\Program Files\Common Files\3DO Shared
2011-07-23 19:19:46 ----D---- C:\Documents and Settings\ivo\Data aplikací\ATI
2011-07-23 19:19:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-07-15 21:31:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-15 21:31:18 ----D---- C:\WINDOWS\system32\drivers\NSS
2011-07-15 21:31:18 ----D---- C:\Program Files\Norton Security Scan
2011-07-15 21:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-07-15 21:31:13 ----D---- C:\Program Files\NortonInstaller
2011-07-15 21:31:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2011-07-15 19:30:36 ----D---- C:\WINDOWS\system32\Adobe
2011-07-14 12:30:17 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-14 11:48:47 ----D---- C:\Documents and Settings\ivo\Data aplikací\Hamachi
2011-07-14 11:48:34 ----A---- C:\WINDOWS\system32\drivers\hamachi.sys
2011-07-13 13:40:29 ----D---- C:\Program Files\directx
2011-07-13 13:40:19 ----A---- C:\WINDOWS\IsUninst.exe
2011-07-06 20:46:10 ----D---- C:\WINDOWS\system32\appmgmt

======List of files/folders modified in the last 1 month======

2011-07-26 15:08:00 ----RD---- C:\Program Files
2011-07-26 14:25:14 ----D---- C:\Documents and Settings\ivo\Data aplikací\Skype
2011-07-26 14:23:09 ----D---- C:\Program Files\QIP 2010
2011-07-26 14:19:46 ----D---- C:\WINDOWS\Temp
2011-07-26 14:19:46 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 13:55:31 ----SHD---- C:\WINDOWS\Installer
2011-07-26 13:55:31 ----D---- C:\WINDOWS
2011-07-26 13:40:55 ----HD---- C:\WINDOWS\inf
2011-07-26 11:46:59 ----D---- C:\WINDOWS\system32
2011-07-26 11:46:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-26 11:44:38 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 11:43:23 ----SD---- C:\WINDOWS\Tasks
2011-07-26 11:41:59 ----D---- C:\Program Files\Steam
2011-07-26 02:47:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 22:39:49 ----D---- C:\Documents and Settings\ivo\Data aplikací\uTorrent
2011-07-25 16:24:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-25 16:18:26 ----D---- C:\WINDOWS\WinSxS
2011-07-25 15:14:32 ----D---- C:\WINDOWS\system32\config
2011-07-25 15:14:13 ----D---- C:\WINDOWS\system32\wbem
2011-07-25 15:14:12 ----D---- C:\WINDOWS\Registration
2011-07-25 15:12:21 ----D---- C:\Program Files\Common Files
2011-07-25 15:12:21 ----D---- C:\Program Files\3DO
2011-07-24 15:34:43 ----D---- C:\WINDOWS\Prefetch
2011-07-23 21:53:49 ----RSD---- C:\WINDOWS\assembly
2011-07-23 21:52:29 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-23 19:10:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-23 19:10:02 ----D---- C:\WINDOWS\system32\mui
2011-07-23 19:10:02 ----D---- C:\Program Files\Internet Explorer
2011-07-22 22:16:14 ----D---- C:\Documents and Settings\ivo\Data aplikací\QipGuard
2011-07-16 01:24:58 ----SD---- C:\Documents and Settings\ivo\Data aplikací\Microsoft
2011-07-15 19:32:08 ----D---- C:\Documents and Settings\ivo\Data aplikací\Adobe
2011-07-06 21:48:37 ----D---- C:\Documents and Settings\ivo\Data aplikací\TS3Client
2011-07-05 14:38:22 ----D---- C:\Program Files\PokerStars
2011-07-01 17:10:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-07-01 17:10:20 ----D---- C:\Documents and Settings\ivo\Data aplikací\skypePM
2011-06-30 15:32:02 ----D---- C:\Betsson
2011-06-30 09:05:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-04-26 64512]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-05-19 218688]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-07-26 17480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-07-18 190336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-07-13 411432]

