VIRY.CZ

Dobrý den.
Provozuji herní servery bohužel už po několikáte nám přišla zpráva že provozujeme TCP a UDP DDOS attack.

Zde je výpis příchozí zprávy:
Předmět: DDOS from IP xx.xxx.xxx.xx
Datum: Mon, 12 Mar 2012 05:12:42 -0700 (PDT)
Od: Network Security <network@exa.com.sa>
Komu: abuse@hosting4u.cz, abuse@tele3.cz

Hello,

We are getting massive TCP and UDP DDOS attack from xx.xxx.xx.xx
targeting our IPs

50.23.212.0/24
159.253.144.0/24
159.253.138.0/24


Please stop this ASAP and check whoever behind this attack,
And null route our subnets in your netwrok so we don't receive any more
bandwidth from you.


Sample of captured packets: (Time is GMT+2)
============================================
2012-03-12 13:36:27.522033 IP xx.xxx.xxx.xx.28941 > 159.253.144.12.8396:
UDP, length 536
2012-03-12 13:36:27.522374 IP xx.xxx.xxx.xx.28941 > 159.253.144.12.8396:
UDP, length 536
2012-03-12 13:36:27.522619 IP xx.xxx.xxx.xx.28941 > 159.253.144.12.8396:

Bohužel já nemám tolik znalostí zjistit co to provádí chtěl bych teda poprosit jestli by jste mi nemohli poradit jestli se tam nedostal nějaký vir.


Zde je výpis z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bobec at 2012-03-12 16:13:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 144 GB (30%) free of 477 GB
Total RAM: 3580 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:13:59, on 12.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bobec\Plocha\RSIT.exe
C:\Program Files\trend micro\Bobec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1292428093-1035525444-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9245872562
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Program Files\TridiaVNC\win32\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)

--
End of file - 4885 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{687578b9-7132-4a7a-80e4-30ee31099e03}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AbyssWebServer"=C:\Program Files\Abyss Web Server\abyssws.exe [2011-07-07 533561]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\CesarFTP\CesarFTP.exe"="C:\Programy\CesarFTP\CesarFTP.exe:*:Enabled:CesarFTP"
"C:\Programy\CesarFTP\Server.exe"="C:\Programy\CesarFTP\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\Warsow\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\Warsow\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server2\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server2\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Trackmania Forever\server1\TrackmaniaServer.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Trackmania Forever\server1\TrackmaniaServer.exe:*:Enabled:TrackmaniaServer"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\BF2142\BF2142_w32ded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\BF2142\BF2142_w32ded.exe:*:Enabled:BF2142_w32ded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server1\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server1\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server1\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server1\vcded.exe:*:Enabled:vcded"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server2\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server2\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server3\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server3\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTR2\GTR2Dedicated.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server1\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server1\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server2\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server2\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\teamspeak-server\Teamspeak2_RC2\server_windows.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\teamspeak-server\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\quake3\Quake III Arena\quake3.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\quake3\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Activision\cod2\CoD2MP_s.exe"="C:\Program Files\Activision\cod2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\cod4\iw3mp.exe"="C:\Program Files\Activision\cod4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server4\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server4\vcded.exe:*:Enabled:vcded"
"C:\Program Files\Cenega Czech\VIETCONG\vcded.exe"="C:\Program Files\Cenega Czech\VIETCONG\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\Kopie - server1\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\Kopie - server1\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Far Cry 2\bin\FC2ServerLauncher.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Far Cry 2\bin\FC2ServerLauncher.exe:*:Enabled:FC2ServerLauncher.exe"
"C:\Program Files\Abyss Web Server\abyssws.exe"="C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\clan\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\clan\vcded.exe:*:Enabled:vcded"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2a\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2a\iw4.exe:*:Enabled:iw4"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2b\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2b\iw4.exe:*:Disabled:iw4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2d\server4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2d\server4.exe:*:Enabled:server4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\iw4.exe:*:Enabled:iw4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\server5.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\server5.exe:*:Enabled:server5"
"C:\Documents and Settings\Bobec\Plocha\CoD6\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\CoD6\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe:*:Enabled:iw4"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Bobec\Plocha\MW3\Call of Duty- Modern Warfare 3\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIXb\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIXb\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\Kopie - server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\Kopie - server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe:*:Enabled:iw5mp_server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2012-03-12 16:13:43 ----D---- C:\rsit
2012-03-12 16:13:43 ----D---- C:\Program Files\trend micro
2012-02-28 15:41:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-02-28 15:41:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-18 18:59:18 ----SHD---- C:\Config.Msi
2012-02-18 18:59:01 ----SD---- C:\Program Files\HLSW
2012-02-18 18:59:01 ----D---- C:\Documents and Settings\Bobec\Data aplikací\HLSW
2012-02-16 15:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 15:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2647516$
2012-02-16 15:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 06:55:55 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-13 18:01:44 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-02-13 18:00:48 ----D---- C:\Documents and Settings\Bobec\Data aplikací\DAEMON Tools Lite
2012-02-13 18:00:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-02-13 16:48:14 ----D---- C:\Program Files\Conduit
2012-02-13 16:47:22 ----D---- C:\Documents and Settings\Bobec\Data aplikací\uTorrent

======List of files/folders modified in the last 1 month======

2012-03-12 16:13:51 ----D---- C:\WINDOWS\Prefetch
2012-03-12 16:13:43 ----RD---- C:\Program Files
2012-03-12 16:13:43 ----D---- C:\WINDOWS\Temp
2012-03-12 16:12:34 ----D---- C:\Program Files\Mozilla Firefox
2012-03-12 15:59:23 ----D---- C:\WINDOWS\system32
2012-03-12 15:56:46 ----A---- C:\WINDOWS\RaidMon.txt
2012-03-09 16:53:33 ----D---- C:\BigBrotherBot
2012-03-06 17:55:52 ----D---- C:\WINDOWS\Debug
2012-03-06 17:55:52 ----D---- C:\WINDOWS
2012-02-28 16:08:31 ----A---- C:\WINDOWS\WORDPAD.INI
2012-02-18 18:59:24 ----SHD---- C:\WINDOWS\Installer
2012-02-18 18:59:23 ----D---- C:\WINDOWS\WinSxS
2012-02-17 06:04:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-17 05:59:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-02-16 16:15:19 ----RSD---- C:\WINDOWS\assembly
2012-02-16 16:15:19 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 15:28:47 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 15:28:41 ----HD---- C:\WINDOWS\inf
2012-02-16 15:28:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 15:24:29 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-16 06:56:25 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-13 18:01:48 ----D---- C:\WINDOWS\system32\drivers
2012-02-13 18:01:34 ----D---- C:\Programy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MEGAIDE;MEGAIDE; C:\WINDOWS\system32\DRIVERS\MegaIDE.sys [2008-08-20 178048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 242240]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-05 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2007-10-29 3584]
S2 XAMPP;XAMPP Service; c:\xampp\service.exe []
S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 winvnc;TridiaVNC Server; C:\Program Files\TridiaVNC\win32\WinVNC.exe [2001-12-12 249856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-30 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-25 107832]

-----------------EOF-----------------

Předem děkuji aspon za nějakou radu.

Zdravím, ty se divíš že tam máš šmejdy když jsis CRACKNUL antivir ?

Pokud chceš pomoct odinstaluj NODa, nainstaluj nějaký free antivir (Avast, Avira) a pak mi sem dej aktuální log z Rsit.

Do té doby

Dobry den.

Zde je vypis RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Bobec at 2012-03-13 19:18:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 144 GB (30%) free of 477 GB
Total RAM: 3580 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:53, on 13.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton 360\Engine\6.0.0.145\ccSvcHst.exe
C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Norton 360\Engine\6.0.0.145\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\Bobec\Plocha\RSIT.exe
C:\Program Files\trend micro\Bobec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.0.0.145\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.0.0.145\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.0.0.145\coIEPlg.dll
O4 - HKLM\..\Run: [RunRaidmon] "C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9245872562
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe
O23 - Service: Spyser - Unknown owner - C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Program Files\TridiaVNC\win32\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)

--
End of file - 4819 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.6.0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.25"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{687578b9-7132-4a7a-80e4-30ee31099e03}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files\Norton 360\Engine\6.0.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files\Norton 360\Engine\6.0.0.145\IPS\IPSBHO.DLL [2011-11-23 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\6.0.0.145\coIEPlg.dll [2011-12-14 501176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"=C:\Program Files\Lsi Logic Corp\Spy\Raidmon.exe [2005-08-26 102400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AbyssWebServer"=C:\Program Files\Abyss Web Server\abyssws.exe [2011-07-07 533561]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\CesarFTP\CesarFTP.exe"="C:\Programy\CesarFTP\CesarFTP.exe:*:Enabled:CesarFTP"
"C:\Programy\CesarFTP\Server.exe"="C:\Programy\CesarFTP\Server.exe:*:Enabled:Server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\Warsow\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\Warsow\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server2\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server2\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Trackmania Forever\server1\TrackmaniaServer.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Trackmania Forever\server1\TrackmaniaServer.exe:*:Enabled:TrackmaniaServer"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\BF2142\BF2142_w32ded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\BF2142\BF2142_w32ded.exe:*:Enabled:BF2142_w32ded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server1\wsw_server_x86.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Warsow\server1\wsw_server_x86.exe:*:Enabled:wsw_server_x86"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server1\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server1\vcded.exe:*:Enabled:vcded"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server2\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server2\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server3\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server3\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTR2\GTR2Dedicated.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server1\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server1\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server2\samp-server.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\GTA\server2\samp-server.exe:*:Enabled:samp-server"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\teamspeak-server\Teamspeak2_RC2\server_windows.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\teamspeak-server\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\quake3\Quake III Arena\quake3.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\quake3\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Activision\cod2\CoD2MP_s.exe"="C:\Program Files\Activision\cod2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\cod4\iw3mp.exe"="C:\Program Files\Activision\cod4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server4\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\server4\vcded.exe:*:Enabled:vcded"
"C:\Program Files\Cenega Czech\VIETCONG\vcded.exe"="C:\Program Files\Cenega Czech\VIETCONG\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\Kopie - server1\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\Kopie - server1\vcded.exe:*:Enabled:vcded"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Far Cry 2\bin\FC2ServerLauncher.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Far Cry 2\bin\FC2ServerLauncher.exe:*:Enabled:FC2ServerLauncher.exe"
"C:\Program Files\Abyss Web Server\abyssws.exe"="C:\Program Files\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1"
"C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\clan\vcded.exe"="C:\Documents and Settings\Bobec\Plocha\servery - hry\Vietcong\clan\vcded.exe:*:Enabled:vcded"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2a\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2a\iw4.exe:*:Enabled:iw4"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Bobec\Plocha\teamspeak3-server_win32-3.0.0-rc1\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2b\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2b\iw4.exe:*:Disabled:iw4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2d\server4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2d\server4.exe:*:Enabled:server4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\iw4.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\iw4.exe:*:Enabled:iw4"
"C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\server5.exe"="C:\Program Files\Activision\Modern Warfare 2\Modern Warfare 2e\server5.exe:*:Enabled:server5"
"C:\Documents and Settings\Bobec\Plocha\CoD6\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\CoD6\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-01\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-02\iw4.exe:*:Enabled:iw4"
"C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe"="C:\Documents and Settings\Bobec\Plocha\Cod6\CoD6-03\iw4.exe:*:Enabled:iw4"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Bobec\Plocha\MW3\Call of Duty- Modern Warfare 3\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 1 TDM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIXb\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 3 MIXb\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\Kopie - server 3 MIX\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\Kopie - server 3 MIX\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 2 Drop Zone\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 4 DM\iw5mp_server.exe:*:Enabled:iw5mp_server"
"C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe"="C:\Documents and Settings\Bobec\Plocha\MW3\server 5 turnaj\iw5mp_server.exe:*:Enabled:iw5mp_server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2012-03-13 15:24:18 ----D---- C:\Program Files\Symantec
2012-03-13 15:24:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-03-13 15:24:18 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2012-03-13 15:24:18 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2012-03-13 15:23:42 ----D---- C:\WINDOWS\system32\drivers\N360
2012-03-13 15:23:40 ----D---- C:\Program Files\Windows Sidebar
2012-03-13 15:23:40 ----D---- C:\Program Files\Norton 360
2012-03-13 15:23:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-03-13 15:23:24 ----D---- C:\Program Files\NortonInstaller
2012-03-13 15:23:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2012-03-12 16:13:43 ----D---- C:\rsit
2012-03-12 16:13:43 ----D---- C:\Program Files\trend micro
2012-02-28 15:41:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-02-28 15:41:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-18 18:59:18 ----SHD---- C:\Config.Msi
2012-02-18 18:59:01 ----SD---- C:\Program Files\HLSW
2012-02-18 18:59:01 ----D---- C:\Documents and Settings\Bobec\Data aplikací\HLSW
2012-02-16 15:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 15:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2647516$
2012-02-16 15:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 06:55:55 ----N---- C:\WINDOWS\system32\iacenc.dll

======List of files/folders modified in the last 1 month======

2012-03-13 19:18:50 ----D---- C:\WINDOWS\Temp
2012-03-13 19:16:22 ----D---- C:\Program Files\Mozilla Firefox
2012-03-13 18:24:45 ----D---- C:\WINDOWS\Prefetch
2012-03-13 15:35:34 ----D---- C:\WINDOWS\system32
2012-03-13 15:35:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-13 15:35:05 ----A---- C:\WINDOWS\RaidMon.txt
2012-03-13 15:32:24 ----SHD---- C:\System Volume Information
2012-03-13 15:29:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-13 15:24:18 ----RD---- C:\Program Files
2012-03-13 15:24:18 ----D---- C:\WINDOWS\system32\drivers
2012-03-13 15:24:18 ----D---- C:\Program Files\Common Files
2012-03-13 15:19:35 ----D---- C:\WINDOWS
2012-03-13 15:09:15 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-13 15:07:13 ----SHD---- C:\WINDOWS\Installer
2012-03-09 16:53:33 ----D---- C:\BigBrotherBot
2012-03-06 17:55:59 ----D---- C:\Documents and Settings\Bobec\Data aplikací\DAEMON Tools Lite
2012-03-06 17:55:52 ----D---- C:\WINDOWS\Debug
2012-02-28 16:08:31 ----A---- C:\WINDOWS\WORDPAD.INI
2012-02-18 18:59:23 ----D---- C:\WINDOWS\WinSxS
2012-02-16 16:15:19 ----RSD---- C:\WINDOWS\assembly
2012-02-16 16:15:19 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 15:28:47 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 15:28:41 ----HD---- C:\WINDOWS\inf
2012-02-16 15:28:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 15:24:29 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MEGAIDE;MEGAIDE; C:\WINDOWS\system32\DRIVERS\MegaIDE.sys [2008-08-20 178048]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\N360\0601010.008\SYMDS.SYS [2011-08-15 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\N360\0601010.008\SYMEFA.SYS [2011-11-23 905336]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120302.001\BHDrvx86.sys []
R1 ccSet_N360;Norton 360 Settings Manager; C:\WINDOWS\system32\drivers\N360\0601010.008\ccSetx86.sys [2011-11-04 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 242240]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0601010.008\SRTSPX.SYS [2011-11-23 32888]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360\0601010.008\Ironx86.SYS [2011-11-16 149624]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-05 1431040]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2006-04-27 164352]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-11-29 40448]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120310.001\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120312.035\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120312.035\NAVEX15.SYS []
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\N360\0600000.091\SRTSP.SYS [2011-11-23 574584]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\N360\0600000.091\SYMTDI.SYS [2011-11-16 388216]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-27 231424]
S3 EraserUtilDrv11122;EraserUtilDrv11122; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-29 12160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe [2012-01-17 138232]
R2 Spyser;Spyser; C:\Program Files\Lsi Logic Corp\Spy\SpySer.exe [2005-08-26 270336]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2007-10-29 3584]
S2 XAMPP;XAMPP Service; c:\xampp\service.exe []
S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 winvnc;TridiaVNC Server; C:\Program Files\TridiaVNC\win32\WinVNC.exe [2001-12-12 249856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-30 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-25 107832]

-----------------EOF-----------------

Tohle fixni v HJT :

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\Bobec.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj Spybot - SD který je už za zenitem.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Zdravím zde je log z MBAM:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.03.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bobec :: SNIPER [administrátor]

Ochrana: Povolena

14.3.2012 15:42:02
mbam-log-2012-03-14 (15-42-02).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186342
Uplynulý čas: 3 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Dobrý den.

Zde je log z Combofix:

ComboFix 12-03-15.02 - Bobec 15.03.2012 15:11:46.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3580.2650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bobec\Plocha\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-15 do 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\documents and settings\Bobec\Data aplikací\Malwarebytes
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 14:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 14:24 . 2012-03-13 17:24 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-13 14:24 . 2012-03-13 17:24 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-13 14:24 . 2012-03-13 17:24 -------- d-----w- c:\program files\Symantec
2012-03-13 14:24 . 2012-03-13 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-13 14:23 . 2012-03-14 02:18 -------- d-----w- c:\windows\system32\drivers\N360
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\Norton 360
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\Windows Sidebar
2012-03-13 14:23 . 2012-03-13 14:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\NortonInstaller
2012-03-12 15:13 . 2012-03-14 14:25 -------- d-----w- c:\program files\trend micro
2012-03-12 15:13 . 2012-03-12 15:14 -------- d-----w- C:\rsit
2012-02-28 14:41 . 2012-03-12 14:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-18 17:59 . 2012-03-10 06:30 -------- d-----w- c:\documents and settings\Bobec\Data aplikací\HLSW
2012-02-18 17:59 . 2012-02-18 17:59 -------- d-s---w- c:\program files\HLSW
2012-02-16 05:55 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 05:55 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 17:01 . 2012-02-13 17:01 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-03 09:57 . 2007-10-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2008-08-20 14:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-26 22:32 . 2011-12-26 22:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2007-10-29 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2007-10-29 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2007-10-29 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2007-10-29 12:00 370176 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
.
c:\windows\System32\ksuser.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"="c:\program files\Lsi Logic Corp\Spy\Raidmon.exe" [2005-08-26 102400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\CesarFTP\\CesarFTP.exe"=
"c:\\Programy\\CesarFTP\\Server.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\cod4\\iw3mp.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\teamspeak3-server_win32-3.0.0-rc1\\teamspeak3-server_win32\\ts3server_win32.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-01\\iw4.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-02\\iw4.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-03\\iw4.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 1 TDM\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 3 MIX\\iw5mp_server.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 2 Drop Zone\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 4 DM\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 5 turnaj\\iw5mp_server.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2048:TCP"= 2048:TCP:Pokus
"21:TCP"= 21:TCP:FTP
"64100:TCP"= 64100:TCP:64100
"5900:TCP"= 5900:TCP:VNC
.
R0 MEGAIDE;MEGAIDE;c:\windows\system32\drivers\MegaIDE.sys [20.8.2008 13:27 178048]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601010.008\symds.sys [13.3.2012 15:27 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601010.008\symefa.sys [13.3.2012 15:27 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [2.3.2012 18:59 820856]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601010.008\ccsetx86.sys [13.3.2012 15:27 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.2.2012 18:01 242240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601010.008\ironx86.sys [13.3.2012 15:27 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14.3.2012 15:39 652360]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.1.8\ccsvchst.exe [13.3.2012 15:27 138232]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [27.12.2011 16:13 2984832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14.3.2012 2:33 106104]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [20.8.2008 16:15 40448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120315.002\IDSXpx86.sys [15.3.2012 6:50 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.3.2012 15:39 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [29.10.2007 13:00 3584]
S2 Spyser;Spyser;c:\program files\Lsi Logic Corp\Spy\SpySer.exe [26.8.2005 17:19 270336]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [10.10.2008 12:39 24636]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: Interfaces\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
FF - ProfilePath - c:\documents and settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-GT Masters 2010 - c:\documents and settings\Bobec\Plocha\servery - hry\GTR2\GTMasters_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.1.8\diMaster.dll\" /prefetch:1"
.
Celkový čas: 2012-03-15 15:15:54
ComboFix-quarantined-files.txt 2012-03-15 14:15
.
Před spuštěním: Volných bajtů: 150 731 735 040
Po spuštění: Volných bajtů: 150 767 022 080
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 03B4F08EDA13BEDFBDB3267E66F6D8C2

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Dobrý den.
Zde je log:

ComboFix 12-03-15.02 - Bobec 16.03.2012 15:30:56.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3580.2748 [GMT 1:00]
Spuštěný z: c:\documents and settings\Bobec\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bobec\Plocha\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\ksuser.dll --> c:\windows\System32\ksuser.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NOD32FiXTemDono
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-16 do 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 14:30 . 2008-04-14 03:21 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2012-03-16 14:30 . 2008-04-14 03:21 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\documents and settings\Bobec\Data aplikací\Malwarebytes
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-03-14 14:39 . 2012-03-14 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 14:39 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 14:24 . 2012-03-13 17:24 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-13 14:24 . 2012-03-13 17:24 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-13 14:24 . 2012-03-13 17:24 -------- d-----w- c:\program files\Symantec
2012-03-13 14:24 . 2012-03-13 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-13 14:23 . 2012-03-14 02:18 -------- d-----w- c:\windows\system32\drivers\N360
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\Norton 360
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\Windows Sidebar
2012-03-13 14:23 . 2012-03-13 14:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2012-03-13 14:23 . 2012-03-13 14:23 -------- d-----w- c:\program files\NortonInstaller
2012-03-12 15:13 . 2012-03-14 14:25 -------- d-----w- c:\program files\trend micro
2012-03-12 15:13 . 2012-03-12 15:14 -------- d-----w- C:\rsit
2012-02-28 14:41 . 2012-03-12 14:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-18 17:59 . 2012-03-10 06:30 -------- d-----w- c:\documents and settings\Bobec\Data aplikací\HLSW
2012-02-18 17:59 . 2012-02-18 17:59 -------- d-s---w- c:\program files\HLSW
2012-02-16 05:55 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 05:55 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 17:01 . 2012-02-13 17:01 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-03 09:57 . 2007-10-29 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2008-08-20 14:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-26 22:32 . 2011-12-26 22:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2007-10-29 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2007-10-29 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2007-10-29 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2007-10-29 12:00 370176 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-15_14.14.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-20 14:59 . 2012-03-16 09:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-20 14:59 . 2012-03-15 08:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-16 03:54 . 2012-03-16 09:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-20 14:59 . 2012-03-15 08:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunRaidmon"="c:\program files\Lsi Logic Corp\Spy\Raidmon.exe" [2005-08-26 102400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\CesarFTP\\CesarFTP.exe"=
"c:\\Programy\\CesarFTP\\Server.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\cod4\\iw3mp.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\teamspeak3-server_win32-3.0.0-rc1\\teamspeak3-server_win32\\ts3server_win32.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-01\\iw4.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-02\\iw4.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\Cod6\\CoD6-03\\iw4.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 1 TDM\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 3 MIX\\iw5mp_server.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 2 Drop Zone\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 4 DM\\iw5mp_server.exe"=
"c:\\Documents and Settings\\Bobec\\Plocha\\MW3\\server 5 turnaj\\iw5mp_server.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2048:TCP"= 2048:TCP:Pokus
"21:TCP"= 21:TCP:FTP
"64100:TCP"= 64100:TCP:64100
"5900:TCP"= 5900:TCP:VNC
.
R0 MEGAIDE;MEGAIDE;c:\windows\system32\drivers\MegaIDE.sys [20.8.2008 13:27 178048]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601010.008\symds.sys [13.3.2012 15:27 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601010.008\symefa.sys [13.3.2012 15:27 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [2.3.2012 18:59 820856]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601010.008\ccsetx86.sys [13.3.2012 15:27 132744]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13.2.2012 18:01 242240]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601010.008\ironx86.sys [13.3.2012 15:27 149624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14.3.2012 15:39 652360]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.1.8\ccsvchst.exe [13.3.2012 15:27 138232]
R2 Spyser;Spyser;c:\program files\Lsi Logic Corp\Spy\SpySer.exe [26.8.2005 17:19 270336]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [27.12.2011 16:13 2984832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14.3.2012 2:33 106104]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [20.8.2008 16:15 40448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120315.002\IDSXpx86.sys [15.3.2012 6:50 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.3.2012 15:39 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [10.10.2008 12:39 24636]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: Interfaces\{2A1886B9-7D0D-4587-8CD5-EBA673A3DDDD}: NameServer = 213.151.89.42
FF - ProfilePath - c:\documents and settings\Bobec\Data aplikací\Mozilla\Firefox\Profiles\4tap1dtt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-16 15:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.1.1.8\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.1.8\diMaster.dll\" /prefetch:1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\logonui.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\rdpclip.exe
.
**************************************************************************
.
Celkový čas: 2012-03-16 15:41:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-16 14:41
ComboFix2.txt 2012-03-15 14:15
.
Před spuštěním: Volných bajtů: 150 749 220 864
Po spuštění: Volných bajtů: 150 694 789 120
.
- - End Of File - - A76F66D9228F914AEC9AA5CE4B1E13C9

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Najdi a smaž :

c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy


Pak dej vědět jaký je stav PC.

Dobrý večer.

Provedeno vše podle instrukcí. PC se tváří jako předtím že mu nic není ale toto nemohu posoudit pokud zas nepřijde nějaký mail že někoho napadáme.
Pokud je to vše tak mockrát děkuji.

Dobře chvilku tomu dej čas a pak dej vědět.

Jinak je to zatím vše a není zač.

Děkuji.

Není zač

Tak zatím vše vypadá dobře takže ješte jednou děkuji. Jako vždy velmi kvalitní práce této komunity.