NOD hlásil "fůru" trojských koní...

Zpráva

marfee · #1 Příspěvek od **marfee** » 14 úno 2010 20:23

Zdravím,
po zapnutí mého druhého počítače mi NOD32 hlásil přítomnost trojských koní na PC,bylo jich asi z 10.
V NODU je zachycených 98 hrozeb,tak to asi bude třeba vyčistit.Děkují předem!

Zde log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Standartuser at 2010-02-14 20:19:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 222 GB (93%) free of 238 GB
Total RAM: 3536 MB (83% free)

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-01-03 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-01-03 2166296]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-02-22 200704]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-17 483420]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-03-17 729088]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904]
"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-12-19 184320]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-12-22 145408]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2009-01-16 656696]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2009-01-16 95544]
"DellControlPoint"=C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-01-19 667648]
"USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2009-01-16 15360]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-06-09 2220032]
"DellConnectionManager"=C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-03-01 1810432]
""= []
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"NWEReboot"= []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"EPSON SX410 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [2008-10-01 199680]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Správce systému Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění
esport1.exe
esport2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-26 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\SamsungSoftware\APPInst.exe

======List of files/folders created in the last 1 months======

2010-02-14 20:19:08 ----D---- C:\rsit
2010-02-14 20:19:08 ----D---- C:\Program Files\trend micro
2010-02-14 20:13:43 ----A---- C:\WINDOWS\system32\flags.ini
2010-02-14 20:04:57 ----A---- C:\WINDOWS\system32\info.tmp
2010-02-14 20:01:53 ----D---- C:\Program Files\SlySoft
2010-02-10 20:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 20:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 20:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 20:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 20:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 20:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 20:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 20:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 11:07:47 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-31 11:07:29 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-31 10:40:00 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\DAEMON Tools Lite
2010-01-31 10:39:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-22 20:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-18 17:45:58 ----D---- C:\Program Files\7-Zip
2010-01-16 22:23:22 ----D---- C:\Program Files\URUSoft
2010-01-16 10:02:11 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\uTorrent
2010-01-15 23:24:29 ----D---- C:\Program Files\PSPad editor
2010-01-15 17:49:57 ----D---- C:\Program Files\RarZilla Free Unrar

======List of files/folders modified in the last 1 months======

2010-02-14 20:19:22 ----D---- C:\WINDOWS\Temp
2010-02-14 20:19:16 ----D---- C:\WINDOWS\Prefetch
2010-02-14 20:19:08 ----RD---- C:\Program Files
2010-02-14 20:13:43 ----AD---- C:\WINDOWS\system32
2010-02-14 20:05:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-14 20:05:41 ----D---- C:\WINDOWS\system32\drivers
2010-02-14 20:05:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 20:04:30 ----AD---- C:\WINDOWS
2010-02-14 20:02:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-14 15:20:39 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\Vso
2010-02-13 16:13:57 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\BSplayer
2010-02-10 20:03:31 ----HD---- C:\WINDOWS\inf
2010-02-10 20:03:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 20:03:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-04 18:26:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-03 06:37:06 ----SHD---- C:\WINDOWS\Installer
2010-02-03 06:37:05 ----SHD---- C:\Config.Msi
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-25 21:33:11 ----RSD---- C:\WINDOWS\Fonts
2010-01-22 06:39:52 ----D---- C:\HD movies
2010-01-15 05:19:10 ----D---- C:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2009-04-03 48128]
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2009-01-16 208824]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-17 112512]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-02-22 170032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-06-09 1287552]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-08-28 534440]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-08-28 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-28 991016]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-08-28 156392]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-08-28 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-28 47272]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2009-01-22 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2009-02-22 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-26 6278560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2009-02-26 109568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2009-03-01 27072]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-03 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys [2009-03-24 232744]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-17 1545795]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2008-07-22 28672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S3 a1nahjrf;a1nahjrf; C:\WINDOWS\system32\drivers\a1nahjrf.sys []
S3 AsfAlrt;AsfAlrt Service; \??\C:\WINDOWS\system32\Drivers\AsfAlrt.sys []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NvtSp50.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 atapi;Standardní řadič disku IDE/ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-14 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-08-15 342624]
R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
R2 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-02-06 443168]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-09 152984]
R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-03-01 77824]
R2 STacSV;Audio Service; c:\drivers\audio\r213367\stacsv.exe [2009-03-17 254034]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-01-14 991232]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-06-09 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-12-12 638976]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

Ještě mi vyskočilo INFO,tady to házím(třeba se bude hodit)
info.txt logfile of random's system information tool 1.06 2010-02-14 20:19:28

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent CZ 1.8.5 (build 17414)-->"C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\unins000.exe"
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81200000003}
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
All Day Battery Life Configuration-->MsiExec.exe /X{2220CF3A-EBD6-4070-94D0-0C7337B537A7}
Balíček ovladače systému Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\pbadrv_D8D224CEC214CACEA7B42A3CB4D1B2E57B753A54\pbadrv.inf
BioAPI Framework-->MsiExec.exe /X{AF7E4468-E364-4991-BC2A-6E8293E1055B}
biolsp patch-->MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Broadcom USH Host Components-->MsiExec.exe /I{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~1\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~1\BS_PLA~1\INSTALL.LOG
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DCP32MMWrapper-->MsiExec.exe /I{6705BBE4-4664-40C6-9C1B-0330FA300A5C}
Dell Button Service-->MsiExec.exe /X{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}
Dell Control Point-->MsiExec.exe /I{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}
Dell ControlPoint Connection Manager-->MsiExec.exe /I{41573DB1-9DAA-43C7-BCBC-49696A648079}
Dell ControlPoint Security Manager-->"C:\Program Files\InstallShield Installation Information\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}\setup.exe" -runfromtemp -l0x0005 -removeonly
Dell ControlPoint System Manager-->MsiExec.exe /I{62F29D1C-D526-40F4-B4D0-840F043C2CC1}
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Security Device Driver Pack-->"C:\Program Files\InstallShield Installation Information\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}\setup.exe" -runfromtemp -l0x0005 -removeonly
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Document Manager Lite-->C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0405
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Platinum 4.0.3.2-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0405
EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0405
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x0009 UNINST -removeonly
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Epson Stylus SX210_SX410_TX210_TX410 Manuál-->C:\Program Files\EPSON\TPMANUAL\ESSX210_410_TX210_410\CZE\USE_G\DOCUNINS.EXE
EPSON SX410 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFCE.EXE /R /APD /P:"EPSON SX410 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ESET NOD32 Antivirus-->MsiExec.exe /I{31FEA631-B78A-4695-859E-D33CD5CF4BE4}
Gemalto-->MsiExec.exe /I{BC52E419-B185-488F-9973-049A88E5DCBE}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Network Connections 13.0.42.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Intel(R) PRO Alerting Agent-->MsiExec.exe /X{6EA8A52B-8EA1-4A59-85AB-48132299061A}
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{129DDEC1-A6A3-3D60-AABE-76E6E5334922}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Czech Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Czech Language Pack\setup.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->MsiExec.exe /X{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nástroj pro bezdrátovou kartu WLAN Dell-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} /l1029
NTRU TCG Software Stack-->MsiExec.exe /I{BB93D30B-B395-44BB-A9ED-A0E057F07E53}
Opera 10.10-->MsiExec.exe /X{690BE098-6D0D-493D-B079-BD7E8F81A141}
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
PowerDVD DX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0405
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
RarZilla Free Unrar 2.53-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
Secure Update-->C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0405
Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0405
SO32MMWrapper-->MsiExec.exe /I{173497F1-F291-4AA7-943E-61CB9378771D}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SRS Premium Sound-->MsiExec.exe /X{9C875FEA-B49E-49F7-AE62-0F9B91F90982}
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
TomTom HOME 2.6.2.1586-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Trusted Drive Manager-->MsiExec.exe /I{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}
tsp patch-->MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Wave Infrastructure Installer-->MsiExec.exe /I{A23C3636-4F99-4A34-972C-F395E85DFEC0}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0405
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (CSY)-->MsiExec.exe /X{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation CS Language Pack-->MsiExec.exe /I{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: NB01
Event Code: 4202
Message: Sytém zjistil, že síťový adaptér \DEVICE\TCPIP_{2D479802-69C9-4D48-B46D-60312B3501E9} byl odpojen od sítě
a síťová konfigurace adaptéru byla uvolněna. Pokud síťový
adaptér nebyl odpojen, může to znamenat, že nepracoval správně.
Obraťte se na dodavatele a požádejte o aktualizované ovladače.

Record Number: 8663
Source Name: Tcpip
Time Written: 20100109184309.000000+060
Event Type: Informace
User:

Computer Name: NB01
Event Code: 27
Message: Intel(R) 82567LM Gigabit Network Connection
Link has been disconnected.

Record Number: 8662
Source Name: e1yexpress
Time Written: 20100109184304.000000+060
Event Type: Upozornění
User:

Computer Name: NB01
Event Code: 36
Message: Služba Systémový čas nemohla synchronizovat systémový čas
o 49152 sekund, protože žádný ze zprostředkovatelů časových údajů neposkytnul použitelné časové razítko. Systémové hodiny nejsou synchronizovány.

Record Number: 8661
Source Name: W32Time
Time Written: 20100109075021.000000+060
Event Type: Upozornění
User:

Computer Name: NB01
Event Code: 8033
Message: Prohledávač vyvolal v síti \Device\NetBT_Tcpip_{2D479802-69C9-4D48-B46D-60312B3501E9} volby, protože hlavní prohledávač byl zastaven.

Record Number: 8660
Source Name: BROWSER
Time Written: 20100108181103.000000+060
Event Type: Informace
User:

Computer Name: NB01
Event Code: 1002
Message: Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 002170F97141 byla
serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Record Number: 8659
Source Name: Dhcp
Time Written: 20100108181102.000000+060
Event Type: Chyba
User:

=====Application event log=====

Computer Name: NB01
Event Code: 0
Message: Služba byla úspěšně spuštěna.

Record Number: 2672
Source Name: TdmService
Time Written: 20091123160804.000000+060
Event Type: Informace
User:

Computer Name: NB01
Event Code: 1
Message: Nelze určit stav bezpečnostního čipu TPM.

Record Number: 2671
Source Name: Wave TCG Client Services
Time Written: 20091123160804.000000+060
Event Type: Upozornění
User:

Computer Name: NB01
Event Code: 123
Message: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Record Number: 2670
Source Name: Wave TCG Client Services
Time Written: 20091123160801.000000+060
Event Type: Chyba
User:

Computer Name: NB01
Event Code: 123
Message: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Record Number: 2669
Source Name: Wave TCG Client Services
Time Written: 20091123160801.000000+060
Event Type: Chyba
User:

Computer Name: NB01
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2668
Source Name: SecurityCenter
Time Written: 20091123160801.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 14 úno 2010 20:25

Zdravím

Na logu se pracuje, prosím o strpení.

info.txt příště dávejte jen na vyžádání.

#3 Příspěvek od **Caroprd111** » 14 úno 2010 20:27

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

marfee · #4 Příspěvek od **marfee** » 14 úno 2010 20:48

info.txt příště dávejte jen na vyžádání.

Omlouvám se,už se to nestane

Zde log z CF
----------------------------------------------------------------------------
ComboFix 10-02-12.01 - Standartuser 14.02.2010 20:37:04.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3536.3106 [GMT 1:00]
Spuštěný z: c:\documents and settings\Standartuser\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Standartuser\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\flags.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\uses32.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 19:19 . 2010-02-14 19:19 -------- d-----w- C:\rsit
2010-02-14 19:19 . 2010-02-14 19:19 -------- d-----w- c:\program files\trend micro
2010-02-14 19:05 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-14 19:05 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-14 19:05 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-14 19:05 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-14 19:01 . 2010-02-14 19:01 -------- d-----w- c:\program files\SlySoft
2010-01-31 10:07 . 2010-01-31 10:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 10:07 . 2010-01-31 10:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-31 09:40 . 2010-01-31 09:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-18 16:45 . 2010-01-18 16:46 -------- d-----w- c:\program files\7-Zip
2010-01-16 21:23 . 2010-01-16 21:23 -------- d-----w- c:\program files\URUSoft
2010-01-15 22:24 . 2010-01-15 22:24 -------- d-----w- c:\program files\PSPad editor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 17:26 . 2008-05-07 23:42 83586 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 17:26 . 2008-05-07 23:42 439390 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 16:49 . 2010-01-15 16:49 -------- d-----w- c:\program files\RarZilla Free Unrar
2010-01-13 23:16 . 2010-01-02 11:37 -------- d-----w- c:\program files\JDownloader
2010-01-03 16:18 . 2009-12-25 11:31 -------- d-----w- c:\program files\BS_Player
2010-01-01 09:58 . 2009-12-27 13:11 -------- d-----w- c:\program files\Nokia
2009-12-31 16:50 . 2008-05-07 23:42 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 13:14 . 2009-06-09 14:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 11:31 . 2009-12-25 11:31 -------- d-----w- c:\program files\Conduit
2009-12-22 05:09 . 2008-05-07 23:42 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2008-05-07 23:42 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2008-05-08 04:52 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-05-07 23:42 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-05-07 23:42 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-05-07 23:42 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-05-07 23:42 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2008-05-07 23:42 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-05-07 23:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-05-07 23:42 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2008-05-07 23:42 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 20:29 . 2009-10-29 20:21 57181888 ----a-w- c:\program files\Nero-9.4.12.3d_free.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-01-03 16:18 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-09 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Standartuser\Nabˇdka Start\Programy\Po spuçtŘnˇ\
esport1.exe [2010-2-14 20992]
esport2.exe [2010-2-14 48960]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Spr vce syst‚mu Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Standartuser\\Data aplikací\\uTorrent\\utorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 35168]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19.4.2007 5:56 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29.12.2008 11:07 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [22.1.2009 10:19 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [22.1.2009 10:19 20840]
R2 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [6.2.2009 20:06 443168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 12:25 472280]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [1.3.2009 18:09 77824]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8.4.2009 11:38 92008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10.6.2009 0:02 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10.6.2009 0:02 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10.6.2009 0:02 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10.6.2009 0:02 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [9.6.2009 15:53 232744]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.1.2010 10:40 691696]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\asfalrt.sys [19.4.2007 5:28 42832]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {2D479802-69C9-4D48-B46D-60312B3501E9} = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-CTFMON - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\wvauth.dll
.
Celkový čas: 2010-02-14 20:41:06
ComboFix-quarantined-files.txt 2010-02-14 19:41

Před spuštěním: Volných bajtů: 234 575 962 112
Po spuštění: Volných bajtů: 234 916 278 272

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 53F32136A1670DE3A681B61F896157CC

#5 Příspěvek od **Caroprd111** » 14 úno 2010 20:52

OK, podívám se na to.

#6 Příspěvek od **Caroprd111** » 14 úno 2010 21:11

Doporučuji odinstalovat:
C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\utorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Tohle otestujte na http://www.virustotal.com/cs/
C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport1.exe
C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport2.exe

(Soubory nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem vložte.)

Znáte tyto soubory

Dejte log nový z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

Jak to vypadá s PC

marfee · #7 Příspěvek od **marfee** » 14 úno 2010 21:26

a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.14 -
AntiVir 7.9.1.170 2010.02.14 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.14 -
Avast 4.8.1351.0 2010.02.14 -
AVG 9.0.0.730 2010.02.14 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 (Suspicious) - DNAScan
ClamAV 0.96.0.0-git 2010.02.13 -
Comodo 3937 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.14 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5892 2010.02.14 Suspect-02!FF1CB0C2868C
McAfee+Artemis 5892 2010.02.14 Suspect-02!FF1CB0C2868C
McAfee-GW-Edition 6.8.5 2010.02.14 -
Microsoft 1.5406 2010.02.14 -
NOD32 4865 2010.02.14 -
Norman 6.04.08 2010.02.14 -
nProtect 2009.1.8.0 2010.02.14 -
Panda 10.0.2.2 2010.02.14 -
PCTools 7.0.3.5 2010.02.14 -
Rising 22.34.01.03 2010.02.11 Packer.Win32.UnkPacker.a
Sophos 4.50.0 2010.02.14 -
Sunbelt 5677 2010.02.14 -
Symantec 20091.2.0.41 2010.02.14 Suspicious.Insight
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.14 -
Rozšiřující informace
File size: 20992 bytes
MD5...: ff1cb0c2868c7909e143a94cd629fd0b
SHA1..: adad840d222122dd147d69f519496f844cf029f6
SHA256: 5daf20722de120c28ac1cc92963fd9905d3940635df0ace443e1c1c71da5d08f
ssdeep: 384:mLmE+npn67ENbcFS73QQwHA1R5irUMYHEyg2Q16Sl2ZzW+09y:8mDh6WcFS7
3b+AJirUM39dfl2Z0
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54b1
timedatestamp.....: 0x459af1ad (Tue Jan 02 23:58:37 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.textbss 0x1000 0x3028 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x5000 0xc98 0xe00 6.20 adee13ca1774ec4b135661d0bbf3dcf7
.rdata 0x6000 0x5ac 0x600 4.72 011150d68e2aeadb9293cfdc6db68fa5
.data 0x7000 0x3044 0x3200 7.19 67acaabb6ffea8fd3b1e1b190869acad
.rsrc 0xb000 0x6ca 0x800 4.05 9deb1d44f4e0482a3e0ff590c9957e14

( 5 imports )
> WS2HELP.dll: WahCloseHandleHelper, WahCloseThread, WahCreateSocketHandle, WahCompleteRequest, WahCreateNotificationHandle, WahWaitForNotification, WahCreateHandleContextTable, WahCloseNotificationHandleHelper, WahCloseSocketHandle
> OLEAUT32.dll: SysFreeString, VariantClear, GetActiveObject, SafeArrayCreate, SysAllocStringByteLen
> KERNEL32.dll: GetModuleHandleA, VirtualAlloc, GetTickCount, GetCurrentThreadId, TerminateProcess, GetCurrentProcessId, GetCurrentProcess, GetStartupInfoA
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA, RegOpenKeyExW
> MSVCRT.dll: _access, _assert, _chdir, __getmainargs, __p__commode, __setusermatherr, _XcptFilter, _initterm, __set_app_type, exit, _c_exit, _except_handler3, _cabs, _beep, _atoi64, _acmdln, __p__fmode, _adjust_fdiv, _exit, _atoldbl

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows_ Internet Explorer
description..: ADVPACK
original name: ADVPACK.DLL
internal name: ADVPACK.DLL
file version.: 7.00.5730.13 (longhorn(wmbla).070711-1130)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

--------------------------------------------------------
druhý soubor
--------------------------------------------------------
a-squared 4.5.0.50 2010.02.14 -
AhnLab-V3 5.0.0.2 2010.02.14 -
AntiVir 7.9.1.170 2010.02.14 -
Antiy-AVL 2.0.3.7 2010.02.14 -
Authentium 5.2.0.5 2010.02.14 -
Avast 4.8.1351.0 2010.02.14 -
AVG 9.0.0.730 2010.02.14 -
BitDefender 7.2 2010.02.14 -
CAT-QuickHeal 10.00 2010.02.13 -
ClamAV 0.96.0.0-git 2010.02.13 Trojan.Agent-132351
Comodo 3937 2010.02.14 -
DrWeb 5.0.1.12222 2010.02.14 -
eSafe 7.0.17.0 2010.02.14 -
eTrust-Vet 35.2.7300 2010.02.12 -
F-Prot 4.5.1.85 2010.02.13 -
F-Secure 9.0.15370.0 2010.02.13 -
Fortinet 4.0.14.0 2010.02.14 -
GData 19 2010.02.14 -
Ikarus T3.1.1.80.0 2010.02.14 -
Jiangmin 13.0.900 2010.02.14 TrojanDropper.Agent.aboi
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.14 -
McAfee 5892 2010.02.14 -
McAfee+Artemis 5892 2010.02.14 -
McAfee-GW-Edition 6.8.5 2010.02.14 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.5406 2010.02.14 -
NOD32 4865 2010.02.14 -
Norman 6.04.08 2010.02.14 -
nProtect 2009.1.8.0 2010.02.14 -
Panda 10.0.2.2 2010.02.14 -
PCTools 7.0.3.5 2010.02.14 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.14 -
Sunbelt 5677 2010.02.14 -
Symantec 20091.2.0.41 2010.02.14 Suspicious.Insight
TheHacker 6.5.1.4.193 2010.02.14 -
TrendMicro 9.120.0.1004 2010.02.14 -
VBA32 3.12.12.2 2010.02.14 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.14 -
Rozšiřující informace
File size: 48960 bytes
MD5...: 7a8bb882de31f8f9cd32955235a134fb
SHA1..: a8ae5384c0294957b07bd4aa6edbf09d1954a666
SHA256: 08d31732ff45dc8308ce02cbfc58360bb439c8f24c7e826c3983d786c258fb7e
ssdeep: 768:mMGXcmtYLDQ/sKQRm3vnzrKHgwYMGv8uS08p4MrGYF/O71mJyf/8iZB4Hj1g
KiRU:2wLD8sK0m3aHUMwLZmJpXD1gKK4Pl
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x323f
timedatestamp.....: 0x49a05a0f (Sat Feb 21 19:46:23 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5ba2 0x5c00 6.51 2cec663f64ef38694dc96bb9f9cb766d
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x3997d8 0x400 4.71 b9d0aa986d9e766521436f5ad38cd7c5
.ndata 0x3a3000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3ab000 0x6c8 0x800 2.93 ac1f9676cea90d22746897eab80b17f1

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS

Soubory mi nic neřikají.

----------------------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Standartuser at 2010-02-14 21:27:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 224 GB (94%) free of 238 GB
Total RAM: 3536 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:01, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Standartuser\Plocha\RSIT.exe
C:\Program Files\trend micro\Standartuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: esport1.exe
O4 - Startup: esport2.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Správce systému Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D479802-69C9-4D48-B46D-60312B3501E9}: NameServer = 10.0.0.138
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Správce systému Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9841 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-01-03 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-01-03 2166296]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-02-22 200704]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-17 483420]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-03-17 729088]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-04 186904]
"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-12-19 184320]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-12-22 145408]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2009-01-16 656696]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2009-01-16 95544]
"DellControlPoint"=C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-01-19 667648]
"USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2009-01-16 15360]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-06-09 2220032]
"DellConnectionManager"=C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-03-01 1810432]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Správce systému Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění
esport1.exe
esport2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-26 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Standartuser\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-14 20:41:16 ----SD---- C:\WINDOWS\Cookies
2010-02-14 20:41:07 ----A---- C:\ComboFix.txt
2010-02-14 20:34:30 ----A---- C:\Boot.bak
2010-02-14 20:34:18 ----RASHD---- C:\cmdcons
2010-02-14 20:32:31 ----A---- C:\WINDOWS\zip.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\SWREG.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\sed.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\PEV.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\MBR.exe
2010-02-14 20:32:31 ----A---- C:\WINDOWS\grep.exe
2010-02-14 20:32:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-14 20:32:30 ----A---- C:\WINDOWS\SWSC.exe
2010-02-14 20:32:13 ----D---- C:\WINDOWS\ERDNT
2010-02-14 20:30:36 ----D---- C:\ComboFix
2010-02-14 20:30:28 ----D---- C:\Qoobox
2010-02-14 20:19:08 ----D---- C:\rsit
2010-02-14 20:19:08 ----D---- C:\Program Files\trend micro
2010-02-14 20:01:53 ----D---- C:\Program Files\SlySoft
2010-02-10 20:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 20:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 20:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 20:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 20:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 20:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 20:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 20:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-31 11:07:47 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-31 11:07:29 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-31 10:40:00 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\DAEMON Tools Lite
2010-01-31 10:39:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-01-22 20:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-18 17:45:58 ----D---- C:\Program Files\7-Zip
2010-01-16 22:23:22 ----D---- C:\Program Files\URUSoft
2010-01-16 10:02:11 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\uTorrent
2010-01-15 23:24:29 ----D---- C:\Program Files\PSPad editor
2010-01-15 17:49:57 ----D---- C:\Program Files\RarZilla Free Unrar

======List of files/folders modified in the last 1 months======

2010-02-14 21:27:55 ----D---- C:\WINDOWS\Temp
2010-02-14 20:41:16 ----AD---- C:\WINDOWS
2010-02-14 20:40:22 ----A---- C:\WINDOWS\system.ini
2010-02-14 20:39:51 ----AD---- C:\WINDOWS\system32
2010-02-14 20:38:40 ----D---- C:\WINDOWS\system32\drivers
2010-02-14 20:38:40 ----D---- C:\WINDOWS\AppPatch
2010-02-14 20:38:38 ----D---- C:\Program Files\Common Files
2010-02-14 20:36:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 20:35:01 ----SHD---- C:\System Volume Information
2010-02-14 20:35:01 ----D---- C:\WINDOWS\system32\Restore
2010-02-14 20:34:30 ----RASH---- C:\boot.ini
2010-02-14 20:33:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-14 20:19:25 ----D---- C:\WINDOWS\Prefetch
2010-02-14 20:19:08 ----RD---- C:\Program Files
2010-02-14 20:05:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-14 15:28:12 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\Vso
2010-02-13 16:13:57 ----D---- C:\Documents and Settings\Standartuser\Data aplikací\BSplayer
2010-02-10 20:03:31 ----HD---- C:\WINDOWS\inf
2010-02-10 20:03:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 20:03:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-04 18:26:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 18:21:47 ----D---- C:\Config.Msi
2010-02-03 06:37:06 ----SHD---- C:\WINDOWS\Installer
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-25 21:33:11 ----RSD---- C:\WINDOWS\Fonts
2010-01-22 06:39:52 ----D---- C:\HD movies
2010-01-15 05:19:10 ----D---- C:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2009-04-03 48128]
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2009-01-16 208824]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-17 112512]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-02-22 170032]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-06-09 1287552]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-08-28 534440]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-08-28 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-28 991016]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-08-28 156392]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-08-28 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-28 47272]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2009-01-22 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2009-02-22 244368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-26 6278560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2009-02-26 109568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2009-03-01 27072]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-03 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys [2009-03-24 232744]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-17 1545795]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2008-07-22 28672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S3 AsfAlrt;AsfAlrt Service; \??\C:\WINDOWS\system32\Drivers\AsfAlrt.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\STANDA~1\LOCALS~1\Temp\catchme.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\STANDA~1\LOCALS~1\Temp\mbr.sys []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NvtSp50.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 atapi;Standardní řadič disku IDE/ESDI; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-14 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-08-15 342624]
R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-01-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-01-22 20840]
R2 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-02-06 443168]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-04 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-09 152984]
R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-03-01 77824]
R2 STacSV;Audio Service; c:\drivers\audio\r213367\stacsv.exe [2009-03-17 254034]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856]
S2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-01-14 991232]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-06-09 24064]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-12-12 638976]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

PC fungoval do teď normálně, po instalaci CloneCD po požadovaném restartu NOD 32 ohlásil přítomnost trojských koní.Dál jsem pro případ instalační soubor CloneCD testovat a NOD32 nic nenašel.

#8 Příspěvek od **Caroprd111** » 14 úno 2010 21:34

Pokud nemáte, přesuňte Combofix na plochu
- otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport1.exe
C:\Documents and Settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport2.exe

- uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Obrázek

- po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Kde přesně NOD32 viry hlásí

marfee · #9 Příspěvek od **marfee** » 14 úno 2010 21:42

ComboFix 10-02-12.01 - Standartuser 14.02.2010 21:38:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3536.2984 [GMT 1:00]
Spuštěný z: c:\documents and settings\Standartuser\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Standartuser\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport1.exe"
"c:\documents and settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport2.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport1.exe
c:\documents and settings\Standartuser\Nabídka Start\Programy\Po spuštění\esport2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 19:41 . 2010-02-14 19:41 -------- d-s---w- c:\windows\Cookies
2010-02-14 19:19 . 2010-02-14 20:28 -------- d-----w- c:\program files\trend micro
2010-02-14 19:19 . 2010-02-14 19:19 -------- d-----w- C:\rsit
2010-02-14 19:05 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-14 19:05 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-14 19:05 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-14 19:05 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-02-14 19:01 . 2010-02-14 19:01 -------- d-----w- c:\program files\SlySoft
2010-01-31 10:07 . 2010-01-31 10:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-31 10:07 . 2010-01-31 10:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-31 09:40 . 2010-01-31 09:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-18 16:45 . 2010-01-18 16:46 -------- d-----w- c:\program files\7-Zip
2010-01-16 21:23 . 2010-01-16 21:23 -------- d-----w- c:\program files\URUSoft
2010-01-15 22:24 . 2010-01-15 22:24 -------- d-----w- c:\program files\PSPad editor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 17:26 . 2008-05-07 23:42 83586 ----a-w- c:\windows\system32\perfc005.dat
2010-02-04 17:26 . 2008-05-07 23:42 439390 ----a-w- c:\windows\system32\perfh005.dat
2010-01-15 16:49 . 2010-01-15 16:49 -------- d-----w- c:\program files\RarZilla Free Unrar
2010-01-13 23:16 . 2010-01-02 11:37 -------- d-----w- c:\program files\JDownloader
2010-01-03 16:18 . 2009-12-25 11:31 -------- d-----w- c:\program files\BS_Player
2010-01-01 09:58 . 2009-12-27 13:11 -------- d-----w- c:\program files\Nokia
2009-12-31 16:50 . 2008-05-07 23:42 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 13:14 . 2009-06-09 14:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 11:31 . 2009-12-25 11:31 -------- d-----w- c:\program files\Conduit
2009-12-22 05:09 . 2008-05-07 23:42 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2008-05-07 23:42 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2008-05-08 04:52 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-05-07 23:42 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-05-07 23:42 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-05-07 23:42 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-05-07 23:42 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2008-05-07 23:42 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-05-07 23:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-05-07 23:42 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2008-05-07 23:42 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 20:29 . 2009-10-29 20:21 57181888 ----a-w- c:\program files\Nero-9.4.12.3d_free.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-14_19.40.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-14 19:41 . 2010-02-14 19:32 16384 c:\windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-01-03 16:18 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-01-03 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 09:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-09 2220032]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Spr vce syst‚mu Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 12:27 35168]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19.4.2007 5:56 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29.12.2008 11:07 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [22.1.2009 10:19 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [22.1.2009 10:19 20840]
R2 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [6.2.2009 20:06 443168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.8.2008 12:25 472280]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [1.3.2009 18:09 77824]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8.4.2009 11:38 92008]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10.6.2009 0:02 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10.6.2009 0:02 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10.6.2009 0:02 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10.6.2009 0:02 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [9.6.2009 15:53 232744]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.1.2010 10:40 691696]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\asfalrt.sys [19.4.2007 5:28 42832]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {2D479802-69C9-4D48-B46D-60312B3501E9} = 10.0.0.138
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 21:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\wvauth.dll
.
Celkový čas: 2010-02-14 21:40:36
ComboFix-quarantined-files.txt 2010-02-14 20:40
ComboFix2.txt 2010-02-14 19:41

Před spuštěním: Volných bajtů: 234 952 192 000
Po spuštění: Volných bajtů: 234 932 822 016

- - End Of File - - A5F1371F10C4CB69AF56A9DE963F7B6B

Přesně si nepamatuji,ale tuším že se soubory nacházely většinou v systemových složkách.
NOD ale hlásil po restartu,teď mlčí.

#10 Příspěvek od **Caroprd111** » 14 úno 2010 21:45

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Doporučuji aktualizovat Adobe Reader http://www.stahuj.centrum.cz/podnikani_ ... batreader/

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
- Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
- Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

OK

Zavřít

#11 Příspěvek od **Caroprd111** » 15 úno 2010 06:29

SZ

Pokud nejde ComboFix odinstalovat, použijte jen T-cleaner, CCleaner a OTC

Žádné další logy od vás nepotřebuji, jestli uděláte kontrolu NODem, to je jen na vás.

marfee · #12 Příspěvek od **marfee** » 15 úno 2010 17:22

Dobře,děkují za pomoc,NOD teda už žádne infikované soubory nenašel(to jich tam bylo 96

)

Ještě jednou díky!

Hezký den!

#13 Příspěvek od **Caroprd111** » 15 úno 2010 17:37

Nemáte zač

VIRY.CZ

NOD hlásil "fůru" trojských koní...

NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...

Re: NOD hlásil "fůru" trojských koní...