-----------------EOF-----------------

To je ten problem s generic host process for win32 services

Hezké odpoledne

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 11-07-26.02 - ivo 26.07.2011 18:17:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1604 [GMT 2:00]
Spuštěný z: c:\documents and settings\ivo\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ivo\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- C:\rsit
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- c:\program files\trend micro
2011-07-26 12:19 . 2011-07-26 12:19 -------- d-----w- c:\program files\Hamachi
2011-07-26 11:55 . 2011-07-26 11:55 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-26 11:40 . 2011-07-26 12:19 -------- d-----w- c:\windows\LastGood
2011-07-26 11:37 . 2011-07-26 11:44 -------- d-----w- c:\documents and settings\ivo\Data aplikací\TeamViewer
2011-07-26 11:37 . 2011-03-30 11:05 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2011-07-26 11:37 . 2011-07-26 11:37 -------- d-----w- c:\program files\TeamViewer
2011-07-25 15:06 . 2011-07-25 15:06 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-07-25 14:24 . 2011-04-26 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-25 14:24 . 2011-07-25 14:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-25 14:22 . 2011-07-25 14:22 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Sunbelt Software
2011-07-25 14:19 . 2011-07-25 14:19 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-07-25 14:18 . 2011-07-25 14:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2011-07-25 14:18 . 2011-07-25 14:18 -------- d-----w- c:\program files\Lavasoft
2011-07-25 14:10 . 2011-07-25 14:10 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Kerio
2011-07-25 13:14 . 2011-07-25 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-25 13:12 . 2011-07-25 13:12 -------- d-----w- c:\program files\Common Files\3DO Shared
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-15 19:55 . 2011-07-15 19:55 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Identities
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Norton Security Scan
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 17:30 . 2011-07-15 19:51 -------- d-----w- c:\windows\system32\Adobe
2011-07-14 10:30 . 2011-07-14 10:30 -------- d-----w- c:\windows\system32\LogFiles
2011-07-14 09:48 . 2011-07-26 16:07 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Hamachi
2011-07-14 09:48 . 2011-07-26 12:19 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-07-13 11:40 . 2011-07-13 11:40 -------- d-----w- c:\program files\directx
2011-07-13 11:40 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 19:15 . 2011-05-19 19:15 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-04-06 1242448]
"QIP Internet Guardian"="c:\documents and settings\ivo\Data aplikací\QipGuard\QipGuard.exe" [2011-07-18 190336]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-07-18 6812032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ivo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\3DO\\Heroes 3 Complete\\Heroes3.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\rollyyyy\\counter-strike\\hl.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.7.2011 16:24 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.5.2011 21:15 218688]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [8.4.2011 16:34 190336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [26.4.2011 2:00 2151640]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [16.1.2008 9:58 65024]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [26.7.2011 13:37 25088]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 11:19]
.
2011-07-15 c:\windows\Tasks\Norton Security Scan for ivo.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-15 11:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 18:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-07-26 18:31:34
ComboFix-quarantined-files.txt 2011-07-26 16:31
.
Před spuštěním: 9 166 544 896
Po spuštění: Volných bajtů: 10 637 668 352
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 20FA718DCF4723296E8C0C94F704642B

Halo

Jak to vypadá s počítačem?

Zatim asi v pohode kdyztak se ozvu. dekuju

Můžete mi ještě prosím zjistit, co je v těchto složkách?
c:\documents and settings\ivo\Local Settings\Data aplikací\ATI
c:\documents and settings\ivo\Data aplikací\ATI
c:\documents and settings\All Users\Data aplikací\ATI

V kazde je slozka ACE.
V jedne ACE je dokument manifest
V druhe nic
V treti je dokument profiles

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

DDS::
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie

registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

Folder::
c:\program files\ConduitEngine
c:\program files\uTorrentBar

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 11-07-26.02 - ivo 28.07.2011 15:21:59.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.828 [GMT 2:00]
Spuštěný z: c:\documents and settings\ivo\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ivo\Plocha\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Ubisoft
2011-07-27 13:28 . 2011-07-27 14:22 -------- d-----w- c:\program files\GameSpy Arcade
2011-07-26 16:09 . 2011-07-26 16:09 -------- d-----w- C:\## aswSnx private storage
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- C:\rsit
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- c:\program files\trend micro
2011-07-26 12:19 . 2011-07-26 12:19 -------- d-----w- c:\program files\Hamachi
2011-07-26 11:55 . 2011-07-27 09:12 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-26 11:37 . 2011-07-26 11:44 -------- d-----w- c:\documents and settings\ivo\Data aplikací\TeamViewer
2011-07-26 11:37 . 2011-03-30 11:05 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2011-07-26 11:37 . 2011-07-26 11:37 -------- d-----w- c:\program files\TeamViewer
2011-07-25 15:06 . 2011-07-25 15:06 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-07-25 14:24 . 2011-04-26 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-25 14:24 . 2011-07-25 14:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-25 14:22 . 2011-07-25 14:22 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Sunbelt Software
2011-07-25 14:19 . 2011-07-25 14:19 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-07-25 14:18 . 2011-07-25 14:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2011-07-25 14:18 . 2011-07-25 14:18 -------- d-----w- c:\program files\Lavasoft
2011-07-25 14:10 . 2011-07-25 14:10 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Kerio
2011-07-25 13:14 . 2011-07-25 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-15 19:55 . 2011-07-15 19:55 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Identities
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Norton Security Scan
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 17:30 . 2011-07-15 19:51 -------- d-----w- c:\windows\system32\Adobe
2011-07-14 10:30 . 2011-07-14 10:30 -------- d-----w- c:\windows\system32\LogFiles
2011-07-14 09:48 . 2011-07-27 15:56 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Hamachi
2011-07-14 09:48 . 2011-07-26 12:19 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-07-13 11:40 . 2011-07-13 11:40 -------- d-----w- c:\program files\directx
2011-07-13 11:40 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 19:15 . 2011-05-19 19:15 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_16.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-10-25 12:00 . 2011-07-28 10:55 79284 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 79284 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 93362 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 93362 c:\windows\system32\perfc005.dat
+ 2011-07-27 15:52 . 2011-07-27 15:52 10134 c:\windows\Installer\{EDFB64A7-5BFD-4137-943D-5663149A15F5}\ARPPRODUCTICON.exe
+ 2008-04-14 06:51 . 2008-04-14 06:51 140800 c:\windows\system32\zqkjvtd.dll
- 2001-10-25 12:00 . 2011-07-26 09:47 510570 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 510570 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 508804 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 508804 c:\windows\system32\perfh005.dat
+ 2011-07-27 15:52 . 2011-07-27 15:52 994304 c:\windows\Installer\16bf4ae.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-04-06 1242448]
"QIP Internet Guardian"="c:\documents and settings\ivo\Data aplikací\QipGuard\QipGuard.exe" [2011-07-18 190336]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-07-18 6812032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ivo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\rollyyyy\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1812:TCP"= 1812:TCP:rprdzcp
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.7.2011 16:24 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.5.2011 21:15 218688]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [8.4.2011 16:34 190336]
S2 fbxnsv;Installer Network;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 8:52 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [26.4.2011 2:00 2151640]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [16.1.2008 9:58 65024]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [26.7.2011 13:37 25088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fbxnsv
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 11:19]
.
2011-07-15 c:\windows\Tasks\Norton Security Scan for ivo.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-15 11:19]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-uTorrentBar Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fbxnsv]
"ServiceDll"="c:\windows\system32\zqkjvtd.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-07-28 15:28:17
ComboFix-quarantined-files.txt 2011-07-28 13:28
ComboFix2.txt 2011-07-26 16:31
.
Před spuštěním: Volných bajtů: 11 444 047 872
Po spuštění: Volných bajtů: 11 430 293 504
.
- - End Of File - - D0EB93F147719A237E484AFFD1CA8131

Kdepak jste chytl confickera? Nemáte na stejné síti další počítače?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\zqkjvtd.dll

Driver::
fbxnsv

netsvc::
fbxnsv

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1812:TCP"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Odpojte počítač od internetu a udělejte sken

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

ComboFix 11-07-26.02 - ivo 28.07.2011 19:37:17.3.2 - x86
Combofix:
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.806 [GMT 2:00]
Spuštěný z: c:\documents and settings\ivo\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ivo\Plocha\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
file zipped: c:\windows\system32\zqkjvtd.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zqkjvtd.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FBXNSV
-------\Service_fbxnsv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 14:24 . 2011-07-28 14:24 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Sunbelt Software
2011-07-27 15:49 . 2011-07-27 15:49 -------- d-----w- c:\program files\Ubisoft
2011-07-27 13:28 . 2011-07-27 14:22 -------- d-----w- c:\program files\GameSpy Arcade
2011-07-26 16:09 . 2011-07-26 16:09 -------- d-----w- C:\## aswSnx private storage
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- C:\rsit
2011-07-26 13:08 . 2011-07-26 13:17 -------- d-----w- c:\program files\trend micro
2011-07-26 12:19 . 2011-07-26 12:19 -------- d-----w- c:\program files\Hamachi
2011-07-26 11:55 . 2011-07-27 09:12 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-26 11:37 . 2011-07-26 11:44 -------- d-----w- c:\documents and settings\ivo\Data aplikací\TeamViewer
2011-07-26 11:37 . 2011-03-30 11:05 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2011-07-26 11:37 . 2011-07-26 11:37 -------- d-----w- c:\program files\TeamViewer
2011-07-25 15:06 . 2011-07-25 15:06 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-07-25 14:24 . 2011-04-26 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-25 14:24 . 2011-07-25 14:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-25 14:22 . 2011-07-25 14:22 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Sunbelt Software
2011-07-25 14:19 . 2011-07-25 14:19 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-07-25 14:18 . 2011-07-25 14:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2011-07-25 14:18 . 2011-07-25 14:18 -------- d-----w- c:\program files\Lavasoft
2011-07-25 14:10 . 2011-07-25 14:10 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Kerio
2011-07-25 13:14 . 2011-07-25 13:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\ivo\Data aplikací\ATI
2011-07-23 17:19 . 2011-07-23 17:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-15 19:55 . 2011-07-15 19:55 -------- d-----w- c:\documents and settings\ivo\Local Settings\Data aplikací\Identities
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\Norton Security Scan
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-07-15 19:31 . 2011-07-15 19:31 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 17:30 . 2011-07-15 19:51 -------- d-----w- c:\windows\system32\Adobe
2011-07-14 10:30 . 2011-07-14 10:30 -------- d-----w- c:\windows\system32\LogFiles
2011-07-14 09:48 . 2011-07-27 15:56 -------- d-----w- c:\documents and settings\ivo\Data aplikací\Hamachi
2011-07-14 09:48 . 2011-07-26 12:19 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-07-13 11:40 . 2011-07-13 11:40 -------- d-----w- c:\program files\directx
2011-07-13 11:40 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 19:15 . 2011-05-19 19:15 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_16.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-28 17:45 . 2011-07-28 17:45 16384 c:\windows\temp\Perflib_Perfdata_f60.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 79284 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 79284 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 93362 c:\windows\system32\perfc005.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 93362 c:\windows\system32\perfc005.dat
+ 2011-07-27 15:52 . 2011-07-27 15:52 10134 c:\windows\Installer\{EDFB64A7-5BFD-4137-943D-5663149A15F5}\ARPPRODUCTICON.exe
- 2001-10-25 12:00 . 2011-07-26 09:47 510570 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 510570 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2011-07-26 09:46 508804 c:\windows\system32\perfh005.dat
+ 2001-10-25 12:00 . 2011-07-28 10:55 508804 c:\windows\system32\perfh005.dat
+ 2011-07-27 15:52 . 2011-07-27 15:52 994304 c:\windows\Installer\16bf4ae.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-04-06 1242448]
"QIP Internet Guardian"="c:\documents and settings\ivo\Data aplikací\QipGuard\QipGuard.exe" [2011-07-18 190336]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-07-18 6812032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ivo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\rollyyyy\\counter-strike\\hl.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.7.2011 16:24 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.5.2011 21:15 218688]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [26.4.2011 2:00 2151640]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [8.4.2011 16:34 190336]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [16.1.2008 9:58 65024]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [26.7.2011 13:37 25088]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 11:19]
.
2011-07-15 c:\windows\Tasks\Norton Security Scan for ivo.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-15 11:19]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 19:48:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 17:47
ComboFix2.txt 2011-07-28 13:28
ComboFix3.txt 2011-07-26 16:31
.
Před spuštěním: Volných bajtů: 11 184 648 192
Po spuštění: Volných bajtů: 11 136 118 784
.
- - End Of File - - 9DEAD91466857E6209E9F52A0CDB3F69

Jinak jo jsou pripojeny na siti jeste 2 pc

generic host process for win32 services to zase hodilo..tak po dvou dnech.

Stáhněte http://www.troublefixers.com/wp-content ... emoval.bat
-spusťte, následně restartujte počítač.
-pokud se objeví log, vložte ho zde

VIRY.CZ

Problem s PC

Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC

Re: Problem s PC