VIRY.CZ

Dobry den,
kdyz se snazim vytvorit log s RSIT, tak po chvilce spadne a obsahuje jen toto:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-11-03 10:17:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 26 GB (70%) free of 37 GB
Total RAM: 511 MB (46% free)

V antiviru ESET 4 mam hlasku:
Kontrola při startu soubor Operační paměť » explorer.exe(1808) varianta infiltrace Win32/Agent.SHM trojský kůň nelze léčit

Poradite, prosim?

Zdravim a pekny den preji

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

11:48:25.0703 2124 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
11:48:25.0718 2124 ============================================================
11:48:25.0718 2124 Current date / time: 2011/11/03 11:48:25.0718
11:48:25.0718 2124 SystemInfo:
11:48:25.0718 2124
11:48:25.0718 2124 OS Version: 5.1.2600 ServicePack: 3.0
11:48:25.0718 2124 Product type: Workstation
11:48:25.0718 2124 ComputerName: PC113
11:48:25.0718 2124 UserName: Administrator
11:48:25.0718 2124 Windows directory: C:\WINDOWS
11:48:25.0718 2124 System windows directory: C:\WINDOWS
11:48:25.0718 2124 Processor architecture: Intel x86
11:48:25.0718 2124 Number of processors: 1
11:48:25.0718 2124 Page size: 0x1000
11:48:25.0718 2124 Boot type: Normal boot
11:48:25.0718 2124 ============================================================
11:48:26.0812 2124 Initialize success
11:48:31.0781 2140 ============================================================
11:48:31.0781 2140 Scan started
11:48:31.0781 2140 Mode: Manual;
11:48:31.0781 2140 ============================================================
11:48:32.0296 2140 Abiosdsk - ok
11:48:32.0343 2140 abp480n5 - ok
11:48:32.0406 2140 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:48:32.0406 2140 ACPI - ok
11:48:32.0484 2140 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:48:32.0484 2140 ACPIEC - ok
11:48:32.0531 2140 adpu160m - ok
11:48:32.0593 2140 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
11:48:32.0593 2140 aeaudio - ok
11:48:32.0687 2140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:48:32.0703 2140 aec - ok
11:48:32.0765 2140 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:48:32.0765 2140 AFD - ok
11:48:32.0828 2140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:48:32.0843 2140 agp440 - ok
11:48:32.0890 2140 Aha154x - ok
11:48:32.0937 2140 aic78u2 - ok
11:48:32.0968 2140 aic78xx - ok
11:48:33.0015 2140 AliIde - ok
11:48:33.0062 2140 amsint - ok
11:48:33.0093 2140 asc - ok
11:48:33.0140 2140 asc3350p - ok
11:48:33.0156 2140 asc3550 - ok
11:48:33.0218 2140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:48:33.0234 2140 AsyncMac - ok
11:48:33.0296 2140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:48:33.0312 2140 atapi - ok
11:48:33.0343 2140 Atdisk - ok
11:48:33.0421 2140 ati2mtag (86be5339a67c0a309f3e3ef8b0901ee5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:48:33.0421 2140 ati2mtag - ok
11:48:33.0515 2140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:48:33.0515 2140 Atmarpc - ok
11:48:33.0593 2140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:48:33.0593 2140 audstub - ok
11:48:33.0703 2140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:48:33.0703 2140 Beep - ok
11:48:33.0796 2140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:48:33.0796 2140 cbidf2k - ok
11:48:33.0859 2140 cd20xrnt - ok
11:48:33.0937 2140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:48:33.0937 2140 Cdaudio - ok
11:48:34.0000 2140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:48:34.0000 2140 Cdfs - ok
11:48:34.0093 2140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:48:34.0093 2140 Cdrom - ok
11:48:34.0156 2140 Changer - ok
11:48:34.0203 2140 CmdIde - ok
11:48:34.0265 2140 Cpqarray - ok
11:48:34.0312 2140 dac2w2k - ok
11:48:34.0343 2140 dac960nt - ok
11:48:34.0421 2140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:48:34.0421 2140 Disk - ok
11:48:34.0546 2140 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
11:48:34.0546 2140 dmboot - ok
11:48:34.0656 2140 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
11:48:34.0656 2140 dmio - ok
11:48:34.0750 2140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:48:34.0750 2140 dmload - ok
11:48:34.0828 2140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:48:34.0828 2140 DMusic - ok
11:48:34.0906 2140 dpti2o - ok
11:48:34.0984 2140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:34.0984 2140 drmkaud - ok
11:48:35.0046 2140 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:48:35.0046 2140 E100B - ok
11:48:35.0140 2140 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\WINDOWS\system32\DRIVERS\eamon.sys
11:48:35.0140 2140 eamon - ok
11:48:35.0218 2140 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
11:48:35.0218 2140 ehdrv - ok
11:48:35.0296 2140 epfw (39f48a0784be8465cd1ac80b36d61613) C:\WINDOWS\system32\DRIVERS\epfw.sys
11:48:35.0312 2140 epfw - ok
11:48:35.0390 2140 Epfwndis (3b47010b2425b69826004767e59045ba) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
11:48:35.0390 2140 Epfwndis - ok
11:48:35.0468 2140 epfwtdi (763c43360a541c92ef6c97452b312f3b) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
11:48:35.0468 2140 epfwtdi - ok
11:48:35.0593 2140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:48:35.0593 2140 Fastfat - ok
11:48:35.0703 2140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:48:35.0703 2140 Fdc - ok
11:48:35.0796 2140 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
11:48:35.0796 2140 Fips - ok
11:48:35.0859 2140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:48:35.0859 2140 Flpydisk - ok
11:48:35.0937 2140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:35.0937 2140 FltMgr - ok
11:48:35.0984 2140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:35.0984 2140 Fs_Rec - ok
11:48:36.0062 2140 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:48:36.0062 2140 Ftdisk - ok
11:48:36.0140 2140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:48:36.0140 2140 Gpc - ok
11:48:36.0234 2140 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:48:36.0234 2140 hidusb - ok
11:48:36.0281 2140 hpn - ok
11:48:36.0375 2140 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:48:36.0375 2140 HTTP - ok
11:48:36.0437 2140 i2omgmt - ok
11:48:36.0500 2140 i2omp - ok
11:48:36.0546 2140 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:48:36.0546 2140 i8042prt - ok
11:48:36.0656 2140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:48:36.0656 2140 Imapi - ok
11:48:36.0734 2140 ini910u - ok
11:48:36.0812 2140 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:48:36.0812 2140 IntelIde - ok
11:48:36.0890 2140 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:48:36.0890 2140 intelppm - ok
11:48:36.0984 2140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:48:36.0984 2140 Ip6Fw - ok
11:48:37.0078 2140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:37.0078 2140 IpFilterDriver - ok
11:48:37.0156 2140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:48:37.0156 2140 IpInIp - ok
11:48:37.0250 2140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:48:37.0250 2140 IpNat - ok
11:48:37.0312 2140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:48:37.0328 2140 IPSec - ok
11:48:37.0406 2140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:48:37.0406 2140 IRENUM - ok
11:48:37.0500 2140 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:48:37.0500 2140 isapnp - ok
11:48:37.0578 2140 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:48:37.0578 2140 Kbdclass - ok
11:48:37.0656 2140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:48:37.0656 2140 kmixer - ok
11:48:37.0750 2140 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:48:37.0750 2140 KSecDD - ok
11:48:37.0812 2140 lbrtfdc - ok
11:48:37.0906 2140 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
11:48:37.0906 2140 MidiSyn - ok
11:48:37.0984 2140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:48:37.0984 2140 mnmdd - ok
11:48:38.0078 2140 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
11:48:38.0078 2140 Modem - ok
11:48:38.0156 2140 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:48:38.0156 2140 Mouclass - ok
11:48:38.0234 2140 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:48:38.0234 2140 mouhid - ok
11:48:38.0296 2140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:48:38.0312 2140 MountMgr - ok
11:48:38.0359 2140 mraid35x - ok
11:48:38.0421 2140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:48:38.0421 2140 MRxDAV - ok
11:48:38.0515 2140 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:38.0515 2140 MRxSmb - ok
11:48:38.0609 2140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:48:38.0609 2140 Msfs - ok
11:48:38.0718 2140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:38.0718 2140 MSKSSRV - ok
11:48:38.0796 2140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:38.0828 2140 MSPCLOCK - ok
11:48:38.0906 2140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:38.0906 2140 MSPQM - ok
11:48:39.0000 2140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:48:39.0000 2140 mssmbios - ok
11:48:39.0078 2140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:48:39.0078 2140 Mup - ok
11:48:39.0171 2140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:48:39.0187 2140 NDIS - ok
11:48:39.0234 2140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:48:39.0234 2140 NdisTapi - ok
11:48:39.0328 2140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:48:39.0328 2140 Ndisuio - ok
11:48:39.0421 2140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:39.0421 2140 NdisWan - ok
11:48:39.0500 2140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:48:39.0500 2140 NDProxy - ok
11:48:39.0578 2140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:48:39.0578 2140 NetBIOS - ok
11:48:39.0671 2140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:48:39.0671 2140 NetBT - ok
11:48:39.0781 2140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:48:39.0781 2140 Npfs - ok
11:48:39.0875 2140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:48:39.0890 2140 Ntfs - ok
11:48:39.0984 2140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:48:39.0984 2140 Null - ok
11:48:40.0046 2140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:48:40.0046 2140 NwlnkFlt - ok
11:48:40.0140 2140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:48:40.0140 2140 NwlnkFwd - ok
11:48:40.0234 2140 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
11:48:40.0234 2140 Parport - ok
11:48:40.0312 2140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:48:40.0312 2140 PartMgr - ok
11:48:40.0390 2140 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
11:48:40.0390 2140 ParVdm - ok
11:48:40.0468 2140 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
11:48:40.0468 2140 PCI - ok
11:48:40.0515 2140 PCIDump - ok
11:48:40.0562 2140 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:48:40.0562 2140 PCIIde - ok
11:48:40.0656 2140 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:48:40.0656 2140 Pcmcia - ok
11:48:40.0718 2140 PDCOMP - ok
11:48:40.0765 2140 PDFRAME - ok
11:48:40.0796 2140 PDRELI - ok
11:48:40.0843 2140 PDRFRAME - ok
11:48:40.0890 2140 perc2 - ok
11:48:40.0921 2140 perc2hib - ok
11:48:41.0015 2140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:48:41.0015 2140 PptpMiniport - ok
11:48:41.0125 2140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:48:41.0125 2140 PSched - ok
11:48:41.0203 2140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:48:41.0203 2140 Ptilink - ok
11:48:41.0250 2140 ql1080 - ok
11:48:41.0312 2140 Ql10wnt - ok
11:48:41.0375 2140 ql12160 - ok
11:48:41.0406 2140 ql1240 - ok
11:48:41.0437 2140 ql1280 - ok
11:48:41.0500 2140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:48:41.0500 2140 RasAcd - ok
11:48:41.0593 2140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:48:41.0593 2140 Rasl2tp - ok
11:48:41.0703 2140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:48:41.0703 2140 RasPppoe - ok
11:48:41.0796 2140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:48:41.0796 2140 Raspti - ok
11:48:41.0906 2140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:48:41.0906 2140 Rdbss - ok
11:48:41.0984 2140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:48:41.0984 2140 RDPCDD - ok
11:48:42.0062 2140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:48:42.0062 2140 rdpdr - ok
11:48:42.0156 2140 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:48:42.0171 2140 RDPWD - ok
