Vir WINESM32.exe

Zpráva

kubulala · #1 Příspěvek od **kubulala** » 02 bře 2010 17:41

Dobrý den, potřeboval bych rovněž pomoci s odstraněním viru winesm32.exe
Od dnešního rána se mi začal v běžících procesech objevovat jeden ze svchost procesů, který vytěžuje procesor na 99%. Po vyčištění spybotem mi již nic nenachází, ale Microsoft Security Essentials mi stále po spuštění windows maže nějaký trojan a zobrazuje hlášení že se v nabídce start po spuštění vyskytuje winesm32.exe Prosím tedy o pomoc s odstraněním.

Zde je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Lada at 2010-03-02 17:24:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (11%) free of 57 GB
Total RAM: 1919 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:55, on 2.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lada\Plocha\RSIT.exe
C:\Program Files\trend micro\Lada.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LogMeIn Tray - Unknown owner - C:\script\XYNTService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-04-13 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-04-13 491520]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2008-04-12 106496]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-04-12 98393]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-12 688217]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-08-25 32768]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe [2008-04-14 29696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-06 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe"="C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe:*:Enabled:HW Virtual Serial Port Single"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-02 17:24:31 ----D---- C:\Program Files\trend micro
2010-03-02 17:24:30 ----D---- C:\rsit
2010-03-02 17:07:00 ----A---- C:\ComboFix.txt
2010-03-02 16:58:37 ----A---- C:\Boot.bak
2010-03-02 16:58:30 ----RASHD---- C:\cmdcons
2010-03-02 16:55:14 ----A---- C:\WINDOWS\zip.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\sed.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\grep.exe
2010-03-02 16:55:05 ----D---- C:\WINDOWS\ERDNT
2010-03-02 16:52:18 ----D---- C:\Qoobox
2010-03-02 14:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-02 14:05:01 ----A---- C:\WindowsXP-KB927891-v3-x86-CSY.exe
2010-03-02 14:03:42 ----A---- C:\windowsupdateagent30-x86.exe
2010-03-02 14:03:40 ----A---- C:\fix_svchost.bat
2010-03-02 09:32:15 ----D---- C:\26a18bf296edf3c510153637e6d76c
2010-02-27 19:52:01 ----RA---- C:\WINDOWS\system32\FTLang.dll
2010-02-27 19:52:00 ----RA---- C:\WINDOWS\system32\ftserui2.dll
2010-02-27 19:51:15 ----RA---- C:\WINDOWS\system32\ftd2xx.dll
2010-02-27 19:51:14 ----RA---- C:\WINDOWS\system32\ftbusui.dll
2010-02-24 09:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 11:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\SYSTEM.INI
2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\PROTOCOL.INI
2010-02-06 19:16:59 ----D---- C:\Program Files\STIEBEL ELTRON
2010-02-06 19:14:56 ----D---- C:\Documents and Settings\Lada\Data aplikací\HW group
2010-02-06 19:14:37 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-06 19:13:59 ----D---- C:\Program Files\HW group

======List of files/folders modified in the last 1 months======

2010-03-02 17:24:31 ----RD---- C:\Program Files
2010-03-02 17:24:18 ----A---- C:\WINDOWS\TRNCOM.INI
2010-03-02 17:07:09 ----D---- C:\WINDOWS\Temp
2010-03-02 17:04:34 ----D---- C:\WINDOWS
2010-03-02 17:04:34 ----A---- C:\WINDOWS\system.ini
2010-03-02 17:03:29 ----D---- C:\WINDOWS\system32
2010-03-02 17:02:35 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 17:02:35 ----D---- C:\WINDOWS\AppPatch
2010-03-02 17:02:22 ----D---- C:\Program Files\Common Files
2010-03-02 16:59:54 ----SD---- C:\WINDOWS\Tasks
2010-03-02 16:59:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-02 16:58:37 ----RASH---- C:\boot.ini
2010-03-02 16:55:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-02 16:55:00 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-02 16:38:39 ----A---- C:\WINDOWS\win.ini
2010-03-02 16:37:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-02 16:37:24 ----D---- C:\Program Files\Internet Explorer
2010-03-02 16:10:52 ----D---- C:\WINDOWS\system32\config
2010-03-02 14:31:33 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-02 14:22:21 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-02 14:15:45 ----D---- C:\Documents and Settings
2010-03-02 12:25:31 ----D---- C:\Program Files\Mozilla Firefox
2010-03-02 12:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-02 11:31:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-02 11:29:36 ----D---- C:\WINDOWS\system32\wbem
2010-03-02 11:29:35 ----D---- C:\WINDOWS\Registration
2010-03-02 11:27:22 ----D---- C:\WINDOWS\system32\Restore
2010-03-02 11:18:10 ----D---- C:\Documents and Settings\Lada\Data aplikací\Skype
2010-03-02 10:01:19 ----SHD---- C:\WINDOWS\CSC
2010-03-02 09:25:50 ----D---- C:\Documents and Settings\Lada\Data aplikací\skypePM
2010-03-02 09:14:42 ----D---- C:\WINDOWS\Prefetch
2010-03-02 07:48:18 ----D---- C:\Program Files\LogMeIn
2010-02-27 19:51:59 ----HD---- C:\WINDOWS\inf
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-19 09:03:53 ----D---- C:\Stazene
2010-02-18 17:00:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-10 11:17:50 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:17:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:17:40 ----SHD---- C:\WINDOWS\Installer
2010-02-10 11:17:40 ----D---- C:\Config.Msi
2010-02-06 19:14:52 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-25 11904]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-16 20747]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2008-04-12 191092]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-12 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2008-04-12 6100]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2008-04-12 230656]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-03 261632]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-12 32256]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2008-04-12 635152]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2008-04-12 13312]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-12 188928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-05-19 27904]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
S3 catchme;catchme; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\WINDOWS\System32\DRIVERS\evserial.sys [2008-05-19 53888]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 mbr;mbr; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2008-04-12 1301488]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2008-04-12 180664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2008-04-12 95760]
S3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-06 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-10-16 848888]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LogMeIn Tray;LogMeIn Tray; C:\script\XYNTService.exe [2008-09-01 45056]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-12 45056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 02 bře 2010 17:44

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 02 bře 2010 17:57

Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]

:commands
[EmptyTemp]
[Reboot]

Vložte sem log C:\ComboFix.txt

kubulala · #4 Příspěvek od **kubulala** » 02 bře 2010 18:54

Mám tedy spustit i ComboFix a přiložit log z něj nebo chcete log z OTM? Ten je zde:

All processes killed
========== FILES ==========
File move failed. C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Bruk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Lada
->Temp folder emptied: 1669471 bytes
->Temporary Internet Files folder emptied: 3646412 bytes
->Java cache emptied: 1083799 bytes
->FireFox cache emptied: 40664974 bytes
->Flash cache emptied: 20224 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService
->Temp folder emptied: 4554 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 18790344 bytes
%systemroot%\System32\dllcache .tmp files removed: 57344 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10321 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65,00 mb

OTM by OldTimer - Version 3.1.10.0 log created on 03022010_184051

Files moved on Reboot...
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temp\~DFE8D.tmp moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\afr[1].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\afr[2].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#5 Příspěvek od **Caroprd111** » 02 bře 2010 18:58

Vložte sem log, který se nachází v C:\ComboFix.txt

kubulala · #6 Příspěvek od **kubulala** » 02 bře 2010 19:02

tak tady je. ale je to ten původní log, který byl vytvořen ještě před spuštěním OTM co jsem pouštěl před chvíli.

ComboFix 10-03-01.04 - Lada 02.03.2010 17:00:02.1.1 - x86

Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1415 [GMT 1:00]

Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\win.ini

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-02 do 2010-03-02 )))))))))))))))))))))))))))))))

.

