VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir WINESM32.exe

https://forum.viry.cz:443/viewtopic.php?t=98389

Stránka 1 z 1

Vir WINESM32.exe

Napsal: 02 bře 2010 17:41
od kubulala
Dobrý den, potřeboval bych rovněž pomoci s odstraněním viru winesm32.exe
Od dnešního rána se mi začal v běžících procesech objevovat jeden ze svchost procesů, který vytěžuje procesor na 99%. Po vyčištění spybotem mi již nic nenachází, ale Microsoft Security Essentials mi stále po spuštění windows maže nějaký trojan a zobrazuje hlášení že se v nabídce start po spuštění vyskytuje winesm32.exe Prosím tedy o pomoc s odstraněním.


Zde je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Lada at 2010-03-02 17:24:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (11%) free of 57 GB
Total RAM: 1919 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:55, on 2.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lada\Plocha\RSIT.exe
C:\Program Files\trend micro\Lada.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LogMeIn Tray - Unknown owner - C:\script\XYNTService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-04-13 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-04-13 491520]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2008-04-12 106496]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-04-12 98393]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-12 688217]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"SiSPower"=SiSPower.dll,ModeAgent []
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-08-25 32768]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe [2008-04-14 29696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-06 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe"="C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe:*:Enabled:HW Virtual Serial Port Single"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-02 17:24:31 ----D---- C:\Program Files\trend micro
2010-03-02 17:24:30 ----D---- C:\rsit
2010-03-02 17:07:00 ----A---- C:\ComboFix.txt
2010-03-02 16:58:37 ----A---- C:\Boot.bak
2010-03-02 16:58:30 ----RASHD---- C:\cmdcons
2010-03-02 16:55:14 ----A---- C:\WINDOWS\zip.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWSC.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWREG.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\sed.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\PEV.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\MBR.exe
2010-03-02 16:55:14 ----A---- C:\WINDOWS\grep.exe
2010-03-02 16:55:05 ----D---- C:\WINDOWS\ERDNT
2010-03-02 16:52:18 ----D---- C:\Qoobox
2010-03-02 14:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-02 14:05:01 ----A---- C:\WindowsXP-KB927891-v3-x86-CSY.exe
2010-03-02 14:03:42 ----A---- C:\windowsupdateagent30-x86.exe
2010-03-02 14:03:40 ----A---- C:\fix_svchost.bat
2010-03-02 09:32:15 ----D---- C:\26a18bf296edf3c510153637e6d76c
2010-02-27 19:52:01 ----RA---- C:\WINDOWS\system32\FTLang.dll
2010-02-27 19:52:00 ----RA---- C:\WINDOWS\system32\ftserui2.dll
2010-02-27 19:51:15 ----RA---- C:\WINDOWS\system32\ftd2xx.dll
2010-02-27 19:51:14 ----RA---- C:\WINDOWS\system32\ftbusui.dll
2010-02-24 09:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 11:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\SYSTEM.INI
2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\PROTOCOL.INI
2010-02-06 19:16:59 ----D---- C:\Program Files\STIEBEL ELTRON
2010-02-06 19:14:56 ----D---- C:\Documents and Settings\Lada\Data aplikací\HW group
2010-02-06 19:14:37 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-06 19:13:59 ----D---- C:\Program Files\HW group

======List of files/folders modified in the last 1 months======

2010-03-02 17:24:31 ----RD---- C:\Program Files
2010-03-02 17:24:18 ----A---- C:\WINDOWS\TRNCOM.INI
2010-03-02 17:07:09 ----D---- C:\WINDOWS\Temp
2010-03-02 17:04:34 ----D---- C:\WINDOWS
2010-03-02 17:04:34 ----A---- C:\WINDOWS\system.ini
2010-03-02 17:03:29 ----D---- C:\WINDOWS\system32
2010-03-02 17:02:35 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 17:02:35 ----D---- C:\WINDOWS\AppPatch
2010-03-02 17:02:22 ----D---- C:\Program Files\Common Files
2010-03-02 16:59:54 ----SD---- C:\WINDOWS\Tasks
2010-03-02 16:59:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-02 16:58:37 ----RASH---- C:\boot.ini
2010-03-02 16:55:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-02 16:55:00 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-02 16:38:39 ----A---- C:\WINDOWS\win.ini
2010-03-02 16:37:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-02 16:37:24 ----D---- C:\Program Files\Internet Explorer
2010-03-02 16:10:52 ----D---- C:\WINDOWS\system32\config
2010-03-02 14:31:33 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-02 14:22:21 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-02 14:15:45 ----D---- C:\Documents and Settings
2010-03-02 12:25:31 ----D---- C:\Program Files\Mozilla Firefox
2010-03-02 12:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-02 11:31:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-02 11:29:36 ----D---- C:\WINDOWS\system32\wbem
2010-03-02 11:29:35 ----D---- C:\WINDOWS\Registration
2010-03-02 11:27:22 ----D---- C:\WINDOWS\system32\Restore
2010-03-02 11:18:10 ----D---- C:\Documents and Settings\Lada\Data aplikací\Skype
2010-03-02 10:01:19 ----SHD---- C:\WINDOWS\CSC
2010-03-02 09:25:50 ----D---- C:\Documents and Settings\Lada\Data aplikací\skypePM
2010-03-02 09:14:42 ----D---- C:\WINDOWS\Prefetch
2010-03-02 07:48:18 ----D---- C:\Program Files\LogMeIn
2010-02-27 19:51:59 ----HD---- C:\WINDOWS\inf
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-19 09:03:53 ----D---- C:\Stazene
2010-02-18 17:00:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-10 11:17:50 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 11:17:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:17:40 ----SHD---- C:\WINDOWS\Installer
2010-02-10 11:17:40 ----D---- C:\Config.Msi
2010-02-06 19:14:52 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-25 11904]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-16 20747]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2008-04-12 191092]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-12 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2008-04-12 6100]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2008-04-12 230656]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-03 261632]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-12 32256]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2008-04-12 635152]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2008-04-12 13312]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-12 188928]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-05-19 27904]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
S3 catchme;catchme; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\WINDOWS\System32\DRIVERS\evserial.sys [2008-05-19 53888]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]
S3 mbr;mbr; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2008-04-12 1301488]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2008-04-12 180664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2008-04-12 95760]
S3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-06 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-10-16 848888]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LogMeIn Tray;LogMeIn Tray; C:\script\XYNTService.exe [2008-09-01 45056]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-12 45056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 17:44
od Caroprd111
Zdravím :)

Na logu se pracuje, prosím o strpení.

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 17:57
od Caroprd111
Obrázek Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript.

Kód: Vybrat vše

:files
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]

:commands
[EmptyTemp]
[Reboot]

Obrázek Vložte sem log C:\ComboFix.txt

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 18:54
od kubulala
Mám tedy spustit i ComboFix a přiložit log z něj nebo chcete log z OTM? Ten je zde:



All processes killed
========== FILES ==========
File move failed. C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Bruk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Lada
->Temp folder emptied: 1669471 bytes
->Temporary Internet Files folder emptied: 3646412 bytes
->Java cache emptied: 1083799 bytes
->FireFox cache emptied: 40664974 bytes
->Flash cache emptied: 20224 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService
->Temp folder emptied: 4554 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 18790344 bytes
%systemroot%\System32\dllcache .tmp files removed: 57344 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10321 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65,00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 03022010_184051

Files moved on Reboot...
C:\Documents and Settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temp\~DFE8D.tmp moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\afr[1].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\afr[2].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\Content.IE5\WT3WM6LE\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Lada\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 18:58
od Caroprd111
Vložte sem log, který se nachází v C:\ComboFix.txt

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:02
od kubulala
tak tady je. ale je to ten původní log, který byl vytvořen ještě před spuštěním OTM co jsem pouštěl před chvíli.


ComboFix 10-03-01.04 - Lada 02.03.2010 17:00:02.1.1 - x86

Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1415 [GMT 1:00]

Spuštěný z: c:\documents and settings\Lada\Plocha\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.



((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\win.ini



.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-02 do 2010-03-02 )))))))))))))))))))))))))))))))

.



2010-03-02 13:05 . 2010-03-02 10:01 1273224 ----a-w- C:\WindowsXP-KB927891-v3-x86-CSY.exe

2010-03-02 13:03 . 2010-03-02 10:02 6216032 ----a-w- C:\windowsupdateagent30-x86.exe

2010-03-02 13:03 . 2010-03-02 10:02 3038 ----a-w- C:\fix_svchost.bat

2010-03-02 10:29 . 2010-03-02 10:29 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-02 08:32 . 2010-03-02 10:29 -------- d-----w- C:\26a18bf296edf3c510153637e6d76c

