VIRY.CZ

Prosim o kontrolu logu zkousel jsem neuspesne kde co ale nedari se mi vyresit problem s videama na youtube nacte se jen cca 1min videa a pak se to sekne zkousel jsem preinstal ovladace i jiny browser a nic tak mozna bude neco v tom logu snad jsem to udelal spravne

ComboFix 10-03-13.03 - Petr 14.03.2010 15:33:24.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.671 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\recycler\S-1-5-21-2052111302-1647877149-725345543-1004
e:\windows\system32\inter32.dll

Nakažená kopie e:\windows\system32\DRIVERS\nvata.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
Nakažená kopie e:\windows\system32\DRIVERS\nvata.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----w- e:\documents and settings\Administrator\Dokumenty
2010-03-14 13:38 . 2010-03-14 14:21 -------- d-----w- e:\documents and settings\Administrator\Plocha
2010-03-14 13:38 . 2010-03-14 13:38 -------- d-----w- e:\documents and settings\Administrator
2010-03-14 13:38 . 2007-07-02 14:42 -------- d--h--w- e:\documents and settings\Administrator\Okolní tiskárny
2010-03-14 13:38 . 2007-07-02 14:42 -------- d--h--w- e:\documents and settings\Administrator\Okolní síť
2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----w- e:\documents and settings\Administrator\Oblíbené položky
2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----r- e:\documents and settings\Administrator\Nabídka Start
2010-03-14 13:38 . 2007-07-02 12:47 -------- d--h--w- e:\documents and settings\Administrator\Šablony
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 14:50 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-14 14:50 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 13:41 . 2010-03-14 13:40 3808 ----a-w- E:\mapmem.tmp
2010-03-14 13:41 . 2010-03-14 13:40 5311 ----a-w- E:\huadio.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2008-01-18 13:32 . 2008-01-16 18:55 48 --sh--w- e:\windows\S72949288.tmp
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screenshot Captor1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 autorun;autorun;E:\huadio.tmp [14.3.2010 14:40 5311]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 mapmem_dv;mapmem_dv;E:\mapmem.tmp [14.3.2010 14:40 3808]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-zzGBK - G:\setup.exe
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-HTV Agent - e:\program files\HTV\HTV.exe
MSConfigStartUp-IDMan - d:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-SunJavaUpdateSched - e:\program files\Java\jre6\bin\jusched.exe
AddRemove-0C5EDC3653FED5B121F464339EAC12534D253B25 - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-4077F884D1BB007055BDB83B621D87220A73F30F - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-B726756F5B5A5AA9D798B399386FC6205A45F19E - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-{00060000-0000-1004-8002-0000C06B5161} - e:\program files\WIBUKEY\Setup\Setup32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 15:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8696C240]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75dafc3
\Driver\ACPI -> ACPI.sys @ 0xf7427cb8
\Driver\atapi -> atapi.sys @ 0xf73b97b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\E:\huadio.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mapmem_dv]
"ImagePath"="\??\E:\mapmem.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1700)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3716)
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
e:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 15:56:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 14:56

Před spuštěním: Volných bajtů: 24 380 112 896
Po spuštění: Volných bajtů: 25 203 437 568

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 35F1F72B3EE37464023DC9F4E2C8D1EB

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
E:\mapmem.tmp
E:\huadio.tmp
e:\windows\S72949288.tmp
e:\windows\system32\opeD.exe

Driver::
mapmem_dv
autorun

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tady je novy scan.nejak jsem nemohl vypnout nod32 i kdyz jsem ho sestrelil v task manageru tak se znova zapnul..co jsem to vubec udelal?

ComboFix 10-03-13.03 - Petr 14.03.2010 18:58:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.671 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Petr\Dokumenty\TU2010TrialEN-US.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUTORUN
-------\Legacy_MAPMEM_DV
-------\Service_autorun
-------\Service_mapmem_dv


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 14:16 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-14 13:41 . 2010-03-14 13:40 3808 ----a-w- E:\mapmem.tmp
2010-03-14 13:41 . 2010-03-14 13:40 5311 ----a-w- E:\huadio.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2008-01-18 13:32 . 2008-01-16 18:55 48 --sh--w- e:\windows\S72949288.tmp
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 17:55 . 2010-03-14 17:55 16384 e:\windows\Temp\Perflib_Perfdata_278.dat
+ 2010-03-14 18:09 . 2010-03-14 18:09 16384 e:\windows\Temp\Perflib_Perfdata_178.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 19:11
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A6EDA0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1752)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(4040)
e:\windows\system32\ieframe.dll
e:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
e:\windows\system32\webcheck.dll
e:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 19:17:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 18:17
ComboFix2.txt 2010-03-14 14:56

Před spuštěním: Volných bajtů: 24 989 696 000
Po spuštění: Volných bajtů: 24 951 259 136

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CA9D0EFDD1719ADA4AC2E2B9F8EBD2E5

Restartujte do nouz. režimu a v něm znovu spusťte CF tímto skriptem:

Collect::
e:\windows\system32\drivers\Si3114r5_2.sys
E:\mapmem.tmp
E:\huadio.tmp
e:\windows\S72949288.tmp

Driver::
Si3114r5_2

Tak tady to je..

ComboFix 10-03-13.03 - Administrator 14.03.2010 21:04:13.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.816 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}

file zipped: E:\huadio.tmp
file zipped: E:\mapmem.tmp
file zipped: e:\windows\S72949288.tmp
file zipped: e:\windows\system32\drivers\Si3114r5_2.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\huadio.tmp
E:\mapmem.tmp
e:\windows\S72949288.tmp
e:\windows\system32\drivers\Si3114r5_2.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 21:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F65378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7418cb8
\Driver\atapi -> atapi.sys @ 0xf73aa7b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1100)
e:\windows\system32\ieframe.dll
.
Celkový čas: 2010-03-14 21:19:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 20:19
ComboFix2.txt 2010-03-14 18:17
ComboFix3.txt 2010-03-14 14:56

Před spuštěním: Volných bajtů: 24 976 695 296
Po spuštění: Volných bajtů: 24 939 163 648

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCB8A7533EAB9AD50C5955DE70A849F6

Položky smazány. Ještě poprosím:

1. Otestujte soubor e:\windows\system32\opeD.exe online na www.virustotal.com .
2. Prověřte MBR pomocí: http://www2.gmer.net/mbr/mbr.exe . Dejte log.

dekuji

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


ten soubor se mi zatim nedari nahrat budu to zkouset

aha soubor oped.exe tady nemam jen oped.tmp a to vyplivlo toto:

0 bytes size received / Se ha recibido un archivo vacio

to je ono?

MBR je v pořádku. Zkuste do okénka zkopírovat cestu k souboru.

tak to naslo toto je to vir? jak s nim pryc?
bylo to moje pc hodne zaneradeny?

http://www.virustotal.com/cs/reanalisis ... 1268667573

Spusťte CF ještě jednou tímto skriptem:

Collect::
e:\windows\system32\opeD.exe

ComboFix 10-03-13.03 - Petr 15.03.2010 19:15:07.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.674 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý


file zipped: e:\windows\system32\opeD.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\opeD.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 17:59 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-15 17:23 . 2010-03-15 17:23 -------- d-----w- e:\program files\CCleaner
2010-03-15 17:06 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 17:06 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-15 17:06 . 2010-03-15 17:06 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-15 15:57 . 2010-03-15 15:55 524288 ----a-w- E:\f5d7132v1_uk_05.01.11.bin
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 18:28 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-15 18:28 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-15 14:50 . 2010-03-15 14:50 0 --sh--w- e:\windows\S72949288.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 18:26 . 2010-03-15 18:26 16384 e:\windows\temp\Perflib_Perfdata_284.dat
+ 2010-03-15 18:02 . 2010-03-15 18:02 16384 e:\windows\temp\Perflib_Perfdata_154.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-15 18:28 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-15 15:55 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-15 18:28 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 19:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A048A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1864)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2732)
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 19:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 18:34
ComboFix2.txt 2010-03-14 20:19
ComboFix3.txt 2010-03-14 18:17
ComboFix4.txt 2010-03-14 14:56

Před spuštěním: Volných bajtů: 24 664 236 032
Po spuštění: Volných bajtů: 24 620 703 744

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2E5F97036EECBF5BAFFCA09F41481979

Pořád se něco vrací. Udělejte sken Icesword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.

process

Process:

System Idle Process
System
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Crypserv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ESET\nod32krn.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\DOCUME~1\Petr\LOCALS~1\temp\Rar$EX00.250\IceSword122en\IceSword.exe
C:\Program Files\WinRAR\WinRAR.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\alg.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\soundman.exe
E:\Program Files\BitTorrent\bittorrent.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Java\jre6\launch4j-tmp\frd.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
d347bus.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
Si3114r5.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
d347prt.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Combo-Fix.sys
ubsbm.sys
ub1394.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ubohci.sys
\SystemRoot\System32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\irsir.sys
\SystemRoot\System32\DRIVERS\irenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasirda.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ubsbp2.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\phtvtune.sys
\SystemRoot\System32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\drivers\khips.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\DRIVERS\irda.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\E:\WINDOWS\system32\drivers\amon.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\ubumapi.sys
\SystemRoot\SYSTEM32\DRIVERS\Wibukey.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\E:\ComboFix\catchme.sys
\??\E:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll