Google mlci, nod32 celou dobu spokojene zeleny
combofix toho odstranil hodne viz log nize. Hledám hlavne neco cim ty soubory obnovym.Diky za pomoc
Rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-01-26 10:52:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (54%) free of 51 GB
Total RAM: 1014 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:06, on 26.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
F:\avir\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\uzivatel.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.150.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7307907238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O17 - HKLM\Software\..\Telephony: DomainName = rumpolduhb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rumpolduhb.local
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5382 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-11 149280]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
"NBService"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Documents and Settings\baierova\Local Settings\Temporary Internet Files\Content.IE5\ABORQJ29\incredimail_install[1].exe"="C:\Documents and Settings\baierova\Local Settings\Temporary Internet Files\Content.IE5\ABORQJ29\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\baierova\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\baierova\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
======List of files/folders created in the last 1 months======
2010-01-26 10:52:02 ----D---- C:\rsit
2010-01-26 10:34:31 ----D---- C:\Program Files\Trend Micro
2010-01-26 09:49:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-26 09:06:02 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Macromedia
2010-01-26 09:06:01 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\Adobe
2010-01-26 09:04:40 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-26 08:55:39 ----A---- C:\ComboFix.txt
2010-01-26 08:39:42 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 08:39:41 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 08:39:39 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\zip.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\sed.exe
2010-01-26 08:39:38 ----A---- C:\WINDOWS\grep.exe
2010-01-26 08:39:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 08:39:37 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 08:39:29 ----D---- C:\WINDOWS\ERDNT
2010-01-26 08:25:52 ----D---- C:\Qoobox
2010-01-26 07:11:17 ----A---- C:\ĘŔĘ ĐŔŃŘČÔĐÎÂŔŇÜ ÔŔÉËŰ.txt
2010-01-26 06:40:11 ----A---- C:\WINDOWS\system32\YUMBLURV.exe
2010-01-26 06:40:11 ----A---- C:\WINDOWS\new_2.exe
2010-01-26 06:40:10 ----A---- C:\WINDOWS\new_1.exe
2010-01-26 06:39:45 ----A---- C:\WINDOWS\infinum.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 11:37:31 ----A---- C:\WINDOWS\system32\deploytk.dll
======List of files/folders modified in the last 1 months======
2010-01-26 10:45:15 ----D---- C:\WINDOWS\Temp
2010-01-26 10:34:31 ----RD---- C:\Program Files
2010-01-26 10:33:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 09:49:38 ----D---- C:\WINDOWS
2010-01-26 09:48:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 09:05:22 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2010-01-26 09:04:02 ----D---- C:\Program Files\Winferno
2010-01-26 09:04:02 ----D---- C:\Program Files\Common Files
2010-01-26 08:59:45 ----D---- C:\WINDOWS\system32
2010-01-26 08:54:57 ----SD---- C:\WINDOWS\Tasks
2010-01-26 08:53:55 ----A---- C:\WINDOWS\system.ini
2010-01-26 08:50:55 ----D---- C:\Program Files\ICQ6.5
2010-01-26 08:44:49 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 08:44:49 ----D---- C:\WINDOWS\AppPatch
2010-01-26 08:39:36 ----SHD---- C:\System Volume Information
2010-01-26 08:39:36 ----D---- C:\WINDOWS\system32\Restore
2010-01-26 08:35:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-26 08:24:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-26 07:09:54 ----D---- C:\Zmolik
2010-01-26 07:09:43 ----RD---- C:\WINDOWS\Web
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\wbem
2010-01-26 07:09:40 ----D---- C:\WINDOWS\system32\tnrtmwuk
2010-01-26 07:09:40 ----AS---- C:\WINDOWS\system32\Vfpodbc.txt.crypted
2010-01-26 07:09:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-26 07:09:38 ----D---- C:\WINDOWS\system32\icsxml
2010-01-26 07:09:38 ----A---- C:\WINDOWS\system32\eula.txt.crypted
2010-01-26 07:09:27 ----D---- C:\WINDOWS\ShellNew
2010-01-26 07:09:27 ----A---- C:\WINDOWS\setuplog.txt.crypted
2010-01-26 07:09:21 ----D---- C:\WINDOWS\Resources
2010-01-26 07:09:14 ----A---- C:\WINDOWS\OEWABLog.txt.crypted
2010-01-26 07:09:14 ----A---- C:\WINDOWS\ntbtlog.txt.crypted
2010-01-26 07:09:10 ----SHD---- C:\WINDOWS\Installer
2010-01-26 07:09:08 ----D---- C:\WINDOWS\I386
2010-01-26 07:08:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-26 07:08:47 ----D---- C:\Temp
2010-01-26 07:08:45 ----D---- C:\Program Files\Windows Media Player
2010-01-26 07:08:44 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-26 07:08:43 ----D---- C:\Program Files\totalcmd
2010-01-26 07:07:01 ----D---- C:\Program Files\Outlook Express
2010-01-26 07:07:01 ----D---- C:\Program Files\Online Services
2010-01-26 07:06:47 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-26 07:06:47 ----D---- C:\Program Files\Messenger
2010-01-26 07:06:38 ----D---- C:\Program Files\ICQToolbar2003
2010-01-26 07:06:38 ----D---- C:\Program Files\ICQToolbar
2010-01-26 07:06:37 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-26 07:06:15 ----D---- C:\Program Files\Free Offers from Freeze.com
2010-01-26 07:06:13 ----D---- C:\Program Files\DVD Shrink
2010-01-26 07:06:13 ----D---- C:\Program Files\Common Files\Services
2010-01-26 07:05:49 ----D---- C:\OEMDRV
2010-01-26 07:05:47 ----A---- C:\lang.txt
2010-01-26 06:54:40 ----D---- C:\WINDOWS\Prefetch
2010-01-26 06:12:03 ----D---- C:\WINDOWS\security
2010-01-22 13:20:56 ----A---- C:\WINDOWS\BYZNYS.INI
2010-01-12 13:53:04 ----D---- C:\Program Files\Freeze.com
2010-01-11 11:37:15 ----D---- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-31 81280]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\baierova\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2006-05-11 247808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-11 153376]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
-----------------EOF-----------------
combofix:
ComboFix 10-01-25.05 - Baierova 26.01.2010 8:40.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.626 [GMT 1:00]
Spuštěný z: d:\!inst\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\baierova\PlochaEditorFKWP1.5.exe
c:\documents and settings\baierova\PlochaEditorFKWP2.0.exe
c:\documents and settings\baierova\Plochafilemanagerclient.exe
c:\documents and settings\baierova\Plochafkwp1.5.exe
c:\documents and settings\baierova\Plochafkwp2.0.exe
c:\documents and settings\baierova\Plochafwebd.exe
c:\documents and settings\baierova\PlochaFWebdEditor.exe
c:\documents and settings\baierova\PlochaTrojan.Win32.BlackBird.exe
c:\documents and settings\baierova\Plochavirii
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.bl.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.p.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.r.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.t.exe
c:\documents and settings\baierova\Plochavirii\Trojan-Downloader.Win32.Agent.v.exe
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\PC-Cleaner
c:\program files\SecCenter
c:\recycler\S-1-5-21-2505506699-2594242424-1360413524-500
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\FVProtect.exe
c:\windows\iTunesMusic.exe
c:\windows\mssecu.exe
c:\windows\system32akttzn.exe
c:\windows\system32anticipator.dll
c:\windows\system32awtoolb.dll
c:\windows\system32bdn.com
c:\windows\system32bsva-egihsg52.exe
c:\windows\system32dpcproxy.exe
c:\windows\system32emesx.dll
c:\windows\system32h@tkeysh@@k.dll
c:\windows\system32hoproxy.dll
c:\windows\system32hxiwlgpm.dat
c:\windows\system32hxiwlgpm.exe
c:\windows\system32medup012.dll
c:\windows\system32medup020.dll
c:\windows\system32msgp.exe
c:\windows\system32msnbho.dll
c:\windows\system32mssecu.exe
c:\windows\system32msvchost.exe
c:\windows\system32mtr2.exe
c:\windows\system32mwin32.exe
c:\windows\system32netode.exe
c:\windows\system32newsd32.exe
c:\windows\system32ps1.exe
c:\windows\system32psof1.exe
c:\windows\system32psoft1.exe
c:\windows\system32regc64.dll
c:\windows\system32regm64.dll
c:\windows\system32Rundl1.exe
c:\windows\system32smp
c:\windows\system32smp\msrc.exe
c:\windows\system32sncntr.exe
c:\windows\system32ssurf022.dll
c:\windows\system32ssvchost.com
c:\windows\system32ssvchost.exe
c:\windows\system32sysreq.exe
c:\windows\system32taack.dat
c:\windows\system32taack.exe
c:\windows\system32temp#01.exe
c:\windows\system32thun.dll
c:\windows\system32thun32.dll
c:\windows\system32VBIEWER.OCX
c:\windows\system32vbsys2.dll
c:\windows\system32vcatchpi.dll
c:\windows\system32winlogonpc.exe
c:\windows\system32winsystem.exe
c:\windows\system32WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-26 do 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 05:40 . 2010-01-26 05:40 38912 ----a-w- c:\windows\new_2.exe
2010-01-26 05:40 . 2010-01-26 05:40 57344 ----a-w- c:\windows\system32\YUMBLURV.exe
2010-01-26 05:40 . 2010-01-26 05:40 57344 ----a-w- c:\windows\new_1.exe
2010-01-26 05:39 . 2010-01-26 05:39 41984 ----a-w- c:\windows\infinum.exe
2010-01-12 12:53 . 2005-09-12 08:14 593920 ----a-w- c:\windows\Snowy Scenes Full.scr
2010-01-12 12:52 . 2010-01-12 12:52 -------- d-----w- c:\program files\Common Files\Winferno
2010-01-12 12:51 . 2006-10-09 12:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2010-01-12 12:51 . 2006-05-17 07:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2010-01-11 10:37 . 2010-01-11 10:37 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 07:50 . 2009-03-19 05:15 -------- d-----w- c:\program files\ICQ6.5
2010-01-26 07:35 . 2008-03-26 08:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 07:31 . 2008-07-28 05:38 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-26 06:09 . 2004-09-08 14:27 646 ----a-w- c:\windows\system32\drivers\gmreadme.txt.crypted
2010-01-26 06:08 . 2009-03-17 15:58 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-26 06:08 . 2007-04-24 11:34 -------- d-----w- c:\program files\totalcmd
2010-01-26 06:06 . 2009-03-17 17:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-26 06:06 . 2008-01-15 08:20 -------- d-----w- c:\program files\ICQToolbar2003
2010-01-26 06:06 . 2007-04-25 06:22 -------- d-----w- c:\program files\ICQToolbar
2010-01-26 06:06 . 2009-03-19 05:15 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-26 06:06 . 2009-12-14 11:22 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-01-26 06:06 . 2008-04-14 11:23 -------- d-----w- c:\program files\DVD Shrink
2010-01-13 05:17 . 2009-12-14 11:19 -------- d-----w- c:\program files\Winferno
2010-01-12 12:53 . 2008-10-09 11:35 -------- d-----w- c:\program files\Freeze.com
2010-01-11 10:37 . 2007-04-24 10:52 -------- d-----w- c:\program files\Java
2009-12-21 05:25 . 2009-12-21 05:25 120320 ----a-w- c:\windows\installers1.exe
2009-11-04 13:05 . 2004-09-08 14:27 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-11-04 13:05 . 2004-09-08 14:27 437832 ----a-w- c:\windows\system32\perfh005.dat
2008-10-09 11:37 . 2008-10-09 11:37 774144 ----a-w- c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\baierova\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 30720]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [6.11.2008 13:42 81920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [6.11.2008 13:42 2723840]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-26 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2010-01-12 13:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyServer = 192.168.150.1:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PowerDVD8 - c:\program files\CyberLink\PowerDVD8\PowerDVD8.exe
Notify-winblh32 - winblh32.dll
Notify-windex32 - windex32.dll
MSConfigStartUp-cioqskmt - c:\windows\system32\cioqskmt.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-xshifuru - c:\program files\xshifuru\pulkdiru.dll
AddRemove-ADRem2005 - c:\program files\ADRem2005\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 08:53
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-01-26 08:55:39
ComboFix-quarantined-files.txt 2010-01-26 07:55
Před spuštěním: Volných bajtů: 28 790 714 368
Po spuštění: Volných bajtů: 29 056 512 000
- - End Of File - - FEA7DC46589A8D8CE8926F2ED2D18330
Přispějete na provoz fóra?