2010-03-02 08:04 . 2008-04-13 23:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-03-02 08:04 . 2008-04-13 23:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-03-02 08:04 . 2008-04-13 23:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-03-02 08:04 . 2008-04-13 23:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-03-02 08:02 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-03-02 08:02 . 2008-04-13 23:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-02-27 18:52 . 2007-06-27 06:10 107840 ----a-r- c:\windows\system32\FTLang.dll

2010-02-27 18:52 . 2007-06-27 06:06 47432 ----a-r- c:\windows\system32\ftserui2.dll

2010-02-27 18:52 . 2007-06-27 06:04 71488 ----a-r- c:\windows\system32\drivers\ftser2k.sys

2010-02-27 18:51 . 2007-06-27 06:10 202048 ----a-r- c:\windows\system32\ftd2xx.dll

2010-02-27 18:51 . 2007-06-27 06:10 111936 ----a-r- c:\windows\system32\ftbusui.dll

2010-02-27 18:51 . 2007-06-27 06:05 53184 ----a-r- c:\windows\system32\drivers\ftdibus.sys

2010-02-06 18:16 . 2010-02-06 18:16 -------- d-----w- c:\program files\STIEBEL ELTRON

2010-02-06 18:15 . 2008-05-19 15:01 53888 ----a-w- c:\windows\system32\drivers\evserial.sys

2010-02-06 18:14 . 2010-02-06 18:14 -------- d-----w- c:\temp\comsoft_stiebel_eltron_-_vers._3.4.0_rev

2010-02-06 18:14 . 2008-05-19 15:01 27904 ----a-w- c:\windows\system32\drivers\evsbc.sys

2010-02-06 18:13 . 2010-02-06 18:13 -------- d-----w- c:\program files\HW group

2010-02-06 18:06 . 2010-01-30 22:42 2129840 ----a-w- c:\temp\hw-vsp3-single_3-1-0.exe

2010-02-01 17:25 . 2010-02-01 17:25 -------- d-----w- c:\program files\Network Stumbler



.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-02 11:05 . 2008-08-09 19:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-03-02 10:31 . 2006-03-02 12:00 441324 ----a-w- c:\windows\system32\perfh005.dat

2010-03-02 10:31 . 2006-03-02 12:00 83940 ----a-w- c:\windows\system32\perfc005.dat

2010-03-02 06:48 . 2008-09-01 18:50 -------- d-----w- c:\program files\LogMeIn

2010-02-24 08:16 . 2009-11-01 10:39 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-01-26 11:50 . 2010-01-26 11:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-16 21:32 . 2009-06-22 07:06 -------- d-----w- c:\program files\Common Files\Nokia

2010-01-16 21:32 . 2008-07-14 19:36 -------- d-----w- c:\program files\Nokia

2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 09:57 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-17 07:42 . 2008-04-12 11:01 343552 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:11 . 2006-03-02 12:00 2191360 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:11 . 2004-08-17 15:45 2068224 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2008-04-12 106496]

"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-12 98393]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-12 688217]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"SiSPower"="SiSPower.dll" [2005-08-25 49152]

"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-08-25 32768]

"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]



c:\documents and settings\Lada\Nabˇdka Start\Programy\Po spuçtŘnˇ\

winesm32.exe [2008-4-14 29696]



c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\

Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-1-16 593920]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-4-12 262144]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-06 07:31 87352 ----a-w- c:\windows\system32\LMIinit.dll



[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"



[HKLM\~\startupfolder\C:^Documents and Settings^Lada^Nabídka Start^Programy^Po spuštění^winesm32.exe]

path=c:\documents and settings\Lada\Nabídka Start\Programy\Po spuštění\winesm32.exe

backup=c:\windows\pss\winesm32.exeStartup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2008-02-22 15:58 217544 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-11-10 04:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\TC PowerPack\\TOTALCMD.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HW group\\HW VSP3s\\HW_VSP3s.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)



R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28.2.2008 14:31 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1.9.2008 19:51 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3.10.2008 18:43 203280]

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [12.4.2008 19:07 191092]

R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [12.4.2008 19:07 6100]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [6.2.2010 19:14 27904]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 9:01 716272]

S2 LogMeIn Tray;LogMeIn Tray;c:\script\XYNTService.exe [1.9.2008 19:51 45056]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [6.2.2010 19:15 53888]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

Obsah adresáře 'Naplánované úlohy'



2010-03-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]

.

.

