VIRY.CZ

Dobrý den,
Potřeboval bych pomoc... Už asi cca týden mám strašně zpomalený PC využití CPU mám skoro pořád 50 % +, díval jsem se do procesů tam jsem nic podezřelého nenašel (možná taky proto že nějak extra sběhlý s PC nejsem). A navíc teď poslední 2 dny mám na obrazovce pořád nějaké barevné kostičky, které mi problikávájí občas zmizí, pak se objeví nebo když pustím třeba nějaké video nevidím nic jiného než kostičky pak se mi freezne PC co 10 sekund mi problikne černá obrazovka a pak mi problikne modrá obrazovka v ní nějaký text který nestihnu ani přečíst a restart systému... Mám trial verzi Noda ten nic nenašel.. MBAM taky nic.. zkoušel sem opravit registy přes CCleaner (myslel sem že by to třeba pomohlo). Tento problém jsem měl už jednou a musel sem poslat PC na opravu a našli mi tam cca 50 virů +. (měl sem cracklou verzi
avastu ) Teď sem měl free antivir Avira a až pak jsem si tam hodil toho trial Noda. Přikládám výpis z RSITU. Předem se omlouvám za chyby píšu to teď v rychlosti. Díky za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by správce at 2011-12-11 13:18:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (24%) free of 44 GB
Total RAM: 1535 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:00, on 11.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Medal\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\správce\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\správce.exe
C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=generic
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.conduit.com/?SearchSource ... =CT2475029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medal\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 8761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-1801674531-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1343024091-1801674531-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-29 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\prxtbMyA0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-29 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-29 13923432]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-01-19 1150976]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2009-01-09 114688]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2011-06-15 307200]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-12-20 94208]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2010-07-30 2181744]
"Google Update"=C:\Documents and Settings\správce\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-08-29 136176]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\správce\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\správce\Plocha\Full.Rip.Call.of.Duty.4.Modern.Warfare.0wn3R\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\správce\Plocha\Full.Rip.Call.of.Duty.4.Modern.Warfare.0wn3R\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Medal\UnrealEngine3\Binaries\MOHA.exe"="D:\Medal\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"G:\Nainstalované hry\Dirt 3\dirt3_game.exe"="G:\Nainstalované hry\Dirt 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Catal\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="D:\Catal\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"G:\Catal\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="G:\Catal\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"G:\Catal\Launcher.exe"="G:\Catal\Launcher.exe:*:Enabled:Blizzard Launcher"
"G:\Catal\Launcher.patch.exe"="G:\Catal\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"D:\Call of Duty 2\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="D:\Call of Duty 2\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Call of Duty 2\Launcher.exe"="D:\Call of Duty 2\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Call of Duty 2\Launcher.patch.exe"="D:\Call of Duty 2\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"G:\Nainstalované hry\CoH\RelicCOH.exe"="G:\Nainstalované hry\CoH\RelicCOH.exe:*:Enabled:Company of Heroes"
"G:\Nainstalované hry\CoH\RelicDownloader\RelicDownloader.exe"="G:\Nainstalované hry\CoH\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux7"=wdmaud.drv
"aux9"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-12-11 13:18:30 ----D---- C:\Program Files\trend micro
2011-12-11 13:18:26 ----D---- C:\rsit
2011-12-11 13:06:56 ----D---- C:\Documents and Settings\správce\Data aplikací\Malwarebytes
2011-12-11 13:06:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-12-11 13:02:55 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-11 13:02:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-11 12:54:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-11 12:18:05 ----D---- C:\Program Files\CCleaner
2011-12-11 11:15:25 ----D---- C:\Program Files\ESET
2011-12-09 22:37:56 ----RA---- C:\WINDOWS\system32\tmpEB.tmp
2011-12-09 22:37:56 ----RA---- C:\WINDOWS\system32\tmpEA.tmp
2011-12-09 21:48:45 ----D---- C:\Program Files\Codemasters
2011-12-09 16:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-12-08 21:41:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-12-07 22:23:09 ----A---- C:\WINDOWS\system32\mkl_vml_p4.dll
2011-12-07 22:23:09 ----A---- C:\WINDOWS\system32\mkl_vml_p3.dll
2011-12-07 22:23:09 ----A---- C:\WINDOWS\system32\mkl_vml_def.dll
2011-12-07 22:23:09 ----A---- C:\WINDOWS\system32\mkl_p4.dll
2011-12-07 22:23:08 ----A---- C:\WINDOWS\system32\mkl_p3.dll
2011-12-07 22:23:08 ----A---- C:\WINDOWS\system32\mkl_lapack64.dll
2011-12-07 22:23:08 ----A---- C:\WINDOWS\system32\mkl_lapack32.dll
2011-12-07 22:23:08 ----A---- C:\WINDOWS\system32\mkl_def.dll
2011-12-07 22:23:07 ----A---- C:\WINDOWS\system32\libguide40.dll
2011-12-07 22:21:29 ----D---- C:\WINDOWS\system32\XPSViewer
2011-12-07 22:20:22 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-12-07 22:20:22 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-12-07 22:20:21 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-12-07 22:15:30 ----RA---- C:\WINDOWS\system32\tmp1B5.tmp
2011-12-07 22:15:30 ----RA---- C:\WINDOWS\system32\tmp1B4.tmp
2011-11-25 18:29:42 ----D---- C:\Program Files\Cisco Packet Tracer 5.3.2
2011-11-24 17:37:42 ----SHD---- C:\WINDOWS\ftpcache
2011-11-22 19:11:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2011-11-22 15:46:34 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2011-11-22 15:45:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard
2011-11-17 19:11:35 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2011-11-17 19:11:28 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2011-11-17 19:11:26 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2011-11-17 19:11:20 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2011-11-17 19:11:16 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2011-11-17 19:11:12 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2011-11-17 19:11:08 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2011-11-17 19:10:23 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2011-11-17 19:08:37 ----N---- C:\WINDOWS\amcap.exe
2011-11-17 19:08:24 ----N---- C:\WINDOWS\tsnpstd3.exe
2011-11-17 19:08:24 ----A---- C:\WINDOWS\vsnpstd3.exe
2011-11-17 19:08:22 ----A---- C:\WINDOWS\snpstd3.src
2011-11-17 19:08:22 ----A---- C:\WINDOWS\snpstd3.ini
2011-11-17 19:08:18 ----A---- C:\WINDOWS\system32\drivers\snpstd3.sys
2011-11-17 19:08:17 ----N---- C:\WINDOWS\system32\vsnpstd3.dll
2011-11-17 19:08:17 ----N---- C:\WINDOWS\system32\rsnpstd3.dll
2011-11-17 19:08:17 ----A---- C:\WINDOWS\vsnpstd3.dll
2011-11-17 19:08:17 ----A---- C:\WINDOWS\system32\csnpstd3.dll
2011-11-17 19:08:16 ----N---- C:\WINDOWS\usnpstd3.exe
2011-11-17 19:08:16 ----D---- C:\Program Files\Common Files\snpstd3
2011-11-13 21:01:00 ----A---- C:\WINDOWS\system32\javaws.exe
2011-11-13 21:01:00 ----A---- C:\WINDOWS\system32\javaw.exe
2011-11-13 21:01:00 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-12-11 13:32:46 ----D---- C:\WINDOWS\Prefetch
2011-12-11 13:19:55 ----D---- C:\WINDOWS\Temp
2011-12-11 13:18:30 ----RD---- C:\Program Files
2011-12-11 13:13:14 ----D---- C:\WINDOWS\system32\drivers
2011-12-11 13:12:15 ----D---- C:\WINDOWS\Minidump
2011-12-11 13:12:15 ----D---- C:\WINDOWS
2011-12-11 13:04:27 ----D---- C:\Program Files\Centauri
2011-12-11 12:44:04 ----SHD---- C:\WINDOWS\Installer
2011-12-11 12:42:20 ----A---- C:\WINDOWS\system.ini
2011-12-11 12:40:29 ----D---- C:\Documents and Settings\správce\Data aplikací\Media Player Classic
2011-12-11 12:40:23 ----D---- C:\Documents and Settings\správce\Data aplikací\TS3Client
2011-12-11 12:40:22 ----D---- C:\Documents and Settings\správce\Data aplikací\Skype
2011-12-11 12:39:43 ----D---- C:\WINDOWS\Logs
2011-12-11 12:39:42 ----D---- C:\WINDOWS\Debug
2011-12-11 11:17:30 ----HD---- C:\WINDOWS\inf
2011-12-11 11:17:22 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-11 11:15:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-12-11 11:09:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-12-10 09:04:01 ----D---- C:\WINDOWS\Microsoft.NET
2011-12-10 09:01:13 ----RSD---- C:\WINDOWS\assembly
2011-12-09 22:38:41 ----D---- C:\Program Files\BRS
2011-12-09 22:37:57 ----D---- C:\WINDOWS\system32
2011-12-09 22:37:57 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-12-09 22:37:57 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-12-09 22:37:55 ----D---- C:\WINDOWS\system32\DirectX
2011-12-09 21:48:44 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-09 16:58:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-09 16:55:51 ----D---- C:\WINDOWS\WinSxS
2011-12-09 16:53:44 ----D---- C:\WINDOWS\system32\NtmsData
2011-12-09 16:21:58 ----D---- C:\WINDOWS\Registration
2011-12-09 16:21:05 ----D---- C:\WINDOWS\system32\CatRoot
2011-12-09 16:20:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-08 21:51:41 ----D---- C:\Documents and Settings\správce\Data aplikací\PriceGong
2011-12-07 22:21:17 ----RSD---- C:\WINDOWS\Fonts
2011-12-07 22:20:52 ----D---- C:\WINDOWS\system32\spool
2011-12-07 22:19:04 ----D---- C:\Program Files\Internet Explorer
2011-11-22 15:46:34 ----D---- C:\Program Files\Common Files
2011-11-22 06:42:10 ----D---- C:\Program Files\Google
2011-11-19 15:26:09 ----RD---- C:\Program Files\Skype
2011-11-18 20:00:39 ----D---- C:\Documents and Settings\správce\Data aplikací\ICQ
2011-11-17 19:08:37 ----A---- C:\WINDOWS\win.ini
2011-11-17 19:08:24 ----D---- C:\WINDOWS\twain_32
2011-11-13 21:00:41 ----D---- C:\Program Files\Java
2011-11-13 20:44:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2011-11-13 20:44:04 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 60928]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2011-06-15 60156]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-08-05 10604128]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-12-08 8718848]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-08-29 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-29 155752]
R2 PnkBstrA;PunkBuster; D:\Medal\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-20 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-20 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

Oka tak teď jsem dával normální kontrolu v MBAMu a našlo to pár trojanů. Jenže problém přetrvává :(

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11.12.2011 14:20:25
mbam-log-2011-12-11 (14-20-25).txt

Typ: Úplná kontrola (C:\|D:\|G:\|)
Kontrolované objekty: 246272
Uplynulý čas: 33 minut, 9 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 9

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP87\A0153444.exe (Riskware.KG) -> Quarantined and deleted successfully.
c:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP87\A0153449.exe (Riskware.KG) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP107\A0174083.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP107\A0174090.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP107\A0174091.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP107\A0174095.exe (Riskware.KG) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP79\A0136235.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP79\A0136242.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
g:\system volume information\_restore{68f9d3e5-1ac9-496d-8e0e-04c9fad4bb71}\RP79\A0136243.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Zdravim a pekny den preji

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3- log opet vlozte

Dobře, log pro možnost 2:
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: správce [Admin rights]
Mode: Remove -- Date : 12/11/2011 15:52:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

Možnost 3:

RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: správce [Admin rights]
Mode: HOSTSFix -- Date : 12/11/2011 15:53:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tak jsem to spáchal snad dobře zde to je:

ComboFix 11-12-10.01 - správce 11.12.2011 16:31:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.874 [GMT 1:00]
Spuštěný z: c:\documents and settings\sprßvce\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\alcrmv.exe
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-11 do 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 14:51 . 2011-12-11 15:18 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-11 14:27 . 2011-12-11 14:27 -------- d-----w- c:\documents and settings\UpdatusUser
2011-12-11 14:27 . 2011-12-11 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-12-11 14:23 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-11 14:22 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-11 14:22 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-11 14:21 . 2011-12-11 14:21 -------- d-----w- C:\NVIDIA
2011-12-11 13:50 . 2011-12-11 13:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SecTaskMan
2011-12-11 13:50 . 2011-12-11 13:50 -------- d-----w- c:\program files\Security Task Manager
2011-12-11 12:18 . 2011-12-11 12:44 -------- d-----w- c:\program files\trend micro
2011-12-11 12:18 . 2011-12-11 12:44 -------- d-----w- C:\rsit
2011-12-11 12:06 . 2011-12-11 12:06 -------- d-----w- c:\documents and settings\správce\Data aplikací\Malwarebytes
2011-12-11 12:06 . 2011-12-11 12:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-12-11 12:02 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 12:02 . 2011-12-11 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 11:54 . 2011-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-11 11:18 . 2011-12-11 11:18 -------- d-----w- c:\program files\CCleaner
2011-12-11 10:52 . 2011-12-11 10:52 -------- d-----w- c:\documents and settings\správce\Local Settings\Data aplikací\PackageAware
2011-12-11 10:15 . 2011-12-11 10:15 -------- d-----w- c:\program files\ESET
2011-12-09 21:37 . 2009-10-15 11:44 809560 ----a-r- c:\windows\system32\tmpEB.tmp
2011-12-09 21:37 . 2009-10-15 11:44 809560 ----a-r- c:\windows\system32\tmpEA.tmp
2011-12-09 20:48 . 2011-12-09 20:48 -------- d-----w- c:\program files\Codemasters
2011-12-08 20:41 . 2011-12-11 10:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Codemasters
2011-12-07 21:23 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-12-07 21:23 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-12-07 21:23 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-12-07 21:23 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-12-07 21:23 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-12-07 21:23 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-12-07 21:23 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-12-07 21:23 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-12-07 21:23 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-12-07 21:21 . 2011-12-07 21:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-12-07 21:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-07 21:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-07 21:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-07 21:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-12-07 21:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-12-07 21:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-07 21:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-07 21:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-12-07 21:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-12-07 21:15 . 2009-10-15 11:44 809560 ----a-r- c:\windows\system32\tmp1B5.tmp
2011-12-07 21:15 . 2009-10-15 11:44 809560 ----a-r- c:\windows\system32\tmp1B4.tmp
2011-11-25 18:05 . 2011-11-25 18:06 -------- d-----w- c:\documents and settings\správce\Cisco Packet Tracer 5.3.2
2011-11-25 17:29 . 2011-11-25 17:31 -------- d-----w- c:\program files\Cisco Packet Tracer 5.3.2
2011-11-24 16:37 . 2011-11-24 16:37 -------- d-sh--w- c:\windows\ftpcache
2011-11-22 18:11 . 2011-11-22 18:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2011-11-22 14:46 . 2011-11-22 16:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-11-22 14:45 . 2011-11-22 14:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2011-11-17 18:10 . 2008-04-14 07:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2011-11-17 18:10 . 2008-04-14 07:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-11-17 18:10 . 2008-04-14 07:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-11-17 18:10 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-11-17 18:10 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-11-17 18:10 . 2008-04-14 07:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-11-17 18:08 . 2004-08-09 16:43 94208 ------w- c:\windows\amcap.exe
2011-11-17 18:08 . 2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe
2011-11-17 18:08 . 2005-09-05 14:55 339968 ----a-w- c:\windows\vsnpstd3.exe
2011-11-17 18:08 . 2005-12-08 10:09 8718848 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2011-11-17 18:08 . 2006-03-03 18:58 53248 ----a-w- c:\windows\vsnpstd3.dll
2011-11-17 18:08 . 2006-03-03 18:58 53248 ------w- c:\windows\system32\vsnpstd3.dll
2011-11-17 18:08 . 2005-09-12 16:48 61440 ------w- c:\windows\system32\rsnpstd3.dll
2011-11-17 18:08 . 2004-02-16 12:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll
2011-11-17 18:08 . 2011-11-17 18:08 -------- d-----w- c:\program files\Common Files\snpstd3
2011-11-17 18:08 . 2004-12-08 17:40 20480 ------w- c:\windows\usnpstd3.exe
2011-11-17 18:07 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-17 18:07 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-17 18:07 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-17 18:07 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-17 18:07 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-17 18:07 . 2011-11-17 18:07 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-17 18:07 . 2011-11-17 18:07 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-11-11 19:21 . 2011-11-11 19:21 -------- d-----w- c:\program files\ICQ6Toolbar
2011-11-11 19:21 . 2011-11-11 19:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ICQ
2011-11-11 19:19 . 2011-11-18 19:00 -------- d-----w- c:\documents and settings\správce\Data aplikací\ICQ
2011-11-11 19:17 . 2011-11-11 19:42 -------- d-----w- c:\program files\ICQ7.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 21:37 . 2011-10-06 14:16 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-09 21:37 . 2011-10-06 14:16 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-08 20:55 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-08 20:55 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-13 20:00 . 2011-08-29 17:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-13 20:00 . 2011-08-29 17:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-15 12:12 . 2011-10-15 12:12 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-10-15 12:12 . 2011-10-15 12:12 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-10-13 13:03 . 2011-10-13 13:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-10 18:40 . 2011-10-10 18:23 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-10-10 18:23 . 2011-10-10 18:23 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-10-10 14:22 . 2011-08-03 10:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2010-08-05 10:15 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-08-05 10:15 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2010-08-05 10:15 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2010-08-05 10:15 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2010-08-05 10:15 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-08-05 10:15 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-08-05 10:15 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2010-08-05 10:15 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-08-05 10:15 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2010-07-29 16:33 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2010-07-29 16:33 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2010-07-29 16:33 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2010-07-29 16:33 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-29 16:33 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-28 07:06 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-18 08:03 . 2011-09-18 08:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-07-30 2181744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\správce\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Medal\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Nainstalované hry\\CoH\\RelicCOH.exe"=
"g:\\Nainstalované hry\\CoH\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [18.9.2011 18:07 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [18.9.2011 18:06 90928]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.11.2011 20:21 247872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11.12.2011 15:27 2253120]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15.8.2011 14:06 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15.8.2011 14:06 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.9.2011 12:01 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.9.2011 12:01 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSVC
*NewlyCreated* - SYSMONLOG
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 11:01]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-20 11:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&utm_medium=generic
uInternet Connection Wizard,ShellNext = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2475029
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-12-11 16:38:19
ComboFix-quarantined-files.txt 2011-12-11 15:38
.
Před spuštěním: Volných bajtů: 14 962 712 576
Po spuštění: Volných bajtů: 20 319 461 376
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D972BBAB3B1F766614CF127E1C4706C1

Presunte Combofix primo na disk c:\ aby nebyl v zadne slozce

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\ICQ6Toolbar

Driver::
ICQ Service
gupdatem
gupdate

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\system32\tmpEB.tmp
c:\windows\system32\tmpEA.tmp
c:\windows\system32\tmp1B5.tmp
c:\windows\system32\tmp1B4.tmp¨
c:\program files\MyAshampoo\prxtbMyA0.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SSBkgdUpdate"=-

DDS::
uStart Page = hxxp://www.centrum.cz/#utm_source=icq&u ... um=generic
uInternet Connection Wizard,ShellNext = hxxp://search.conduit.com/?SearchSource ... =CT2475029

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt tez primo na disk c:\
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Tak je to, snad nevadí že po tom restartu se automaticky zapnul antivir a Firewall který si ale CF vypl sám a antivir sem pro jistotu vypl

Tady to je:

ComboFix 11-12-10.01 - správce 11.12.2011 16:59:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.954 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\MyAshampoo\prxtbMyA0.dll"
"c:\windows\system32\tmp1B4.tmp¨"
"c:\windows\system32\tmp1B5.tmp"
"c:\windows\system32\tmpEA.tmp"
"c:\windows\system32\tmpEB.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\MyAshampoo\prxtbMyA0.dll
c:\windows\system32\tmp1B5.tmp
c:\windows\system32\tmpEA.tmp
c:\windows\system32\tmpEB.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-11 do 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 14:51 . 2011-12-11 15:18 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-11 14:27 . 2011-12-11 14:27 -------- d-----w- c:\documents and settings\UpdatusUser
2011-12-11 14:27 . 2011-12-11 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-12-11 14:23 . 2011-10-08 04:50 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-11 14:22 . 2011-10-08 04:50 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-12-11 14:22 . 2011-10-08 04:50 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-12-11 14:21 . 2011-12-11 14:21 -------- d-----w- C:\NVIDIA
2011-12-11 13:50 . 2011-12-11 13:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SecTaskMan
2011-12-11 13:50 . 2011-12-11 13:50 -------- d-----w- c:\program files\Security Task Manager
2011-12-11 12:18 . 2011-12-11 12:44 -------- d-----w- c:\program files\trend micro
2011-12-11 12:18 . 2011-12-11 12:44 -------- d-----w- C:\rsit
2011-12-11 12:06 . 2011-12-11 12:06 -------- d-----w- c:\documents and settings\správce\Data aplikací\Malwarebytes
2011-12-11 12:06 . 2011-12-11 12:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-12-11 12:02 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 12:02 . 2011-12-11 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 11:54 . 2011-12-11 11:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2011-12-11 11:18 . 2011-12-11 11:18 -------- d-----w- c:\program files\CCleaner
2011-12-11 10:52 . 2011-12-11 10:52 -------- d-----w- c:\documents and settings\správce\Local Settings\Data aplikací\PackageAware
2011-12-11 10:15 . 2011-12-11 10:15 -------- d-----w- c:\program files\ESET
2011-12-09 20:48 . 2011-12-09 20:48 -------- d-----w- c:\program files\Codemasters
2011-12-08 20:41 . 2011-12-11 10:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Codemasters
2011-12-07 21:23 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2011-12-07 21:23 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2011-12-07 21:23 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2011-12-07 21:23 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2011-12-07 21:23 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2011-12-07 21:23 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2011-12-07 21:23 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2011-12-07 21:23 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2011-12-07 21:23 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2011-12-07 21:21 . 2011-12-07 21:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-12-07 21:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-12-07 21:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-12-07 21:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-12-07 21:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-12-07 21:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-12-07 21:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-12-07 21:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-12-07 21:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-12-07 21:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-12-07 21:15 . 2009-10-15 11:44 809560 ----a-r- c:\windows\system32\tmp1B4.tmp
2011-11-25 18:05 . 2011-11-25 18:06 -------- d-----w- c:\documents and settings\správce\Cisco Packet Tracer 5.3.2
2011-11-25 17:29 . 2011-11-25 17:31 -------- d-----w- c:\program files\Cisco Packet Tracer 5.3.2
2011-11-24 16:37 . 2011-11-24 16:37 -------- d-sh--w- c:\windows\ftpcache
2011-11-22 18:11 . 2011-11-22 18:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment
2011-11-22 14:46 . 2011-11-22 16:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-11-22 14:45 . 2011-11-22 14:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Blizzard
2011-11-17 18:10 . 2008-04-14 07:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2011-11-17 18:10 . 2008-04-14 07:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-11-17 18:10 . 2008-04-14 07:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2011-11-17 18:10 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-11-17 18:10 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-11-17 18:10 . 2008-04-14 07:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-11-17 18:08 . 2004-08-09 16:43 94208 ------w- c:\windows\amcap.exe
2011-11-17 18:08 . 2005-12-20 13:39 94208 ------w- c:\windows\tsnpstd3.exe
2011-11-17 18:08 . 2005-09-05 14:55 339968 ----a-w- c:\windows\vsnpstd3.exe
2011-11-17 18:08 . 2005-12-08 10:09 8718848 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2011-11-17 18:08 . 2006-03-03 18:58 53248 ----a-w- c:\windows\vsnpstd3.dll
2011-11-17 18:08 . 2006-03-03 18:58 53248 ------w- c:\windows\system32\vsnpstd3.dll
2011-11-17 18:08 . 2005-09-12 16:48 61440 ------w- c:\windows\system32\rsnpstd3.dll
2011-11-17 18:08 . 2004-02-16 12:59 61440 ----a-w- c:\windows\system32\csnpstd3.dll
2011-11-17 18:08 . 2011-11-17 18:08 -------- d-----w- c:\program files\Common Files\snpstd3
2011-11-17 18:08 . 2004-12-08 17:40 20480 ------w- c:\windows\usnpstd3.exe
2011-11-17 18:07 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-17 18:07 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-17 18:07 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-17 18:07 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-17 18:07 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-17 18:07 . 2011-11-17 18:07 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-17 18:07 . 2011-11-17 18:07 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-11-11 19:21 . 2011-11-11 19:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ICQ
2011-11-11 19:19 . 2011-11-18 19:00 -------- d-----w- c:\documents and settings\správce\Data aplikací\ICQ
2011-11-11 19:17 . 2011-11-11 19:42 -------- d-----w- c:\program files\ICQ7.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 21:37 . 2011-10-06 14:16 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-09 21:37 . 2011-10-06 14:16 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-08 20:55 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-12-08 20:55 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-13 20:00 . 2011-08-29 17:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-13 20:00 . 2011-08-29 17:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-15 12:12 . 2011-10-15 12:12 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-10-15 12:12 . 2011-10-15 12:12 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-10-13 13:03 . 2011-10-13 13:03 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-10 18:40 . 2011-10-10 18:23 2377696 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-10-10 18:23 . 2011-10-10 18:23 18368 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-10-10 14:22 . 2011-08-03 10:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2010-08-05 10:15 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-08-05 10:15 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2010-08-05 10:15 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2010-08-05 10:15 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2010-08-05 10:15 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-08-05 10:15 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-08-05 10:15 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2010-08-05 10:15 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-08-05 10:15 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2010-07-29 16:33 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2010-07-29 16:33 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2010-07-29 16:33 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2010-07-29 16:33 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-29 16:33 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-09-28 07:06 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-18 08:03 . 2011-09-18 08:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-07-30 2181744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\správce\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Medal\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Nainstalované hry\\CoH\\RelicCOH.exe"=
"g:\\Nainstalované hry\\CoH\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [18.9.2011 18:07 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [18.9.2011 18:06 90928]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11.12.2011 15:27 2253120]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15.8.2011 14:06 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15.8.2011 14:06 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 4:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 2:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 2:23 366936]
.
.
------- Doplňkový sken -------
.
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Brother\ControlCenter3\brccMCtl.exe
d:\medal\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-12-11 17:11:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-11 16:11
ComboFix2.txt 2011-12-11 15:38
.
Před spuštěním: Volných bajtů: 20 355 854 336
Po spuštění: Volných bajtů: 20 234 047 488
.
- - End Of File - - 2CE9B36A28349637794CD21F71657085

Log jiz vypada cisty, jak se chova PC

No tak CPU už vypadá normálně, jenže problém který sem popisoval na začátku, že se mi objevují takové zelené kostičky a když pustím video, hru, animaci atd.. tak se to na chvilku pustí je to rozmazané obraz přeskakuje a je tam velké množství kostiček pak následuje freez párkrát pípne PC cca 3x problikne černá obrazovka pak se objeví modrá obrazovka tam projede nějaký text ( nestíhám ani přečíst jak rychle to projede) a reset PC... Napadlo mě že to může být grafickou kartou, tak jsem stáhl ovladač nainstaloval, resetl PC zkusil jsem něco pustit a je to pořád stejné.

Předem děkuji za nějaké návrhy.

Zkoušel jsem se dívat do procesu v TaskManageru a tam jsem našel 2 podezřelé procesy:

lsass.exe - což někde vysvětlují jako vir ( trojan ) a někde zase né, jenže je to systémový proces.
tsnpstd3.exe - popis tohoto viru jsem našel, ale respektive nepochopil k čemu je ( jinak proces spuštěný správcem ihned po startu pc.

Pak jsem stáhl Security Task Manager a v něm mělo největší hodnocení proces vsnpstd3.exe (CameraMonitor Application ), nechce se mi dávat ihned do karantény protože si nejsem jistý jestli patří k Web kameře i když zrovna není zapnutá.

To vypada spise primo na problem s GK, leda zkusit od nekoho pujcit nebo u nej vyzkouset tuhle a pak bude jasno...

Pokud je lsass.exe spusteny z C:\Windows\System32 tak se jedna o legitimni proces

Pokud je tsnpstd3.exe spusten z C:\Windows tak se jedna o legitimni proces

Ještě se prosím vás mrkněte na předchozí odpověď upravil jsem ji

) Dotaz: Co je GK ?

GK = Graficka Karta

Pokud si nejste jist, otestujte soubor na VirusTotal - odkaz v mem podpise

Ajoo

No udělal jsem to a vyšlo mi: Detection ratio: 1/42, takže už opravdu jenom ta grafická karta, nebo myslíte že tam může být ještě nějaký "zašitý" vir ?

VIRY.CZ

Velký problém s PC, prosím o pomoc

Velký problém s PC, prosím o pomoc

Re: Zavirovaný PC! Need help !

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc

Re: Velký problém s PC, prosím o pomoc