Prosím o pomoc s Policie ČR

[Dzybry]

Dobrý den.

Na notebooku se mi 1x objevila výše zmíněná hláška a nyní i po restartech s ním nejde pracovat, většinou se objeví na chvíli plocha, která pak zbělá a už se nic neděje. Nouzový režim mi funguje pouze pod administratorem, pod mým účtem nejde spustit.

Předem děkuji za jakoukoliv pomoc.

[vyosek]

Zdravim, pekny den preji a vitam Vas u nas na foru

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

[Dzybry]

Tak tady je ten rkill - šel pustit normálně

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2012 01:32:56 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí modelu COM+ (EventSystem) is not Running.
Startup Type set to: Manual

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* Ovladač IPSEC (IPSec) is not Running.
Startup Type set to: System

* Rozhraní NetBios nad protokolem TCP/IP (NetBT) is not Running.
Startup Type set to: System

* Ovladač protokolu TCP/IP (Tcpip) is not Running.
Startup Type set to: System

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/13/2012 01:33:49 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)



a ještě ten rsid

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-11-13 13:34:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (26%) free of 51 GB
Total RAM: 2043 MB (86% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-09 16862208]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2008-07-09 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-09 1028096]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-27 466944]
"Boot"=C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe [2007-12-25 579584]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-10 13541376]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-10 86016]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-09-01 858632]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-01-13 3686400]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"eRecoveryService"=C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-07-11 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-02-02 45056]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Acer Empowering Technology.lnk - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-01-13 3077120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"consentpromptbehavioradmin"=0
"enableinstallerdetection"=0
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dkabcoms.exe"="C:\WINDOWS\system32\dkabcoms.exe:*:Enabled:Dell Enhanced TCP/IP"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Alwil Software\Avast4\AvAgent.exe"="C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\KONICA MINOLTA\bizhub C20\Scanner\BZC20NUT.exe"="C:\Program Files\KONICA MINOLTA\bizhub C20\Scanner\BZC20NUT.exe:*:Enabled:BZC20NUT"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dkabcoms.exe"="C:\WINDOWS\system32\dkabcoms.exe:*:Enabled:Dell Enhanced TCP/IP Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-11-13 13:34:54 ----D---- C:\Program Files\trend micro
2012-11-13 13:34:53 ----D---- C:\rsit
2012-11-13 13:22:13 ----SD---- C:\uninstall
2012-11-13 13:17:36 ----D---- C:\WINDOWS\erdnt
2012-11-13 10:57:20 ----D---- C:\Documents and Settings\Administrator\Data aplikací\HP
2012-11-13 10:02:38 ----D---- C:\WINDOWS\temp
2012-11-13 08:44:53 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2012-11-13 13:34:54 ----RD---- C:\Program Files
2012-11-13 13:32:56 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-13 13:32:50 ----A---- C:\WINDOWS\wincmd.ini
2012-11-13 13:25:38 ----D---- C:\WINDOWS\system32\Restore
2012-11-13 13:25:37 ----SHD---- C:\System Volume Information
2012-11-13 13:23:16 ----D---- C:\WINDOWS
2012-11-13 13:22:10 ----AD---- C:\WINDOWS\system32\drivers
2012-11-13 13:19:18 ----AD---- C:\WINDOWS\system32
2012-11-13 11:10:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-13 11:08:41 ----D---- C:\WINDOWS\Prefetch
2012-11-13 11:07:50 ----A---- C:\WINDOWS\ModemLog_Nokia Phone Bluetooth Modem.txt
2012-11-13 11:07:50 ----A---- C:\WINDOWS\ModemLog_Nokia Phone Bluetooth Modem #2.txt
2012-11-13 11:07:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2012-11-13 11:07:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2012-11-13 11:07:44 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2012-11-13 10:58:06 ----D---- C:\Program Files\Mozilla Firefox
2012-11-13 10:58:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-13 10:01:46 ----SD---- C:\WINDOWS\Tasks
2012-11-13 10:00:41 ----A---- C:\WINDOWS\system.ini
2012-11-13 10:00:33 ----D---- C:\WINDOWS\system32\drivers\etc
2012-11-13 09:54:13 ----D---- C:\WINDOWS\AppPatch
2012-11-13 09:54:09 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 AlfaFF;AlfaFF File System mini-filter; C:\WINDOWS\system32\Drivers\AlfaFF.sys [2009-01-13 43184]
R0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-05-01 28271]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-04-15 312344]
R0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2008-09-01 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-30 13952]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-09 220640]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
S2 Int15;Int 15; \??\C:\WINDOWS\System32\drivers\int15.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-07-09 12672]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2008-05-30 146944]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-07-09 539072]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-07-09 37424]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-07-09 876384]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-09 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-07-09 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-09 67960]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-07-09 985472]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-07-09 210560]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-09 4739072]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-09 80784]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw5x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-07-10 3626112]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-10 6592928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-07-10 39072]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smsmdd;smsmdd; C:\WINDOWS\system32\DRIVERS\smsmdm.sys []
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-07-09 731264]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
S2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
S2 dkab_device;dkab_device; C:\WINDOWS\system32\DKabcoms.exe [2010-08-03 603456]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
S2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-01-13 3481088]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-22 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-10 159812]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2005-04-29 69632]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Dzybry]

tady je zatím log z Farbar Service Scanner, ComboFix běží celkem pomalu, tak jej sem dám později


Farbar Service Scanner Version: 09-11-2012
Ran by Administrator (administrator) on 13-11-2012 at 13:43:51
Running from "C:\Documents and Settings\Administrator\Plocha"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 21:00] - [2009-04-20 18:19] - 0045568 ____A (Microsoft Corporation) DFAA406BF19F4EE806A6F8D4342137F7

C:\WINDOWS\system32\ipnathlp.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\WINDOWS\system32\netman.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\WINDOWS\system32\srsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\WINDOWS\system32\Drivers\sr.sys
[2008-04-14 21:00] - [2008-04-14 21:00] - 0073344 ____A (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\WINDOWS\system32\wuauserv.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\WINDOWS\system32\qmgr.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\WINDOWS\system32\es.dll
[2008-04-14 21:00] - [2008-07-07 21:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\WINDOWS\system32\svchost.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 21:00] - [2009-02-09 11:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\WINDOWS\system32\services.exe
[2008-04-14 21:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Gpc(7) IPSec(5) NetBT(6) PSched(8) RFCOMM(3) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

[Dzybry]

tak ještě ten combofix

ComboFix 12-11-12.03 - Administrator 13.11.2012 13:47:16.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2043.1619 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-13 do 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 12:34 . 2012-11-13 12:34 -------- d-----w- c:\program files\trend micro
2012-11-13 12:34 . 2012-11-13 12:34 -------- d-----w- C:\rsit
2012-11-13 12:22 . 2012-11-13 12:23 -------- d-----w- C:\uninstall
2012-11-13 09:57 . 2012-11-13 09:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\HP
2012-11-11 12:43 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8FCDC1DC-5A53-4EC9-868F-8D47D1C07962}\mpengine.dll
2012-11-07 17:45 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 06:49 . 2012-08-30 06:49 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 06:49 . 2012-03-06 09:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2007-08-13 16:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2007-08-13 16:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 20:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 20:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 20:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 20:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-09 16862208]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-09 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-09 1028096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-10 13541376]
"nwiz"="nwiz.exe" [2008-07-10 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-10 86016]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-13 3686400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-1-22 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-13 10:01 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4618\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4618\Scripts\Logon\1\0]
"Script"=CertVal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logoff\0\0]
"Script"=NetUse_off.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\1\0]
"Script"=CertVal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\2\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\3\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-6371\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dkabcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:10.100.253.0/255.255.255.0,172.16.0.0/255.255.240.0,192.168.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:10.100.253.0/255.255.255.0,172.16.0.0/255.255.240.0,192.168.0.0/255.255.0.0:Enabled:DCOM_TCP135
"777:TCP"= 777:TCP:10.100.253.0/255.255.255.0,172.16.0.0/255.255.240.0,192.168.0.0/255.255.0.0:Enabled:AuditPro
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= 10.100.253.0/255.255.255.0,172.16.0.0/255.255.240.0,192.168.0.0/255.255.0.0
"Enabled"= 1 (0x1)
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [13.1.2009 11:01 43184]
S2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [13.1.2009 11:01 3481088]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [20.7.2012 8:34 89600]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [24.9.2010 11:53 51040]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9.7.2008 16:15 80784]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.6.1 192.168.1.203 192.168.4.1 192.168.1.204
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-13 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2205367108-3917510040-418875168-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,3a,ad,fb,42,a6,a4,45,8b,30,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,3a,ad,fb,42,a6,a4,45,8b,30,5d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll
.
Celkový čas: 2012-11-13 13:55:21
ComboFix-quarantined-files.txt 2012-11-13 12:55
.
Před spuštěním: Volných bajtů: 13 644 668 928
Po spuštění: Volných bajtů: 13 596 024 832
.
- - End Of File - - 2E30518B950EA8CD7E199123DA027734

[vyosek]

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

• Ulozte nejlepe na Plochu
• Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
• Nasledne kliknutim na Yes potvrdte restart PC
• Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

[Dzybry]

Dobrý den,

tak jsem se k tomu dostal až teď.

Log Opened: 2012-11-14 @ 08:17:16
08:17:16 - -----------------
08:17:16 - | Begin Logging |
08:17:16 - -----------------
08:17:16 - Fix started on a WIN_XP X86 computer
08:17:16 - Prep in progress. Please Wait.
08:17:22 - Prep complete
08:17:22 - Repairing Services Now. Please wait...
08:17:23 - Services Repair Complete.
08:17:28 - Reboot Initiated

[Dzybry]

Můžete mi někdo pomoc, rád bych to dořešil.

Děkuji.

[vyosek]

Zdravim,

mel jsem cely den studijni povinnosti...

Spustte nyni znovu Farbara a dejte mi sem log z nej

[Dzybry]

nic se neděje, jen jsem měl trošku obavu, jestli jsem trochu nezapadl v té velké záplavě, co tu máte

tady je log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012
Ran by Administrator at 14-11-2012 18:20:06
Running from C:\Documents and Settings\Administrator\Plocha
Service Pack 3 (X86) OS Language: Czech
Attention: Could not load system hive.
Error: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-14 18:20 - 2012-11-14 18:20 - 00000000 ____D C:\FRST
2012-11-13 13:55 - 2012-11-13 13:55 - 00011663 ____A C:\ComboFix.txt
2012-11-13 13:45 - 2012-11-13 13:55 - 00000000 ____D C:\Qoobox
2012-11-13 13:45 - 2012-11-13 13:55 - 00000000 ____D C:\ComboFix
2012-11-13 13:45 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-13 13:45 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-13 13:45 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-13 13:45 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-13 13:34 - 2012-11-13 13:34 - 00000000 ____D C:\rsit
2012-11-13 13:34 - 2012-11-13 13:34 - 00000000 ____D C:\Program Files\trend micro
2012-11-13 13:22 - 2012-11-13 13:23 - 00000000 ____D C:\uninstall
2012-11-13 13:17 - 2012-11-13 13:54 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders ========

2012-11-14 18:19 - 2009-01-15 12:21 - 00004875 ____A C:\Windows\wincmd.ini
2012-11-14 18:19 - 2008-09-22 23:45 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2012-11-14 18:15 - 2008-09-23 11:54 - 00001158 ____A C:\Windows\System32\wpa.dbl
2012-11-14 18:15 - 2008-09-23 11:47 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-11-14 18:14 - 2008-09-23 11:47 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-14 17:04 - 2009-01-13 11:07 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-11-14 17:04 - 2008-09-23 11:54 - 01433637 ____A C:\Windows\WindowsUpdate.log
2012-11-14 17:04 - 2008-09-23 11:54 - 00032566 ____A C:\Windows\SchedLgU.Txt
2012-11-14 17:04 - 2008-09-23 11:54 - 00000275 ____A C:\Windows\wiadebug.log
2012-11-14 17:04 - 2008-09-23 11:54 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-14 17:04 - 2008-09-23 11:54 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 16:34 - 2012-09-24 09:32 - 00000062 __ASH C:\Documents and Settings\Olivík\Local Settings\desktop.ini
2012-11-14 16:34 - 2009-01-13 10:44 - 00189944 ____A C:\Windows\System32\nvapps.xml
2012-11-14 16:34 - 2008-09-23 11:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-14 16:31 - 2012-09-24 09:32 - 00000178 ___SH C:\Documents and Settings\Olivík\ntuser.ini
2012-11-14 16:22 - 2008-09-23 11:54 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2012-11-14 08:17 - 2008-09-23 11:50 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2012-11-13 13:55 - 2012-11-13 13:55 - 00011663 ____A C:\ComboFix.txt
2012-11-13 13:55 - 2012-11-13 13:45 - 00000000 ____D C:\Qoobox
2012-11-13 13:55 - 2012-11-13 13:45 - 00000000 ____D C:\ComboFix
2012-11-13 13:54 - 2012-11-13 13:17 - 00000000 ____D C:\Windows\erdnt
2012-11-13 13:53 - 2008-09-22 23:45 - 00000227 ____A C:\Windows\system.ini
2012-11-13 13:47 - 2008-09-23 11:27 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2012-11-13 13:34 - 2012-11-13 13:34 - 00000000 ____D C:\rsit
2012-11-13 13:34 - 2012-11-13 13:34 - 00000000 ____D C:\Program Files\trend micro
2012-11-13 13:25 - 2008-09-22 22:46 - 00000000 ____D C:\Windows\System32\Restore
2012-11-13 13:23 - 2012-11-13 13:22 - 00000000 ____D C:\uninstall
2012-11-13 10:58 - 2009-01-20 11:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-13 10:58 - 2008-09-23 11:52 - 01061648 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-13 10:55 - 2008-09-23 11:47 - 00466008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-13 09:01 - 2008-09-22 22:21 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty
2012-11-11 22:05 - 2012-09-24 09:32 - 00000000 __RHD C:\Documents and Settings\Olivík\Data aplikací
2012-11-11 15:46 - 2010-12-08 13:59 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2012-11-03 21:27 - 2012-09-24 09:32 - 00000000 ____D C:\Documents and Settings\Olivík\Plocha
2012-11-03 21:08 - 2012-09-24 09:32 - 00000000 ___RD C:\Documents and Settings\Olivík\Dokumenty
2012-10-18 22:09 - 2012-10-07 11:44 - 00001596 ____A C:\Windows\wmsetup.log


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2008-04-14 21:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 21:00] - [2008-04-14 21:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== Restore Points (XP) =====================

RP: -> 2012-11-14 16:50 - 032768 _restore{E300EE19-A020-43CE-9BF3-8CB5660344C0}\RP1


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2042.79 MB
Available physical RAM: 1749.14 MB
Total Pagefile: 3936.88 MB
Available Pagefile: 3807.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.93 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:50 GB) (Free:12.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (PQSERVICE) (Fixed) (Total:10 GB) (Free:8.35 GB) NTFS
4 Drive f: () (Removable) (Total:14.94 GB) (Free:0.26 GB) NTFS

V poźˇtaźi: NTBOLIVIK
Disk ### Stav Velikost Voln‚ Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 238 GB
Probˇh  ukonźenˇ programu DiskPart...

Partitions of Disk 0:
===============

V poźˇtaźi: NTBOLIVIK
Nynˇ je vybr n disk 0.
Oddˇl ### Typ Velikost Posunutˇ
------------- ---------------- ------- -------
Oddˇl 1 Prim rnˇ 10 GB 1024 KB
Oddˇl 2 Prim rnˇ 50 GB 10 GB
Probˇh  ukonźenˇ programu DiskPart...

=========================================================
==================== End Of Log ============================

[vyosek]

jenze to je uplne jiny farbar, jste si ho stahl odnekud jinud (tohle je jina utilita od tehoz autora), ja chtel log z teto http://forum.viry.cz/viewtopic.php?f=13 ... 2#p1163517 (samozrejme CF jiz ne)

[Dzybry]

Jsem to špatně pochopil pardon

Farbar Service Scanner Version: 09-11-2012
Ran by Administrator (administrator) on 14-11-2012 at 18:33:08
Running from "C:\Documents and Settings\Administrator\Plocha"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-04-14 21:00] - [2009-04-20 18:19] - 0045568 ____A (Microsoft Corporation) DFAA406BF19F4EE806A6F8D4342137F7