------- Doplňkový sken -------

.

uStart Page = hxxp://www.seznam.cz/

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll

IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll

TCP: {3F86A250-F252-43D8-94D0-2235AC1ADD38} = 195.146.99.4,195.146.100.5

FF - ProfilePath - c:\documents and settings\Lada\Data aplikací\Mozilla\Firefox\Profiles\nly6hjxw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll



---- NASTAVENÍ FIREFOXU ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

.

.

------- Asociace souborů -------

.

txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"

.

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -



HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

MSConfigStartUp-365dni - c:\program files\365dníNET\365dniNET.exe

MSConfigStartUp-BMISR - c:\program files\KYE\WebMate\BM.exe







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-02 17:04

Windows 5.1.2600 Service Pack 3 NTFS



skenování skrytých procesů ...



skenování skrytých položek 'Po spuštění' ...



skenování skrytých souborů ...



sken byl úspešně dokončen

skryté soubory: 0



**************************************************************************

.

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------



[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG11.00.00.01WORKSTATION"="658BB99249DFB655722D04F749C5684EAC3853DDB37FF57BF64E65258624E3FA8A1CA04D38F40684FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14071C46D71176BE3F1FDDD4AF81B09A9BA723B509D41E910E8B13ACEC7D3EAC73457F92E7F2CE401428739C55CFEF972EADE2DB3ACACADE1C8B5AA5ACE9D9F2081BC8B751202E6CAD93D338E4A4540A2812410457A6C062DD726B44F5504DEA697648E4A214C747A1BF7E4825CA93F4AA190F57812CD4B91A0A88E05F082E6D25C6D0400DD91408E8E2F75C8027260B365B21F678B2A036FBF0F84626FD5909324EBAE0E31450996102C8FB03AD4A36B24552F526A504DC931806362A326D02672462D5A177FA9B4CF97E20DF6B7F11E819FE5913841F68D3450062EDB7CC4D02B2A520E14DD7E2CE7BA9376D7C0B6E876A0A1EEF6259C5139339F41AB89F95A2B868B2E6F3F0F57209DDA32494F6D1A1A2D7338E655C958EEE87897BF050B8CC4A93F815DA1290A57AB43BA3F890F32D7D537966C9962FE41AC5AE00308E4BE84C13CEF4094AA2387D4AC7AB8468C0858DE9CA90DEBA9A992BD3E93EDBCD924379D506B396EECEDF0FBF0824A5D2D867B58C70CE88BD95938A12B3EBEAC3898DE2CDE221B118ED37843A2D155D6B917730312A82BDDA129EF7E9F5E4E96C5EDBE8F51E341AA0893B85E05D2F438DF23909522B33080FB56A83C292AA790773A5C347E485A629E24B0DE1B3C101D9399920EB990B881E590A148EDC604D97DEC7FDC159504196ECAFEC6CBB44D5B6D4E5AC0290D8720C0C74E23E1D4D2F636C02F56B8F76E4114F9046B6FA4F13CDEAD0351820118C250D07FCC78F5EF8771AF9DE4891FCA304657A927764A19E8AD46F97B74AC8B2F653FDC6A863A29D219A38BEE7D98C2420BE609D6DE31D741E1D3E8470863B535209FEF2DBBC4E1F75D227F0D55CF21ED89F9686D75647217F851B7FD240C8724E89910D66B4B917CADF99A4A97D1FDE677D57C0FB0E4AC7E60247E374D5722745689F724E56DFB13B8F425CF7142849C6863F1523D1749DD13C6A5C6F1A601C566BF9D41F23622E27623A6EDDEF45513818509F18DAB6EE808E8E6A60555C906189D3B9E50C82E232117D857AD1D480404770CE2DD7A718F78BA2E26AC1D6598E72C2FBB5FB2A3641856DA1F2EBD6F325DA67E536E9810C82F777EEB18D61DB4708C44826CE6525825E4D146C6A6FDD74CD637F8CA721512DCA4489E0DDB294B95D38A0515262BFE26E468415E8E802FD51F6848B1C898248B0248526C7A792D6BE605AD5CCF6AA163BE4EC1A7930BAD547953695C25FCDE88A9487B1D63DF856A764A056761A9D9380989DB19F55F3D3C71928"

.

--------------------- Knihovny navázané na běžící procesy ---------------------



- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\LMIinit.dll

.

Celkový čas: 2010-03-02 17:06:59

ComboFix-quarantined-files.txt 2010-03-02 16:06



Před spuštěním: 6 151 344 128

Po spuštění: 6 323 818 496



WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect



- - End Of File - - D41879D372D7C7E11ACFD63260F976A7

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:07
od Caroprd111
Obrázek Najděte a smažte:
c:\windows\pss\winesm32.exe



Obrázek Jak to vypadá s PC :???:

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:10
od kubulala
CPU je 2 - 5ti procentech a uvedený soubor se v daném adresáři nenachází. V adresáři c:\windows\pss\ jsou pouze tyto soubory:
boot.ini.backup
system.ini.backup
win.ini.backup

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:20
od Caroprd111
Dejte nový log z RSIT.

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:23
od kubulala
Logfile of random's system information tool 1.06 (written by random/random)

Run by Lada at 2010-03-02 19:22:07

Systém Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (11%) free of 57 GB

Total RAM: 1919 MB (66% free)



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22:26, on 2.3.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\script\XYNTService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Lada\Plocha\RSIT.exe

C:\Program Files\trend micro\Lada.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy

O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll

O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll

O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O17 - HKLM\System\CS1\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{3F86A250-F252-43D8-94D0-2235AC1ADD38}: NameServer = 195.146.99.4,195.146.100.5

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: LogMeIn Tray - Unknown owner - C:\script\XYNTService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe



--

End of file - 9515 bytes



======Scheduled tasks folder======



C:\WINDOWS\tasks\MP Scheduled Scan.job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]

WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-04-13 491520]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-04-13 491520]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]





[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2008-04-12 106496]

"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]

"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-04-12 98393]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-12 688217]

"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]

"SiSPower"=SiSPower.dll,ModeAgent []

"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-08-25 32768]

"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]



C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění

Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2009-10-06 87352]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Program Files\TC PowerPack\TOTALCMD.EXE"="C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe"="C:\Program Files\HW group\HW VSP3s\HW_VSP3s.exe:*:Enabled:HW Virtual Serial Port Single"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



======File associations======



.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"



======List of files/folders created in the last 1 months======



2010-03-02 18:41:04 ----SHD---- C:\RECYCLER

2010-03-02 18:40:51 ----D---- C:\_OTM

2010-03-02 17:41:12 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat

2010-03-02 17:24:31 ----D---- C:\Program Files\trend micro

2010-03-02 17:24:30 ----D---- C:\rsit

2010-03-02 17:07:00 ----A---- C:\ComboFix.txt

2010-03-02 16:58:37 ----A---- C:\Boot.bak

2010-03-02 16:58:30 ----RASHD---- C:\cmdcons

2010-03-02 16:55:14 ----A---- C:\WINDOWS\zip.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWSC.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\SWREG.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\sed.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\PEV.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\NIRCMD.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\MBR.exe

2010-03-02 16:55:14 ----A---- C:\WINDOWS\grep.exe

2010-03-02 16:55:05 ----D---- C:\WINDOWS\ERDNT

2010-03-02 16:52:18 ----D---- C:\Qoobox

2010-03-02 14:13:59 ----A---- C:\WINDOWS\ntbtlog.txt

2010-03-02 14:05:01 ----A---- C:\WindowsXP-KB927891-v3-x86-CSY.exe

2010-03-02 14:03:42 ----A---- C:\windowsupdateagent30-x86.exe

2010-03-02 14:03:40 ----A---- C:\fix_svchost.bat

2010-03-02 09:32:15 ----D---- C:\26a18bf296edf3c510153637e6d76c

2010-02-27 19:52:01 ----RA---- C:\WINDOWS\system32\FTLang.dll

2010-02-27 19:52:00 ----RA---- C:\WINDOWS\system32\ftserui2.dll

2010-02-27 19:51:15 ----RA---- C:\WINDOWS\system32\ftd2xx.dll

2010-02-27 19:51:14 ----RA---- C:\WINDOWS\system32\ftbusui.dll

2010-02-24 09:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-10 11:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-10 11:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-10 11:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-10 11:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-10 11:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-10 11:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-10 11:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-10 11:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-10 11:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\SYSTEM.INI

2010-02-06 19:17:05 ----A---- C:\WINDOWS\system32\PROTOCOL.INI

2010-02-06 19:16:59 ----D---- C:\Program Files\STIEBEL ELTRON

2010-02-06 19:14:56 ----D---- C:\Documents and Settings\Lada\Data aplikací\HW group