11:48:42.0250 2140 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:48:42.0250 2140 redbook - ok
11:48:42.0390 2140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:48:42.0390 2140 Secdrv - ok
11:48:42.0500 2140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:48:42.0500 2140 serenum - ok
11:48:42.0578 2140 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
11:48:42.0578 2140 Serial - ok
11:48:42.0671 2140 sf (e8cc4ba7b2e962bd932c7bf678e762e0) C:\WINDOWS\system32\drivers\sf.sys
11:48:42.0671 2140 sf - ok
11:48:42.0734 2140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:48:42.0734 2140 Sfloppy - ok
11:48:42.0796 2140 Simbad - ok
11:48:42.0859 2140 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
11:48:42.0859 2140 SMBios - ok
11:48:42.0968 2140 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
11:48:42.0968 2140 smwdm - ok
11:48:43.0031 2140 Sparrow - ok
11:48:43.0109 2140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:48:43.0109 2140 splitter - ok
11:48:43.0203 2140 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
11:48:43.0218 2140 sr - ok
11:48:43.0312 2140 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:48:43.0312 2140 Srv - ok
11:48:43.0406 2140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:48:43.0421 2140 swenum - ok
11:48:43.0484 2140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:48:43.0484 2140 swmidi - ok
11:48:43.0531 2140 symc810 - ok
11:48:43.0562 2140 symc8xx - ok
11:48:43.0578 2140 sym_hi - ok
11:48:43.0609 2140 sym_u3 - ok
11:48:43.0671 2140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:48:43.0671 2140 sysaudio - ok
11:48:43.0796 2140 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:48:43.0796 2140 Tcpip - ok
11:48:43.0890 2140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:48:43.0890 2140 TDPIPE - ok
11:48:43.0984 2140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:48:43.0984 2140 TDTCP - ok
11:48:44.0078 2140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:48:44.0078 2140 TermDD - ok
11:48:44.0156 2140 TosIde - ok
11:48:44.0234 2140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:48:44.0250 2140 Udfs - ok
11:48:44.0296 2140 ultra - ok
11:48:44.0390 2140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:48:44.0390 2140 Update - ok
11:48:44.0484 2140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:48:44.0500 2140 usbehci - ok
11:48:44.0578 2140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:48:44.0578 2140 usbhub - ok
11:48:44.0671 2140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:48:44.0671 2140 USBSTOR - ok
11:48:44.0750 2140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:48:44.0750 2140 usbuhci - ok
11:48:44.0843 2140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:48:44.0843 2140 VgaSave - ok
11:48:44.0906 2140 ViaIde - ok
11:48:44.0953 2140 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
11:48:44.0953 2140 VolSnap - ok
11:48:45.0046 2140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:48:45.0062 2140 Wanarp - ok
11:48:45.0109 2140 WDICA - ok
11:48:45.0171 2140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:48:45.0171 2140 wdmaud - ok
11:48:45.0281 2140 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
11:48:45.0390 2140 \Device\Harddisk0\DR0 - ok
11:48:45.0406 2140 MBR (0x1B8) (ec6d1d4067f35421e17dd82a77a3ed0c) \Device\Harddisk1\DR3
11:48:50.0234 2140 \Device\Harddisk1\DR3 - ok
11:48:50.0250 2140 Boot (0x1200) (54bf0810977e780ccdb7d977b0049afb) \Device\Harddisk0\DR0\Partition0
11:48:50.0250 2140 \Device\Harddisk0\DR0\Partition0 - ok
11:48:50.0281 2140 Boot (0x1200) (020eba54237bfe3d82695c2ffa78ddbc) \Device\Harddisk0\DR0\Partition1
11:48:50.0281 2140 \Device\Harddisk0\DR0\Partition1 - ok
11:48:50.0281 2140 Boot (0x1200) (b3c092e173edefbd8c33ff871c954ef0) \Device\Harddisk1\DR3\Partition0
11:48:50.0281 2140 \Device\Harddisk1\DR3\Partition0 - ok
11:48:50.0296 2140 ============================================================
11:48:50.0296 2140 Scan finished
11:48:50.0296 2140 ============================================================
11:48:50.0312 2132 Detected object count: 0
11:48:50.0312 2132 Actual detected object count: 0

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Zkuste udelat log z RSIT

To jsem delal hned na zacatku, po chvilce spadne i v nouzovem rezimu stejne jako v normalnim rezimu . Samozrejme jsem to neuspesne zkousel i pod ruznymi prihlasovacimi profily.

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 11/03/2011 12:05:04

Bad processes: 0

Registry Entries: 7
[SUSP PATH] iMeshNAG.job : C:\DOCUME~1\vrablik\LOCALS~1\Temp\iMesh_setup.exe -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.0.94:3128) -> NOT REMOVED, USE PROXYFIX
[IFEO] HKLM\[...]\Image File Execution Options : explorer.exe ("c:\windows\system32\peakoqek.txt") -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: HOSTSFix -- Date : 11/03/2011 12:05:19

Bad processes: 0

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.1.6 [11/01/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: ProxyFix -- Date : 11/03/2011 12:05:27

Bad processes: 0

Driver: [LOADED]

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.0.94:3128) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Pak zkuste udelat RSIT

exeHelper by Raktor
Build 20100414
Run at 12:25:20 on 11/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RSIT stale pada
Zkusil jsem stahnout samostatny HijackThis.exe a pri spusteni se hned zavre.

zkuste DDS http://www.viry.cz/forum/viewtopic.php?f=24&t=81946

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 13:49:02 on 2011-11-03
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.228 [GMT 1:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.cz/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {6149051d-2a9c-6df6-6121-a0ab418d2dea} - Class
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\nabdka~1\programy\posput~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
Trusted Zone: mojebanka.cz\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: \\?\c:\windows\system32\aux.mbj
IFEO: explorer.exe - "c:\windows\system32\peakoqek.txt"
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-18 69120]
.
=============== Created Last 30 ================
.
2011-11-03 09:15:09 -------- d-----w- c:\program files\trend micro
2011-11-03 09:14:20 -------- d-----w- C:\Temp
.
==================== Find3M ====================
.
2011-10-31 05:49:09 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
============= FINISH: 13:49:28,03 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13.12.2004 11:06:35
System Uptime: 3.11.2011 12:27:21 (1 hours ago)
.
Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Celeron(R) CPU 2.66GHz | J2E1 | 2661/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 36 GiB total, 26,794 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 35,433 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 - Czech
ESET Smart Security
Intel(R) PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 2
Karaoke Anything!
MetaFrame Presentation Server Client
OpenOffice.org 3.2
PowerDVD
Skype Plugin Manager
SoundMAX
Total Commander (Remove or Repair)
WebFldrs XP
Windows Internet Explorer 8
Windows XP Service Pack 3
XMLinst
.

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 11-11-03.01 - Administrator 03.11.2011 14:21:02.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.228 [GMT 1:00]
Spuštěný z: c:\temp\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\vrablik\6[1].jpg
c:\documents and settings\vrablik\vmidi.exe
c:\windows\IsUn0405.exe
c:\windows\system32\{8A03B786-7424-48FE-A3B1-E4A2CC177294}.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 09:15 . 2011-11-03 11:28 -------- d-----w- c:\program files\trend micro
2011-11-03 09:15 . 2011-11-03 11:04 -------- d-----w- C:\rsit
2011-11-03 09:14 . 2011-11-03 13:10 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 05:49 . 2006-10-30 05:56 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-5-2 233744]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 8:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 8:04 735960]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{6149051D-2A9C-6DF6-6121-A0AB418D2DEA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 14:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-261903793-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,be,cd,17,3d,9e,41,4c,84,f9,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,be,cd,17,3d,9e,41,4c,84,f9,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6149051D-2A9C-6DF6-6121-A0AB418D2DEA}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF900F7C-7C3D-489A-BA49-47ABA04FC55C}]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
@="Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF900F7C-7C3D-489A-BA49-47ABA04FC55C}\Data\MD]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"Data04"=dword:00003482
"Data05"=dword:00000000
"Data0C"=dword:00000bb8
"Data0E"=dword:00000708
"Data0F"=dword:00000384
"Data10"=dword:00000003
"Data11"=dword:00000001
"Data12"=dword:000003e8
"Data13"=dword:00000014
"Data14"=dword:00000258
"Data15"=dword:00002a30
"Data16"=dword:00000005
"Data0D"=dword:00000960
"Data17"=dword:00000000
"Data18"=dword:0000000f
"Data19"=dword:0000000f
"Data1A"=dword:00000002
"Data21"=dword:00000001
"Data22"=dword:00000001
"Data23"=dword:00000005
"Data24"=dword:000003e8
"Data00"=dword:00000000
"Data01"=dword:00000000
"Data02"=dword:00003482
"Data09"=dword:00000000
"Data80"="($\14˙˜\1f\0fG ˘‡tńÝÄÁě\12\0eű."
"Data85"="XTDŻiN>ĺŢƲ4Ü\02ýl\1e"
"Data86"="HDłźY>®ŰČĹ(\1d\06ńdaSüˇť‹="
"Data87"="8łŁŹI®žÂ·.\1d\06ńgd@üˇť‹="
"Data82"="\08\04Ň`\1aţn–‚{îăÇ}\"\1e\0c˝fR\0d?¦ž"
"Data83"="÷ŇdP\0an^–†öťĹ» \"\07ůh]\0d=Ł˘MuáśÎ¶."
"Data84"="ĆdT@y^N†ňÔÂľ-\13Ěńn\\\0eF±\\Žvî"
"Data88"="§Ł“ąžŽĆ+\1e\16ĽmTSýµš‡|éśÎ¶."
"Data89"="—“ƒď©Ž~6\1b\0e\06-]DCmĄŠwěŮŚľ&\1e"
"Data8A"="‡ƒóß™~í&\0býv\1dM4˛]•z°śÎ¶."
"Data8B"="wóăωíÝ\01\02dRQ4˛\\ŚsňťŔÁë\1e\06ý"
"Data8C"="çăÓżřÝÍ\06rTB>¬’LqíŰŤ±-\1b\0bül\1dR3Şť‰nńŇ‹˝%\1d"
"Data8D"="×ÓĂ/čÍ˝rW@3˘ťL|ăâŤÁ&Ű\0eőn"
"Data8E"="´ť\0aüíĺM"
"Data8F"="·3#\0fČ.\1eABŁ‘sňśĚł2Ü\11ů,^F>"
"Data91"="\17\13\03o)\0eýĄ‘Š}ňÖŚ±-\1bĚóe\1cN6­"
"Data92"="\07\03s_\19ýmĄŠ}őśĚł2Ü\01ük[M<l•†{ńĚÇŔę\1d\05ü"
"Data1B"=dword:00000000
"Data1D"=dword:00000000
"Data25"=dword:00000000
"Data1C"=dword:00000000
"Data1E"=dword:00000000
"Data26"=dword:00000001
"Data20"=dword:00029b49
"Data0A"=dword:00003482
"Data0B"=dword:00000009
"Data90"="]\18\11ďeP\0b1łˇ†:éÚÂŔé\1e\10îibG9ž›‘xޙƻ1\12\0fúba\09"
"Data2B"=dword:00000000
"Data2C"=dword:00000000
"Data2D"=dword:00000000
"Data2E"=dword:00000000
"Data27"=dword:00000004
"Data28"=dword:00000004
"Data29"=dword:00000004
"Data2A"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Microsoft\aaftq]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\gvnfw]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{BF900F7C-7C3D-489A-BA49-47ABA04FC55C}"=""
.
Celkový čas: 2011-11-03 14:28:44
ComboFix-quarantined-files.txt 2011-11-03 13:28
.
Před spuštěním: Volných bajtů: 28 688 576 512
Po spuštění: Volných bajtů: 30 304 755 712
.
- - End Of File - - 615268A2ABA6AACF2958938E1E4AA50C

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "RemoteControl"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""
  
  Collect::
  c:\windows\system32\peakoqek.txt
  c:\windows\system32\aux.mbj
  
  DDS::
  IFEO: explorer.exe - "c:\windows\system32\peakoqek.txt"
  
  File::
  c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Microsoft\gvnfw]
  [HKEY_LOCAL_MACHINE\software\Microsoft\aaftq]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF900F7C-7C3D-489A-BA49-47ABA04FC55C}\Data\MD]
  [HKEY_USERS\S-1-5-21-448539723-261903793-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6149051D-2A9C-6DF6-6121-A0AB418D2DEA}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF900F7C-7C3D-489A-BA49-47ABA04FC55C}]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 11-11-03.01 - Administrator 04.11.2011 6:54.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.193 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"
.
file zipped: c:\windows\system32\peakoqek.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ehome\medctrro.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\aux.mbj
c:\windows\system32\kernel32.exe
c:\windows\system32\peakoqek.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-03 14:28 . 2011-11-03 14:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 05:49 . 2006-10-30 05:56 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-5-2 233744]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 8:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 8:04 735960]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Karaoke Anything!1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 07:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2011-11-04 07:14:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-04 06:14
ComboFix2.txt 2011-11-03 13:28
.
Před spuštěním: Volných bajtů: 30 324 006 912
Po spuštění: Volných bajtů: 30 313 148 416
.
- - End Of File - - 74679F410AB52FF7911401AAE254E3E8