C:\WINDOWS\system32\ipnathlp.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\WINDOWS\system32\netman.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\WINDOWS\system32\srsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\WINDOWS\system32\Drivers\sr.sys
[2008-04-14 21:00] - [2008-04-14 21:00] - 0073344 ____A (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\WINDOWS\system32\wscsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\WINDOWS\system32\wuauserv.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\WINDOWS\system32\qmgr.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\WINDOWS\system32\es.dll
[2008-04-14 21:00] - [2008-07-07 21:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\WINDOWS\system32\cryptsvc.dll
[2008-04-14 21:00] - [2008-04-14 21:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\WINDOWS\system32\svchost.exe
[2008-04-14 21:00] - [2008-04-14 21:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 21:00] - [2009-02-09 11:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\WINDOWS\system32\services.exe
[2008-04-14 21:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Gpc(7) IPSec(5) NetBT(6) PSched(8) RFCOMM(3) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "HP Software Update"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "3389:TCP"=-
  "135:TCP"=-
  "777:TCP"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
  "RemoteAddresses"=-
  
  Driver::
  dkab_device
  
  Collect::
  c:\windows\system32\DKabcoms.exe
  
  RegLock::
  [HKEY_USERS\S-1-5-21-2205367108-3917510040-418875168-500\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Dzybry]

Po dokončení testu chtěl odeslat nějaké soubory na analýzu, ale furt jsem v nouzovém bez sítě, tak vytvořil odesílací formulář na disku, chcete i tento soubor?

ComboFix 12-11-12.03 - Administrator 14.11.2012 20:23:42.5.2 - x86 MINIMAL
SystÚm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2043.1611 [GMT 1:00]
SpuÜtýnř z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\documents and settings\Administrator\Plocha\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROV┴N═ - NA TOMTO PO╚═TA╚I NEN═ NAINSTALOV┴NA KONZOLA PRO ZOTAVEN═ !!
.
file zipped: c:\windows\system32\DKabcoms.exe
.
.
((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( OvladaŔe/Slu×by )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DKAB_DEVICE
-------\Service_dkab_device
.
.
((((((((((((((((((((((((( Soubory vytvo°enÚ od 2012-10-14 do 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 17:20 . 2012-11-14 17:20 -------- d-----w- C:\FRST
2012-11-13 12:34 . 2012-11-13 12:34 -------- d-----w- C:\rsit
2012-11-13 12:22 . 2012-11-13 12:23 -------- d-----w- C:\uninstall
2012-11-13 09:57 . 2012-11-13 09:57 -------- d-----w- c:\documents and settings\Administrator\Data aplikacÝ\HP
2012-11-11 12:43 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikacÝ\Microsoft\Microsoft Antimalware\Definition Updates\{8FCDC1DC-5A53-4EC9-868F-8D47D1C07962}\mpengine.dll
2012-11-07 17:45 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Data aplikacÝ\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 06:49 . 2012-08-30 06:49 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 06:49 . 2012-03-06 09:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2007-08-13 16:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2007-08-13 16:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 20:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 20:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 20:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 20:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-09 16862208]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-09 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-09 1028096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-10 13541376]
"nwiz"="nwiz.exe" [2008-07-10 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-10 86016]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-13 3686400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\All Users\NabÝdka Start\Programy\Po spuÜtýnÝ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-1-22 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-01-13 10:01 3077120 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4618\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4618\Scripts\Logon\1\0]
"Script"=CertVal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logoff\0\0]
"Script"=NetUse_off.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\1\0]
"Script"=CertVal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\2\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-4695\Scripts\Logon\3\0]
"Script"=pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-789336058-1177238915-1801674531-6371\Scripts\Logon\0\0]
"Script"=Uncheck-AutoDectSet.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dkabcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [13.1.2009 11:01 43184]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [13.1.2009 11:01 3481088]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [20.7.2012 8:34 89600]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [24.9.2010 11:53 51040]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [9.7.2008 16:15 80784]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.6.1 192.168.1.203 192.168.4.1 192.168.1.204
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovßnÝ skrytřch proces¨ ...
.
skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...
.
skenovßnÝ skrytřch soubor¨ ...
.
sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(248)
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
.
**************************************************************************
.
Celkovř Ŕas: 2012-11-14 20:38:30 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2012-11-14 19:38
ComboFix2.txt 2012-11-13 12:55
.
P°ed spuÜtýnÝm: Volnřch bajt¨: 13á533á921á280
Po spuÜtýnÝ: Volnřch bajt¨: 13á474á308á096
.
- - End Of File - - 89F2EE83F9C48024E15AAAB04D94F05E