2010-02-06 19:14:37 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP

2010-02-06 19:13:59 ----D---- C:\Program Files\HW group



======List of files/folders modified in the last 1 months======



2010-03-02 19:22:01 ----A---- C:\WINDOWS\TRNCOM.INI

2010-03-02 19:21:32 ----SD---- C:\WINDOWS\Tasks

2010-03-02 19:21:27 ----D---- C:\WINDOWS\Temp

2010-03-02 19:20:34 ----D---- C:\Documents and Settings\Lada\Data aplikací\Skype

2010-03-02 19:18:33 ----D---- C:\Program Files\Mozilla Firefox

2010-03-02 19:16:37 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-02 19:14:12 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-02 18:41:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-03-02 18:41:04 ----D---- C:\WINDOWS\system32

2010-03-02 18:41:04 ----D---- C:\WINDOWS

2010-03-02 17:24:31 ----RD---- C:\Program Files

2010-03-02 17:04:34 ----A---- C:\WINDOWS\system.ini

2010-03-02 17:02:35 ----D---- C:\WINDOWS\system32\drivers

2010-03-02 17:02:35 ----D---- C:\WINDOWS\AppPatch

2010-03-02 17:02:22 ----D---- C:\Program Files\Common Files

2010-03-02 16:58:37 ----RASH---- C:\boot.ini

2010-03-02 16:55:00 ----D---- C:\WINDOWS\system32\LogFiles

2010-03-02 16:38:39 ----A---- C:\WINDOWS\win.ini

2010-03-02 16:37:24 ----D---- C:\Program Files\Internet Explorer

2010-03-02 16:10:52 ----D---- C:\WINDOWS\system32\config

2010-03-02 14:31:33 ----D---- C:\WINDOWS\SoftwareDistribution

2010-03-02 14:22:21 ----D---- C:\WINDOWS\system32\CatRoot

2010-03-02 14:15:45 ----D---- C:\Documents and Settings

2010-03-02 12:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-03-02 11:31:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-03-02 11:29:36 ----D---- C:\WINDOWS\system32\wbem

2010-03-02 11:29:35 ----D---- C:\WINDOWS\Registration

2010-03-02 11:27:22 ----D---- C:\WINDOWS\system32\Restore

2010-03-02 10:01:19 ----SHD---- C:\WINDOWS\CSC

2010-03-02 09:25:50 ----D---- C:\Documents and Settings\Lada\Data aplikací\skypePM

2010-03-02 09:14:42 ----D---- C:\WINDOWS\Prefetch

2010-03-02 07:48:18 ----D---- C:\Program Files\LogMeIn

2010-02-27 19:51:59 ----HD---- C:\WINDOWS\inf

2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe

2010-02-19 09:03:53 ----D---- C:\Stazene

2010-02-18 17:00:56 ----A---- C:\WINDOWS\NeroDigital.ini

2010-02-10 11:17:50 ----A---- C:\WINDOWS\imsins.BAK

2010-02-10 11:17:42 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-10 11:17:40 ----SHD---- C:\WINDOWS\Installer

2010-02-10 11:17:40 ----D---- C:\Config.Msi

2010-02-06 19:14:52 ----D---- C:\temp



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-08-25 11904]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-16 20747]

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2008-04-12 191092]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-12 25280]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]

R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2008-04-12 6100]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2008-04-12 230656]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-09-03 261632]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-12 32256]

R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2008-04-12 635152]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2008-04-12 13312]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-12 188928]

R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-05-19 27904]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []

S3 a0rmiky0;a0rmiky0; C:\WINDOWS\system32\drivers\a0rmiky0.sys []

S3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]

S3 catchme;catchme; \??\C:\DOCUME~1\Lada\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]

S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]

S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]

S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\WINDOWS\System32\DRIVERS\evserial.sys [2008-05-19 53888]

S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2007-06-27 53184]

S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2007-06-27 71488]

S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2008-04-12 1301488]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2008-04-12 180664]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2008-04-12 95760]

S3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]

S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]

S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-06 116032]

R2 LogMeIn Tray;LogMeIn Tray; C:\script\XYNTService.exe [2008-09-01 45056]

R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-12 45056]

R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-10-16 848888]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]

S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]



-----------------EOF-----------------

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:30
od Caroprd111
Obrázek Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Obrázek Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.


Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

  • Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
  • Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

    Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
    Obrázek OK Obrázek Zavřít

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:53
od kubulala
vše hotovo. Mělo by to být tedy vše?

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:54
od Caroprd111
Ano, je to vše. :)

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 19:57
od kubulala
Moooc díky :)

Re: Vir WINESM32.exe

Napsal: 02 bře 2010 20:01
od Caroprd111
Nemáte zač :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz