VIRY.CZ

ahojte,
chcel by som vas poprosit ci by ste mi mohli pomoct s tymto problemom. zalozil som novy topic (dufam ze spravne) a takisto som si uz spravil log z RSIT.
tak ak by ste sa mi mohli na to prosim pozriet a poradit..

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petko at 2010-03-18 14:14:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 546 MB (3%) free of 20 GB
Total RAM: 3071 MB (85% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1060284298-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1060284298-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Petko\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"28711"=C:\DOCUME~1\Petko\LOCALS~1\Temp\abhhqq.exe [2010-03-18 23040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\cidrive32.exe [2010-03-18 135168]

C:\Documents and Settings\Petko\Nabídka Start\Programy\Po spuštění
ihaupd32.exe
zipdkg32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FTP Commander\Ftpcomm.exe"="C:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm"
"C:\Program Files\BPFTP Server\G6FTPSrv.exe"="C:\Program Files\BPFTP Server\G6FTPSrv.exe:*:Enabled:BPFTP Server for Internet."
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"D:\Games\Valve\hl.exe"="D:\Games\Valve\hl.exe:*:Enabled:hl"
"D:\Games\Dragon Age\bin_ship\daorigins.exe"="D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"D:\Games\Dragon Age\DAOriginsLauncher.exe"="D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Documents and Settings\Petko\Dokumenty\Preberanie\HL-CS\od kosti\hlds.exe"="C:\Documents and Settings\Petko\Dokumenty\Preberanie\HL-CS\od kosti\hlds.exe:*:Enabled:hlds"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\Games\ANNO 1404\tools\Anno4Web.exe"="D:\Games\ANNO 1404\tools\Anno4Web.exe:*:Disabled:Anno4Web"
"C:\Program Files\Mozilla Firefox\PartyPoker_Installer\SmartInstaller.exe"="C:\Program Files\Mozilla Firefox\PartyPoker_Installer\SmartInstaller.exe:*:Enabled:SmartInstaller"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Program Files\CyberLink\PlayMovie\PlayMovie.exe"="C:\Program Files\CyberLink\PlayMovie\PlayMovie.exe:*:Enabled:CyberLink PlayMovie"
"C:\Program Files\CyberLink\PlayMovie\PMVService.exe"="C:\Program Files\CyberLink\PlayMovie\PMVService.exe:*:Enabled:CyberLink PlayMovie Resident Program"
"C:\Program Files\CyberLink\TV Enhance\TVEnhance.exe"="C:\Program Files\CyberLink\TV Enhance\TVEnhance.exe:*:Enabled:CyberLink TVEnhance"
"C:\Program Files\CyberLink\TV Enhance\TVEService.exe"="C:\Program Files\CyberLink\TV Enhance\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\Petko\LOCALS~1\Temp\249.exe"="C:\DOCUME~1\Petko\LOCALS~1\Temp\249.exe:*:C:\WINDOWS\cidrive32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\TV Enhance\TVEnhance.exe"="C:\Program Files\CyberLink\TV Enhance\TVEnhance.exe:*:Enabled:CyberLink TVEnhance"
"C:\Program Files\CyberLink\TV Enhance\TVEService.exe"="C:\Program Files\CyberLink\TV Enhance\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0070c933-211e-11df-988f-001b24c8908d}]
shell\AutoRun\command - G:\NOCHIMA///tonijeto.exe
shell\open\command - G:\NOCHIMA///tonijeto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b87205-ca1c-11de-978a-001b24c8908d}]
shell\AutoRun\command - G:\hjvjte.exe
shell\open\command - G:\hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f2ad75d-aac3-11de-972e-97cc2ee77e49}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc94ea32-b03c-11de-973f-001a73de3f5d}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe

======File associations======

.exe - open - "C:\Documents and Settings\Petko\Local Settings\Data aplikací\ave.exe" /START "%1" %*

======List of files/folders created in the last 1 months======

2010-03-18 14:13:07 ----D---- C:\rsit
2010-03-18 14:13:07 ----D---- C:\Program Files\trend micro
2010-03-18 00:51:51 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-18 00:15:52 ----A---- C:\WINDOWS\system32\reader_s.exe
2010-03-18 00:15:30 ----RSH---- C:\WINDOWS\cidrive32.exe
2010-03-18 00:15:19 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2010-03-18 00:15:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\03381621
2010-03-18 00:15:12 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-03-18 00:15:12 ----A---- C:\lsass.exe
2010-03-06 14:56:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canon
2010-03-06 14:52:20 ----D---- C:\Program Files\Canon
2010-03-04 13:04:32 ----D---- C:\Documents and Settings\Petko\Data aplikací\CyberLink
2010-03-02 21:16:31 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2010-03-02 21:16:29 ----D---- C:\Program Files\PDFCreator
2010-03-02 21:16:29 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2010-03-02 19:33:20 ----A---- C:\WINDOWS\system32\oCLWatson.exe
2010-03-02 19:33:20 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-03-02 19:33:20 ----A---- C:\WINDOWS\system32\CLWatson.ini
2010-03-02 19:32:12 ----D---- C:\Documents and Settings\Petko\Data aplikací\PowerCinema
2010-03-02 19:31:10 ----D---- C:\Program Files\CyberLink
2010-03-02 19:31:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2010-03-02 19:30:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-02-25 02:43:01 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-02-25 02:41:31 ----A---- C:\WINDOWS\system32\PsisDecd.dll

======List of files/folders modified in the last 1 months======

2010-03-18 14:13:07 ----RD---- C:\Program Files
2010-03-18 14:07:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 14:07:16 ----D---- C:\WINDOWS\Temp
2010-03-18 00:53:55 ----D---- C:\WINDOWS\system32
2010-03-18 00:52:51 ----D---- C:\Program Files\Mozilla Firefox
2010-03-18 00:51:51 ----D---- C:\WINDOWS
2010-03-18 00:48:56 ----D---- C:\WINDOWS\Prefetch
2010-03-18 00:15:39 ----D---- C:\WINDOWS\system32\drivers
2010-03-18 00:15:33 ----RSHD---- C:\RECYCLER
2010-03-18 00:15:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-18 00:15:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-17 23:28:01 ----D---- C:\Documents and Settings\Petko\Data aplikací\vlc
2010-03-17 19:48:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-17 18:00:20 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 816 USB WMC Modem.txt
2010-03-17 18:00:16 ----D---- C:\Documents and Settings\Petko\Data aplikací\Skype
2010-03-15 12:26:36 ----SHD---- C:\WINDOWS\Installer
2010-03-09 17:05:32 ----HD---- C:\WINDOWS\inf
2010-03-06 14:57:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-02 19:35:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-02 19:33:44 ----RSD---- C:\WINDOWS\Fonts
2010-02-25 02:37:45 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-08-25 14208]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ldddabb;ldddabb; C:\WINDOWS\System32\drivers\ldddabb.sys [2010-03-18 18528]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\CyberLink\PlayMovie\000.fcl []
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-18 281760]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-18 25888]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-11-08 60800]
S3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-12-18 822272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-04 25280]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-27 581632]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-11-08 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-19 7968448]
S3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 u3kh;ASUS My Cinema U3000 Hybrid; C:\WINDOWS\system32\DRIVERS\u3kh.sys [2007-07-31 1719808]
S3 u3khrc;ASUS Infrared Receiver; C:\WINDOWS\system32\DRIVERS\u3khrc.sys [2007-05-16 13568]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-19 168004]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-10-23 241734]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-10-23 364635]
S2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2008-10-23 172121]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Hezké dopoledne

Parádně zavirovaný počítač

, a ještě mám podezdření na viruta

Běžte do nouzového režimu (po restartu mačkejte F8 - nouzový režim s prací v síti) V nouzovém režimu budte ted pořád

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\Petko\Nabídka Start\Programy\Po spuštění\ihaupd32.exe
C:\Documents and Settings\Petko\Nabídka Start\Programy\Po spuštění\zipdkg32.exe
C:\WINDOWS\cidrive32.exe
C:\WINDOWS\system32\reader_s.exe
C:\WINDOWS\system32\fjhdyfhsn.bat
C:\Documents and Settings\All Users\Data aplikací\03381621
C:\WINDOWS\system32\wuaucldt.exe
C:\lsass.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"28711"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=-

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721
-udělejte sken , co najde nechte léčit, smazat
-sken může trvat několik hodin
-Soubor/Uložit výsledky - uložíte jako textovy soubor a zkopírujete zde

a nebude vadit ze nie som s tym pocitacom pripojeny na internet??

Nevadí

aby som si dostal potrebne programy do pocitaca, tak som si ich stahoval z vedlajsieho pocitaca... par sekund po tom, co som si otm, combofix a web curelt nahral konecne na USB kluc, tak mi zavrelo obidva spustene prehliadace (mozzila a opera) s tym ze sa vyskytol nejaky problem u aplikacii n*****.exe (bol to nejaky krkolomny nazov, aj preto som si ho nezapametal). dal som neodesilat a hned na to mi windows vyhodil modru obrazovku s tym ze sa vyskytol problem a system musi byt restartovany. potom mi zacalo system dokola restartovat, takisto ako na mojom prvom zavirenom pocitaci.
je mozne ze sa tam dostal virus nejakym sposobom cez USB kluc??? lebo ten kluc som si pozicial a prvy krat som tento kluc pouzil ked som si prenasal RSIT. druhykrat, ked som prenasal log.txt, takze povodny virus musel byt u mna. ale akym sposobom sa teda dostal do vedlajsieho pocitaca?
teraz mam trochu strach prenasat subory z ineho pocitaca, aby som neodfajcil dalsi pocitac, lenze priamo na internet sa ani jednym pocitacom nemozem napojit, lebo mi wifi adapter nechce ani na jednom zavirenom pocitaci priradit IP a neviem ci mam ist otravovat suseda s kablom, kedze neviem ci mi to cez ten kabel pojde.
napriek tomu otm, combofix a web curelt uz na kluci mam tak sa skusim pustit do toho prveho pocitaca.
btw. na tom druhom pocitaci neviem ake je heslo na administratora, avsak uzivatel heslo nema. musim nejakym sposobom zistit heslo, alebo by sa dali tieto problemy riesit aj cez uzivatela?

Heslo asi vědět nemusíte, zkuste.
No, pokud je to virut, tak je to stejně na reinstal

.
Pc se mohlo nakazit právě tím virutem

. Nejsem si uplně jistá, zda ho máte, ale v logu jsem viděla soubor, který k virutu patří. Ale může jít klidně i o jiný vir.

Zkuste na tom druhém počítači mačkat F8 a dát bud poslední známou funkční konfiguraci nebo nouzový režim.

Můžete ten první pc projet combofixem, ale můžeme to udělat i jinak. Máte kde vypálit bootovací cd?
Máte inst. cd se stejným sp, jako je v počítači?

na tom druhom som isile hned do nudzoveho, normalne mi win nechcelo ani nacitat. ale v nudzovom mi neslo pripojit na internet.
jj, mam cd s windowsom ako je na tom prvom pocitaci, len neviem aky je na tom druhom, lebo tam to instaloval moj brat. ten pride az zajtra a dovtedy neviem ani heslo na administratora a ani ake je tam XP. ale urcite to bolo instalovane z ineho cd.

tak ako mi radis pri tom prvom pocitaci? mam skusit cez to otm a combofix?? otm cakam uz len na MoveIT! ale spravim ako navrhnes... takze cakam

Takže pro druhý pc založte druhý topic - napište pro Motji

Ano, můžete použít Otm a pokračovat mými pokyny, akorát místo webcureitu použijte bootovací cd webcureit

flešky, pokud můžete, všechny ted zapojte do pc, nebo zformátujte, máte na nich potvůrky.

Dr.Web LiveCD http://www.freedrweb.com/livecd/
-Vypálit ISO obraz
-nabootovat z vypáleného CD a nechat disk zkontrolovat
-co půjde, nechat léčit, ostatní smazat
- Doporučuji aspoň zběžně projít nápovědu je anglicky zrovna tak i program.

Přímé stažení:
ftp://ftp.drweb.com/pub/drweb/livecd/20 ... -5.0.0.iso
Manual:
ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf
Vypalovat v tomto http://www.slunecnice.cz/sw/active-iso-burner/, nebo v něčem kde jde vypálit ISO obraz

A ještě jedna věc - flešku zformátujte

Combofix na tom napadeném počítači vypne autorun, na druhém ho vypneme my. Bude potřeba přenášet logy. Log nahrajte na čistou zformátovanou flešku

U pc, kde budete log stahovat z flešky, vypněte autorun
http://download.viry.cz/tools/autorun.zip

no otm uz mam za sebou, a teraz som skusil combofix. vyhodilo mi ze tento pc nema nainstalovanu konzolu pro zotaveni a ze ci ju chcem stiahnut, avsak kedze nie som pripojeny na net, tak nic stiahnut nemoze.. mam dat ,,ne,,? alebo mam cely proces zrusit a skusit navstivit nejakeho kamarata s internetom?

dejte ne, když tak konzoli pokud bude třeba, stahneme jinak.

tu je otm

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF3.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\tmpB3.tmp moved successfully.
C:\WINDOWS\system32\tmpB4.tmp moved successfully.
C:\Documents and Settings\Petko\Nabídka Start\Programy\Po spuštění\ihaupd32.exe moved successfully.
C:\Documents and Settings\Petko\Nabídka Start\Programy\Po spuštění\zipdkg32.exe moved successfully.
C:\WINDOWS\cidrive32.exe moved successfully.
C:\WINDOWS\system32\reader_s.exe moved successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.
C:\Documents and Settings\All Users\Data aplikací\03381621 folder moved successfully.
C:\WINDOWS\system32\wuaucldt.exe moved successfully.
C:\lsass.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\28711 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Microsoft Driver Setup deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2185889 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petko
->Temp folder emptied: 3139444 bytes
->Temporary Internet Files folder emptied: 33086465 bytes
->FireFox cache emptied: 48599188 bytes
->Google Chrome cache emptied: 27076902 bytes
->Flash cache emptied: 43351 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1086722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110,00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 03192010_134915

tu je combo

ComboFix 10-03-18.02 - Administrator . 03. 2010 14:20:08.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2730 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\potvora.com.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Petko\csrss.exe
c:\documents and settings\Petko\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Petko\Plocha\Security Tool.lnk
c:\documents and settings\Petko\reader_s.exe
c:\documents and settings\Petko\wuaucldt.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-2549289429-4436597595-159614296-2644
c:\recycler\S-1-5-21-2549289429-4436597595-159614296-2644\Desktop.ini
c:\recycler\S-1-5-21-2549289429-4436597595-159614296-2644\vhg32.exe
c:\recycler\S-1-5-21-2750002062-1215566600-853369717-7922
c:\recycler\S-1-5-21-4572716398-8620816807-629734858-4924
c:\recycler\S-1-5-21-4860852506-5419810544-343986315-9782
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\wuaucldt.exe
c:\windows\system32\ieuinit.inf

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{C82ABCB6-08C2-4664-880E-B8F0F2EC24A4}\RP112\A0016581.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 12:49 . 2010-03-19 12:49 -------- d-----w- C:\_OTM
2010-03-18 13:13 . 2010-03-18 13:13 -------- d-----w- C:\rsit
2010-03-18 13:13 . 2010-03-18 13:13 -------- d-----w- c:\program files\trend micro
2010-03-17 23:53 . 2010-03-17 23:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-17 23:15 . 2010-03-17 23:15 18528 ----a-w- c:\windows\system32\drivers\ldddabb.sys
2010-03-17 23:15 . 2010-03-19 13:24 823296 ----a-w- c:\windows\system32\drivers\souuvovw.sys
2010-03-06 13:52 . 2010-03-06 13:58 -------- d-----w- c:\program files\Canon
2010-03-06 13:50 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-06 13:50 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-02 20:16 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-02 20:16 . 2010-03-02 20:16 -------- d-----w- c:\program files\PDFCreator
2010-03-02 20:16 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-02 18:33 . 2008-10-23 00:22 95232 ----a-w- c:\windows\system32\oCLWatson.exe
2010-03-02 18:33 . 2008-10-23 00:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-03-02 18:31 . 2010-03-02 18:34 -------- d-----w- c:\program files\CyberLink
2010-02-25 01:43 . 2004-08-17 14:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-02-25 01:43 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-25 01:42 . 2004-08-03 22:10 15360 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-25 01:42 . 2004-08-03 22:10 15360 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-02-25 01:41 . 2004-08-17 14:49 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-25 01:41 . 2004-08-17 14:49 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-02-25 01:41 . 2004-08-03 22:10 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-02-25 01:41 . 2004-08-03 22:10 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-02-25 01:40 . 2007-07-31 11:18 1719808 ----a-w- c:\windows\system32\drivers\u3kh.sys
2010-02-25 01:40 . 2007-05-16 20:01 13568 ----a-w- c:\windows\system32\drivers\u3khrc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 13:03 . 2001-10-25 13:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-19 13:03 . 2001-10-25 13:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-17 23:18 . 2004-08-03 20:14 212736 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-03-02 18:35 . 2009-09-26 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 15:48 . 2009-11-16 18:13 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-18 15:48 . 2009-11-16 18:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-15 14:36 . 2009-09-26 17:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-15 14:36 . 2009-09-26 17:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-04 21:03 . 2010-02-04 21:03 -------- d-----w- c:\program files\Hamachi
2010-02-04 21:03 . 2010-02-04 21:03 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-02-04 17:31 . 2010-02-04 17:31 -------- d-----w- c:\program files\BRS
2010-02-04 17:27 . 2010-02-04 17:27 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-04 17:27 . 2010-02-04 17:27 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-04 17:27 . 2010-02-04 17:27 -------- d-----w- c:\program files\OpenAL
2010-01-25 19:09 . 2010-01-25 18:43 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-19 18:59 . 2009-11-04 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-31 15:55 . 2009-10-13 20:17 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

------- Sigcheck -------

[-] 2010-03-17 . 558635D3AF1C7546D26067D5D9B6959E . 212736 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-03-17 . 558635D3AF1C7546D26067D5D9B6959E . 212736 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2006-11-08 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-11-08 . 84F5FA7480E5680B8DD5A90CE7D8CA73 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13762560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Games\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PlayMovie\\PlayMovie.exe"=
"c:\\Program Files\\CyberLink\\PlayMovie\\PMVService.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEnhance.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 10. 2009 22:00 721904]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2. 3. 2010 19:32 61424]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2. 3. 2010 19:33 364635]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2. 3. 2010 19:33 172121]
S1 ldddabb;ldddabb;c:\windows\system32\drivers\ldddabb.sys [18. 3. 2010 0:15 18528]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26. 9. 2009 18:49 193840]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [25. 1. 2010 20:01 25832]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [11. 12. 2009 21:16 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [11. 12. 2009 21:17 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [11. 12. 2009 21:17 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [11. 12. 2009 21:18 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [11. 12. 2009 21:19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [11. 12. 2009 21:17 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [11. 12. 2009 21:18 97704]
S3 u3kh;ASUS My Cinema U3000 Hybrid;c:\windows\system32\drivers\u3kh.sys [25. 2. 2010 2:40 1719808]
S3 u3khrc;ASUS Infrared Receiver;c:\windows\system32\drivers\u3khrc.sys [25. 2. 2010 2:40 13568]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - souuvovw

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0070c933-211e-11df-988f-001b24c8908d}]
\Shell\AutoRun\command - G:\NOCHIMA///tonijeto.exe
\Shell\open\command - G:\NOCHIMA///tonijeto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b87205-ca1c-11de-978a-001b24c8908d}]
\Shell\AutoRun\command - G:\hjvjte.exe
\Shell\open\Command - G:\hjvjte.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f2ad75d-aac3-11de-972e-97cc2ee77e49}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.sk/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = proxy.hopa.lan:8080
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petko\Data aplikací\Mozilla\Firefox\Profiles\3hzz7onb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 14:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8ABF1580]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> 0x8ac541f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582368
ParseProcedure -> ntkrnlpa.exe @ 0x80581462
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582368
ParseProcedure -> ntkrnlpa.exe @ 0x80581462 SendCompleteHandler -> NDIS.sys @ 0x8ab1eba0
PacketIndicateHandler -> NDIS.sys @ 0x8ab0da0b
SendHandler -> NDIS.sys @ 0x8ab21b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\souuvovw]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Celkový čas: 2010-03-19 14:26:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-19 13:26

Před spuštěním: 621 969 408
Po spuštění: 1 683 288 064

- - End Of File - - C37FF92BEC7087AD6A24FE89389E7FF8

po restarte ma hodilo do normalneho rezimu. ak treba tak sa este prehodim do nudzoveho...

mam si teraz spravit ten bootovaci webcureit?

Ještě něco domažeme a pak uděláte to bootcd. Na internet Vás už pustí? VYdržte chvilku, jdu sehnat jeden soubor na výměnu

VIRY.CZ

problem so security tool

problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool

Re: problem so security tool