2010-03-02 13:05 . 2010-03-02 10:01 1273224 ----a-w- C:\WindowsXP-KB927891-v3-x86-CSY.exe

2010-03-02 13:03 . 2010-03-02 10:02 6216032 ----a-w- C:\windowsupdateagent30-x86.exe

2010-03-02 13:03 . 2010-03-02 10:02 3038 ----a-w- C:\fix_svchost.bat

2010-03-02 10:29 . 2010-03-02 10:29 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-02 08:32 . 2010-03-02 10:29 -------- d-----w- C:\26a18bf296edf3c510153637e6d76c

2010-03-02 08:04 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-03-02 08:04 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-03-02 08:04 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-03-02 08:04 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-03-02 08:02 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-03-02 08:02 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-02-27 18:52 . 2007-06-27 06:10 107840 ----a-r- c:\windows\system32\FTLang.dll

2010-02-27 18:52 . 2007-06-27 06:06 47432 ----a-r- c:\windows\system32\ftserui2.dll

2010-02-27 18:52 . 2007-06-27 06:04 71488 ----a-r- c:\windows\system32\drivers\ftser2k.sys

2010-02-27 18:51 . 2007-06-27 06:10 202048 ----a-r- c:\windows\system32\ftd2xx.dll

2010-02-27 18:51 . 2007-06-27 06:10 111936 ----a-r- c:\windows\system32\ftbusui.dll

2010-02-27 18:51 . 2007-06-27 06:05 53184 ----a-r- c:\windows\system32\drivers\ftdibus.sys

2010-02-06 18:16 . 2010-02-06 18:16 -------- d-----w- c:\program files\STIEBEL ELTRON

2010-02-06 18:15 . 2008-05-19 15:01 53888 ----a-w- c:\windows\system32\drivers\evserial.sys

2010-02-06 18:14 . 2010-02-06 18:14 -------- d-----w- c:\temp\comsoft_stiebel_eltron_-_vers._3.4.0_rev

2010-02-06 18:14 . 2008-05-19 15:01 27904 ----a-w- c:\windows\system32\drivers\evsbc.sys

2010-02-06 18:13 . 2010-02-06 18:13 -------- d-----w- c:\program files\HW group

2010-02-06 18:06 . 2010-01-30 22:42 2129840 ----a-w- c:\temp\hw-vsp3-single_3-1-0.exe

2010-02-01 17:25 . 2010-02-01 17:25 -------- d-----w- c:\program files\Network Stumbler

.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-02 11:05 . 2008-08-09 19:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-03-02 10:31 . 2006-03-02 12:00 441324 ----a-w- c:\windows\system32\perfh005.dat

2010-03-02 10:31 . 2006-03-02 12:00 83940 ----a-w- c:\windows\system32\perfc005.dat

2010-03-02 06:48 . 2008-09-01 18:50 -------- d-----w- c:\program files\LogMeIn

2010-02-24 08:16 . 2009-11-01 10:39 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-01-26 11:50 . 2010-01-26 11:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-16 21:32 . 2009-06-22 07:06 -------- d-----w- c:\program files\Common Files\Nokia

2010-01-16 21:32 . 2008-07-14 19:36 -------- d-----w- c:\program files\Nokia

2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 09:57 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-17 07:42 . 2008-04-12 11:01 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:11 . 2006-03-02 12:00 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:11 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2008-04-12 106496]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-12 98393]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-12 688217]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"SiSPower"="SiSPower.dll" [2005-08-25 49152]

"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-08-25 32768]

"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Lada\Nabˇdka Start\Programy\Po spuçtŘnˇ\

winesm32.exe [2008-4-14 29696]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\

Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-1-16 593920]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-4-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-06 07:31 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]

path=c:\documents and settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe

backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2008-02-22 15:58 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-10 04:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HW group\\HW VSP3s\\HW_VSP3s.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28.2.2008 14:31 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1.9.2008 19:51 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3.10.2008 18:43 203280]

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [12.4.2008 19:07 191092]

R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [12.4.2008 19:07 6100]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [6.2.2010 19:14 27904]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 9:01 716272]

S2 LogMeIn Tray;LogMeIn Tray;c:\script\XYNTService.exe [1.9.2008 19:51 45056]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [6.2.2010 19:15 53888]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

Obsah adresáře 'Naplánované úlohy'

2010-03-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

.

.

------- Doplňkový sken -------

.

uStart Page = hxxp://www.seznam.cz/

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll

TCP: {3F86A250-F252-43D8-94D0-2235AC1ADD38} = 195.146.99.4,195.146.100.5

FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\nly6hjxw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

.

.

------- Asociace souborů -------

.

txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"

.

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

MSConfigStartUp-365dni - c:\program files\365dníNET\365dniNET.exe

MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-02 17:04

Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen

skryté soubory: 0

**************************************************************************

.

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG11.00.00.01WORKSTATION"="658BB99249DFB655722D04F749C5684EAC3853DDB37FF57BF64E65258624E3FA8A1CA04D38F40684FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14071C46D71176BE3F1FDDD4AF81B09A9BA723B509D41E910E8B13ACEC7D3EAC73457F92E7F2CE401428739C55CFEF972EADE2DB3ACACADE1C8B5AA5ACE9D9F2081BC8B751202E6CAD93D338E4A4540A2812410457A6C062DD726B44F5504DEA697648E4A214C747A1BF7E4825CA93F4AA190F57812CD4B91A0A88E05F082E6D25C6D0400DD91408E8E2F75C8027260B365B21F678B2A036FBF0F84626FD5909324EBAE0E31450996102C8FB03AD4A36B24552F526A504DC931806362A326D02672462D5A177FA9B4CF97E20DF6B7F11E819FE5913841F68D3450062EDB7CC4D02B2A520E14DD7E2CE7BA9376D7C0B6E876A0A1EEF6259C5139339F41AB89F95A2B868B2E6F3F0F57209DDA32494F6D1A1A2D7338E655C958EEE87897BF050B8CC4A93F815DA1290A57AB43BA3F890F32D7D537966C9962FE41AC5AE00308E4BE84C13CEF4094AA2387D4AC7AB8468C0858DE9CA90DEBA9A992BD3E93EDBCD924379D506B396EECEDF0FBF0824A5D2D867B58C70CE88BD95938A12B3EBEAC3898DE2CDE221B118ED37843A2D155D6B917730312A82BDDA129EF7E9F5E4E96C5EDBE8F51E341AA0893B85E05D2F438DF23909522B33080FB56A83C292AA790773A5C347E485A629E24B0DE1B3C101D9399920EB990B881E590A148EDC604D97DEC7FDC159504196ECAFEC6CBB44D5B6D4E5AC0290D8720C0C74E23E1D4D2F636C02F56B8F76E4114F9046B6FA4F13CDEAD0351820118C250D07FCC78F5EF8771AF9DE4891FCA304657A927764A19E8AD46F97B74AC8B2F653FDC6A863A29D219A38BEE7D98C2420BE609D6DE31D741E1D3E8470863B535209FEF2DBBC4E1F75D227F0D55CF21ED89F9686D75647217F851B7FD240C8724E89910D66B4B917CADF99A4A97D1FDE677D57C0FB0E4AC7E60247E374D5722745689F724E56DFB13B8F425CF7142849C6863F1523D1749DD13C6A5C6F1A601C566BF9D41F23622E27623A6EDDEF45513818509F18DAB6EE808E8E6A60555C906189D3B9E50C82E232117D857AD1D480404770CE2DD7A718F78BA2E26AC1D6598E72C2FBB5FB2A3641856DA1F2EBD6F325DA67E536E9810C82F777EEB18D61DB4708C44826CE6525825E4D146C6A6FDD74CD637F8CA721512DCA4489E0DDB294B95D38A0515262BFE26E468415E8E802FD51F6848B1C898248B0248526C7A792D6BE605AD5CCF6AA163BE4EC1A7930BAD547953695C25FCDE88A9487B1D63DF856A764A056761A9D9380989DB19F55F3D3C71928"

.

--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\LMIinit.dll

.

Celkový čas: 2010-03-02 17:06:59

ComboFix-quarantined-files.txt 2010-03-02 16:06

Před spuštěním: 6 151 344 128

Po spuštění: 6 323 818 496

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D41879D372D7C7E11ACFD63260F976A7

#7 Příspěvek od **Caroprd111** » 02 bře 2010 19:07

Najděte a smažte:
c:\windows\pss\winesm32.exe

Obrázek

Jak to vypadá s PC

kubulala · #8 Příspěvek od **kubulala** » 02 bře 2010 19:10

CPU je 2 - 5ti procentech a uvedený soubor se v daném adresáři nenachází. V adresáři c:\windows\pss\ jsou pouze tyto soubory:
boot.ini.backup
system.ini.backup
win.ini.backup

#9 Příspěvek od **Caroprd111** » 02 bře 2010 19:20

Dejte nový log z RSIT.

kubulala · #10 Příspěvek od **kubulala** » 02 bře 2010 19:23

Logfile of random's system information tool 1.06 (written by random/random)

Run by Lada at 2010-03-02 19:22:07

Systém Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (11%) free of 57 GB

Total RAM: 1919 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22:26, on 2.3.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\script\XYNTService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Lada\Plocha\RSIT.exe

C:\Program Files\trend micro\Lada.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy

O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll

O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O17 - HKLM\System\CS1\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: LogMeIn Tray - Unknown owner - C:\script\XYNTService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9515 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]

WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-04-13 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-04-13 491520]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2008-04-12 106496]

"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]

"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-04-12 98393]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-12 688217]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]

"SiSPower"=SiSPower.dll,ModeAgent []

"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-08-25 32768]

"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění

Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2009-10-06 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe"="C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe:*:Enabled:HW Virtual Serial Port Single"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-02 18:41:04 ----SHD---- C:\RECYCLER

2010-03-02 18:40:51 ----D---- C:\_OTM

2010-03-02 17:41:12 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat

2010-03-02 17:24:31 ----D---- C:\Program Files\trend micro

2010-03-02 17:24:30 ----D---- C:\rsit

2010-03-02 17:07:00 ----A---- C:\ComboFix.txt

2010-03-02 16:58:37 ----A---- C:\Boot.bak

2010-03-02 16:58:30 ----RASHD---- C:\cmdcons

2010-03-02 16:55:14 ----A---- C:\WINDOWS\zip.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\sed.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\grep.exe

2010-03-02 16:55:05 ----D---- C:\WINDOWS\ERDNT

2010-03-02 16:52:18 ----D---- C:\Qoobox

2010-03-02 14:13:59 ----A---- C:\WINDOWS\ntbtlog.txt

2010-03-02 14:05:01 ----A---- C:\WindowsXP-KB927891-v3-x86-CSY.exe

2010-03-02 14:03:42 ----A---- C:\windowsupdateagent30-x86.exe

2010-03-02 14:03:40 ----A---- C:\fix_svchost.bat

2010-03-02 09:32:15 ----D---- C:\26a18bf296edf3c510153637e6d76c

2010-02-27 19:52:01 ----RA---- C:\WINDOWS\system32\FTLang.dll

2010-02-27 19:52:00 ----RA---- C:\WINDOWS\system32\ftserui2.dll

2010-02-27 19:51:15 ----RA---- C:\WINDOWS\system32\ftd2xx.dll

2010-02-27 19:51:14 ----RA---- C:\WINDOWS\system32\ftbusui.dll

2010-02-24 09:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-10 11:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-10 11:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-10 11:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-10 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-10 11:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-10 11:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-10 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-10 11:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-10 11:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\SYSTEM.INI

2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\PROTOCOL.INI

2010-02-06 19:16:59 ----D---- C:\Program Files\STIEBEL ELTRON

2010-02-06 19:14:56 ----D---- C:\Documents and Settings\Lada\Data aplikací\HW group

2010-02-06 19:14:37 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP

2010-02-06 19:13:59 ----D---- C:\Program Files\HW group

======List of files/folders modified in the last 1 months======

2010-03-02 19:22:01 ----A---- C:\WINDOWS\TRNCOM.INI

2010-03-02 19:21:32 ----SD---- C:\WINDOWS\Tasks

2010-03-02 19:21:27 ----D---- C:\WINDOWS\Temp

2010-03-02 19:20:34 ----D---- C:\Documents and Settings\Lada\Data aplikací\Skype

2010-03-02 19:18:33 ----D---- C:\Program Files\Mozilla Firefox

2010-03-02 19:16:37 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-02 19:14:12 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-02 18:41:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-03-02 18:41:04 ----D---- C:\WINDOWS\system32

2010-03-02 18:41:04 ----D---- C:\WINDOWS

2010-03-02 17:24:31 ----RD---- C:\Program Files

2010-03-02 17:04:34 ----A---- C:\WINDOWS\system.ini

2010-03-02 17:02:35 ----D---- C:\WINDOWS\system32\drivers

2010-03-02 17:02:35 ----D---- C:\WINDOWS\AppPatch

2010-03-02 17:02:22 ----D---- C:\Program Files\Common Files

2010-03-02 16:58:37 ----RASH---- C:\boot.ini

2010-03-02 16:55:00 ----D---- C:\WINDOWS\system32\LogFiles

2010-03-02 16:38:39 ----A---- C:\WINDOWS\win.ini

2010-03-02 16:37:24 ----D---- C:\Program Files\Internet Explorer

2010-03-02 16:10:52 ----D---- C:\WINDOWS\system32\config

2010-03-02 14:31:33 ----D---- C:\WINDOWS\SoftwareDistribution

2010-03-02 14:22:21 ----D---- C:\WINDOWS\system32\CatRoot

2010-03-02 14:15:45 ----D---- C:\Documents and Settings

2010-03-02 12:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-03-02 11:31:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-03-02 11:29:36 ----D---- C:\WINDOWS\system32\wbem

2010-03-02 11:29:35 ----D---- C:\WINDOWS\Registration

2010-03-02 11:27:22 ----D---- C:\WINDOWS\system32\Restore

2010-03-02 10:01:19 ----SHD---- C:\WINDOWS\CSC

2010-03-02 09:25:50 ----D---- C:\Documents and Settings\Lada\Data aplikací\skypePM

2010-03-02 09:14:42 ----D---- C:\WINDOWS\Prefetch

2010-03-02 07:48:18 ----D---- C:\Program Files\LogMeIn

2010-02-27 19:51:59 ----HD---- C:\WINDOWS\inf

2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe

2010-02-19 09:03:53 ----D---- C:\Stazene

2010-02-18 17:00:56 ----A---- C:\WINDOWS\NeroDigital.ini

2010-02-10 11:17:50 ----A---- C:\WINDOWS\imsins.BAK

2010-02-10 11:17:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-10 11:17:40 ----SHD---- C:\WINDOWS\Installer

2010-02-10 11:17:40 ----D---- C:\Config.Msi

2010-02-06 19:14:52 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-25 11904]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-16 20747]

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2008-04-12 191092]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-12 25280]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]

R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2008-04-12 6100]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2008-04-12 230656]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-03 261632]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-12 32256]

R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2008-04-12 635152]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2008-04-12 13312]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-12 188928]

R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-05-19 27904]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []

S3 a0rmiky0;a0rmiky0; C:\WINDOWS\system32\drivers\a0rmiky0.sys []

S3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]

S3 catchme;catchme; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]

S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]

S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]

S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\WINDOWS\System32\DRIVERS\evserial.sys [2008-05-19 53888]

S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]

S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]

S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2008-04-12 1301488]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2008-04-12 180664]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2008-04-12 95760]

S3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]

S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]

S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-06 116032]

R2 LogMeIn Tray;LogMeIn Tray; C:\script\XYNTService.exe [2008-09-01 45056]

R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-12 45056]

R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-10-16 848888]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]

S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#11 Příspěvek od **Caroprd111** » 02 bře 2010 19:30

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

kubulala · #12 Příspěvek od **kubulala** » 02 bře 2010 19:53

vše hotovo. Mělo by to být tedy vše?

#13 Příspěvek od **Caroprd111** » 02 bře 2010 19:54

Ano, je to vše.

kubulala · #14 Příspěvek od **kubulala** » 02 bře 2010 19:57

Moooc díky

#15 Příspěvek od **Caroprd111** » 02 bře 2010 20:01

Nemáte zač

VIRY.CZ

Vir WINESM32.exe

Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe

Re: Vir WINESM32.exe