Něco mi stahuje data a posílá do Internetu

[Kangaroo]

Pořídil jsem si nový USB externí 1TB disk pro zálohování osobních dat. Disk jsem zabezpečil pouze před vstupem heslem, ale nyní mám podezření, že někdo nebo nějaký SW mi sosá data z toho disku přes Internet. Zpočátku jsem měl pravidelné problikávání ledky za běžný stav ale včera jsem tisknul dokumenty na LAN tiskárně a během toho jsem si všimnul jak na ADSL routeru naplno svítí ADSL dioda tak si říkám jestli to ještě stahuje ten film. Jdu k počítač a tam zjištuji, že film už byl stáhnutý před 15 minuty vracím se k modemu a pořád svítí LED stejně. Vrátil jsem se k PC a sleduji, že bliká externí disk, tak si řikám, že něco zkusim a to, že jsem přes utilitu ihned odpojil disk a co asi ADSL dioda přestala svítit . Používám Firewall jak na modemu tak v počítači a NOD32 nic nehlásí. Máte někdo podobnou zkušenost? Dost nepříjemná situace. Poradíte mi co mám dělat? Díky moc.

[Reklama]

[bledulka]

Ahoj,
zapoj externí disk

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde

[Kangaroo]

Tohle je log.txt když byl disk vypnutý (pak pošlu log2 až to bude dělat to samý)

Logfile of random's system information tool 1.07 (written by random/random)
Run by Markus at 2010-06-21 21:58:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 851 MB (6%) free of 15 GB
Total RAM: 1023 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:58:36, on 21.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BlazeVideo\Blaze HDTV Player Deluxe 4.0\MediaDetector.exe
C:\WINDOWS\explorer.exe
D:\Sosej\RSIT.exe
C:\Program Files\trend micro\Markus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.email-business.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMExplorer] C:\WINDOWS\CMExplorer.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [Cmiboot] C:\WINDOWS\cmiboot.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo PX700W(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\WINDOWS\TEMP\E_S108.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\Blaze HDTV Player Deluxe 4.0\MediaDetector.exe"
O4 - HKCU\..\Run: [365dni] C:\Program Files\365dníNET\365dniNET.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 10064 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-879983540-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-879983540-839522115-1003.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-21 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-02-01 917504]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-04-16 536576]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-21 202256]
"CMExplorer"=C:\WINDOWS\CMExplorer.exe [2007-01-31 2715648]
"CmUCRRun"=C:\WINDOWS\system32\CmUCReye.exe [2006-07-12 237568]
"Cmiboot"=C:\WINDOWS\cmiboot.exe [2007-02-07 65536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus Photo PX700W(Network)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE [2008-04-07 188928]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"Eraser"=C:\Program Files\Eraser\eraser.exe [2009-06-10 334224]
"eyeBeam SIP Client"= []
"BlazeServoTool"=C:\Program Files\BlazeVideo\Blaze HDTV Player Deluxe 4.0\MediaDetector.exe [2007-11-30 282624]
"365dni"=C:\Program Files\365dníNET\365dniNET.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\EpsonNet EasyInstall\EasyInstall.exe"="F:\EpsonNet EasyInstall\EasyInstall.exe:*:Enabled:EasyInstall"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Games\Paintball2\paintball2.exe"="C:\Games\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - "H:\WD SmartWare.exe" autoplay=true


======List of files/folders created in the last 1 months======

2010-06-21 21:55:46 ----D---- C:\Program Files\trend micro
2010-06-21 21:55:41 ----D---- C:\rsit
2010-06-21 21:03:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-21 21:03:28 ----D---- C:\Program Files\SpywareBlaster
2010-06-11 00:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 00:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 00:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 00:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 00:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 00:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-11 00:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-03 21:54:45 ----A---- C:\WINDOWS\365dní Uninstall Log.txt
2010-06-03 16:33:24 ----RA---- C:\WINDOWS\cmiboot.exe
2010-06-03 16:33:23 ----RA---- C:\WINDOWS\CmUCREye.exe
2010-06-03 16:28:31 ----RA---- C:\WINDOWS\system32\CmUCRRm.Dll
2010-06-03 16:28:31 ----RA---- C:\WINDOWS\system32\CmUCREye.exe
2010-06-03 16:28:30 ----RA---- C:\WINDOWS\system32\CmUCRRm.exe
2010-06-03 16:27:47 ----A---- C:\WINDOWS\system32\SecurityBox.exe
2010-06-03 16:27:45 ----A---- C:\WINDOWS\system32\CMBox.exe
2010-06-03 16:27:44 ----A---- C:\WINDOWS\system32\DiskMount.exe
2010-06-03 16:27:37 ----R---- C:\WINDOWS\CmiUCRUninstall.exe
2010-06-03 16:27:30 ----RH---- C:\WINDOWS\Settings.ini
2010-06-03 16:27:23 ----R---- C:\WINDOWS\LanTC.dll
2010-06-03 16:27:18 ----R---- C:\WINDOWS\LanSC.dll
2010-06-03 16:27:12 ----R---- C:\WINDOWS\CMExplorer.exe
2010-06-03 16:27:11 ----R---- C:\WINDOWS\CMICARDREADER.INI
2010-06-03 16:27:06 ----D---- C:\Program Files\C-Media USB2.0 Card Reader
2010-06-03 11:13:06 ----D---- C:\Program Files\ProgDVB
2010-06-03 11:07:15 ----D---- C:\dvbdream
2010-06-03 11:06:29 ----A---- C:\WINDOWS\system32\libssl32.dll
2010-06-03 11:06:28 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-05-30 18:41:17 ----D---- C:\Documents and Settings\Markus\Data aplikací\vlc
2010-05-26 11:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-25 21:19:21 ----D---- C:\Documents and Settings\Markus\Data aplikací\HD Tune Pro
2010-05-25 21:18:27 ----D---- C:\Program Files\HD Tune Pro

======List of files/folders modified in the last 1 months======

2010-06-21 21:57:45 ----D---- C:\Program Files\Eset
2010-06-21 21:56:01 ----D---- C:\WINDOWS\Prefetch
2010-06-21 21:55:46 ----RD---- C:\Program Files
2010-06-21 21:48:29 ----D---- C:\WINDOWS\Temp
2010-06-21 21:03:35 ----D---- C:\WINDOWS\system32
2010-06-21 17:46:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-21 17:43:29 ----D---- C:\Documents and Settings\Markus\Data aplikací\Skype
2010-06-21 17:43:20 ----D---- C:\Documents and Settings\Markus\Data aplikací\skypePM
2010-06-21 15:34:32 ----SD---- C:\WINDOWS\Tasks
2010-06-20 08:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-17 23:04:50 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-16 21:07:51 ----SHD---- C:\WINDOWS\Installer
2010-06-12 13:27:30 ----HD---- C:\WINDOWS\inf
2010-06-12 13:27:30 ----AD---- C:\WINDOWS
2010-06-12 13:27:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-11 08:05:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-11 08:04:33 ----RSD---- C:\WINDOWS\assembly
2010-06-11 00:57:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-11 00:57:33 ----A---- C:\WINDOWS\imsins.BAK
2010-06-11 00:57:29 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 00:54:16 ----D---- C:\WINDOWS\WinSxS
2010-06-09 09:52:34 ----D---- C:\Documents and Settings\Markus\Data aplikací\The Bat!
2010-06-05 21:24:20 ----D---- C:\Program Files\StepMania
2010-06-05 15:59:37 ----D---- C:\Documents and Settings\Markus\Data aplikací\dvdcss
2010-06-04 13:31:32 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 08:37:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-03 22:17:52 ----D---- C:\WINDOWS\system32\config
2010-06-03 21:56:58 ----D---- C:\Program Files\EbookMaker
2010-06-03 21:54:20 ----SD---- C:\Documents and Settings\Markus\Data aplikací\Microsoft
2010-06-03 21:53:33 ----D---- C:\Program Files\LG Electronics
2010-06-03 21:53:23 ----D---- C:\Documents and Settings\Markus\Data aplikací\LG Electronics
2010-06-03 16:33:20 ----D---- C:\WINDOWS\system32\drivers
2010-05-30 18:34:13 ----D---- C:\Documents and Settings\Markus\Data aplikací\Real
2010-05-30 18:34:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CMFileDisk;CMFileDisk; \??\C:\WINDOWS\system32\drivers\CMFileDisk.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\System32\drivers\amon.sys []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\System32\Drivers\DgiVecp.sys []
R3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-01-22 483200]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\System32\Drivers\SSPORT.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\System32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 atirage;atirage; C:\WINDOWS\System32\DRIVERS\atiragem.sys [2001-10-24 70528]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-12 93056]
S3 DC1300;DC 1300 WDM Video Capture; C:\WINDOWS\System32\Drivers\BSC504AV.SYS []
S3 eusk3usb;SmartKey 3 USB; C:\WINDOWS\System32\Drivers\eusk3usb.sys [2004-11-18 45534]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\System32\DRIVERS\rt2870.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBCamera;DC 1300 Still Image Capture; C:\WINDOWS\System32\Drivers\BscBulk.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2009-07-21 602112]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [2006-12-19 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-02-01 495616]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-20 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[bledulka]

Ten externí disk je jednotka H?

[Kangaroo]

H: i I:. H: je takový systémový disk od WD SmartWare (zavaděč - heslo). I: je druhá část tam ukládám data. C: a D: je interní disk E: F: jsou mechaniky a Z: tiskárna

[p3!An]

Nerad se mezi vás dva pletu, když tu řešíte problém. Avšak další možností, zda je to fakt, či pouze tvůj dojem, je možnost se podívat do firewallu na příchozí/odchozí spojení, či využít specializovaný soft na měření přenosu dat.

[bledulka]

Připoj do pc všechny usb klíče, flashky, paměťové karty, externí disky, co používáš.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[Kangaroo]

ComboFix 10-06-21.01 - Markus 21.06.2010 23:01:28.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.392 [GMT 2:00]
Spuštěný z: d:\sosej\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-21 do 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 19:55 . 2010-06-21 19:58 -------- d-----w- c:\program files\trend micro
2010-06-21 19:55 . 2010-06-21 19:56 -------- d-----w- C:\rsit
2010-06-21 19:03 . 2010-06-21 19:03 -------- d-----w- c:\program files\SpywareBlaster
2010-06-03 14:33 . 2007-02-07 04:02 65536 ----a-r- c:\windows\cmiboot.exe
2010-06-03 14:33 . 2006-12-19 03:04 241664 ----a-r- c:\windows\CmUCREye.exe
2010-06-03 14:28 . 2006-12-07 08:10 53248 ----a-r- c:\windows\system32\CmUCRRm.Dll
2010-06-03 14:28 . 2006-07-12 02:26 237568 ----a-r- c:\windows\system32\CmUCREye.exe
2010-06-03 14:28 . 2007-01-17 10:57 327680 ----a-r- c:\windows\system32\CmUCRRm.exe
2010-06-03 14:28 . 2007-01-12 03:20 93056 ----a-r- c:\windows\system32\drivers\cmiucr.SYS
2010-06-03 14:27 . 2010-06-03 14:27 626688 ----a-w- c:\windows\system32\SecurityBox.exe
2010-06-03 14:27 . 2010-06-03 14:27 385024 ----a-w- c:\windows\system32\CMBox.exe
2010-06-03 14:27 . 2010-06-03 14:27 28672 ----a-w- c:\windows\system32\DiskMount.exe
2010-06-03 14:27 . 2010-06-03 14:27 7164 ----a-w- c:\windows\system32\drivers\CMFileDisk.sys
2010-06-03 14:27 . 2006-03-11 00:42 24576 ------r- c:\windows\CmiUCRUninstall.exe
2010-06-03 14:27 . 2005-06-10 22:38 946176 ------r- c:\windows\LanTC.dll
2010-06-03 14:27 . 2005-06-10 22:38 946176 ------r- c:\windows\LanSC.dll
2010-06-03 14:27 . 2007-01-31 03:12 2715648 ------r- c:\windows\CMExplorer.exe
2010-06-03 14:27 . 2010-06-03 14:27 -------- d-----w- c:\program files\C-Media USB2.0 Card Reader
2010-06-03 09:13 . 2010-06-03 19:53 -------- d-----w- c:\program files\ProgDVB
2010-06-03 09:07 . 2010-06-03 09:09 -------- d-----w- C:\dvbdream
2010-06-03 09:06 . 2008-06-29 19:48 311128 ----a-w- c:\windows\system32\libssl32.dll
2010-06-03 09:06 . 2008-06-29 19:48 1526468 ----a-w- c:\windows\system32\libeay32.dll
2010-05-25 19:18 . 2010-05-25 19:19 -------- d-----w- c:\program files\HD Tune Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 20:50 . 2001-10-25 12:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-06-21 20:50 . 2001-10-25 12:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 19:57 . 2009-02-01 09:48 -------- d-----w- c:\program files\Eset
2010-06-05 19:24 . 2009-12-25 10:11 -------- d-----w- c:\program files\StepMania
2010-06-04 11:31 . 2010-04-10 14:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 06:37 . 2009-02-01 10:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:56 . 2009-12-29 12:17 -------- d-----w- c:\program files\EbookMaker
2010-06-03 19:53 . 2010-05-21 12:24 -------- d-----w- c:\program files\LG Electronics
2010-05-21 20:28 . 2010-05-21 20:28 -------- d-----w- c:\program files\Common Files\Real
2010-05-21 20:28 . 2010-05-21 20:28 -------- d-----w- c:\program files\Real
2010-05-21 20:28 . 2010-05-21 20:28 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-21 20:28 . 2009-09-03 12:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-21 20:28 . 2009-09-03 12:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-20 09:06 . 2010-05-20 09:02 -------- d-----w- c:\program files\Google
2010-05-12 18:48 . 2009-11-17 20:56 -------- d-----w- c:\program files\Common Files\Java
2010-05-12 18:47 . 2009-02-01 10:14 -------- d-----w- c:\program files\Java
2010-05-04 12:06 . 2010-05-04 12:05 -------- d-----w- c:\program files\ArcSoft
2010-05-04 12:06 . 2010-05-04 12:05 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-04 11:59 . 2010-05-04 11:59 -------- d-----w- c:\program files\ffdshow
2010-05-04 11:58 . 2010-05-04 11:58 -------- d-----w- c:\program files\Digital Video
2010-05-02 08:09 . 2001-10-25 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 08:06 . 2010-04-28 08:06 -------- d-----w- c:\program files\SlySoft
2010-04-25 19:22 . 2010-04-25 19:22 -------- d-----w- c:\program files\VideoLAN
2010-04-20 05:32 . 2001-10-25 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:08 . 2001-10-25 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:08 . 2009-11-17 11:17 81920 ------w- c:\windows\system32\ieencode.dll
2010-04-12 15:29 . 2010-05-12 18:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-04 19:18 . 2010-04-04 19:18 1083 ----a-w- c:\windows\system32\unins000.dat
2010-04-04 19:18 . 2010-04-04 19:18 695578 ----a-w- c:\windows\system32\unins000.exe
2003-09-02 07:55 . 2009-02-01 10:14 1406 ----a-w- c:\program files\favicon.ico
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Eraser"="c:\program files\Eraser\eraser.exe" [2009-06-10 334224]
"BlazeServoTool"="c:\program files\BlazeVideo\Blaze HDTV Player Deluxe 4.0\MediaDetector.exe" [2007-11-30 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-01 917504]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-16 536576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-21 202256]
"CMExplorer"="c:\windows\CMExplorer.exe" [2007-01-31 2715648]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
"Cmiboot"="c:\windows\cmiboot.exe" [2007-02-07 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2009-2-1 932864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [21.10.2009 12:49 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [21.10.2009 12:49 5248]
R1 CMFileDisk;CMFileDisk;c:\windows\system32\drivers\CMFileDisk.sys [3.6.2010 16:27 7164]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [16.3.2010 11:40 24786]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [3.6.2010 16:28 93056]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.1.2010 18:35 11520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.5.2010 11:02 136176]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [8.6.2009 11:40 93440]
S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [1.2.2009 12:18 70528]
S3 DC1300;DC 1300 WDM Video Capture;c:\windows\system32\Drivers\BSC504AV.SYS --> c:\windows\system32\Drivers\BSC504AV.SYS [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [16.3.2010 11:40 45534]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - NVR0Dev
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 09:02]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 09:02]

2010-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-879983540-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-879983540-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-18 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.email-business.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\Markus\Data aplikací\Mozilla\Firefox\Profiles\qjgwdzha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-eyeBeam SIP Client - (no file)
HKCU-Run-365dni - c:\program files\365dníNET\365dniNET.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 23:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-21 23:08:56
ComboFix-quarantined-files.txt 2010-06-21 21:08

Před spuštěním: 813 625 344
Po spuštění: 2 801 983 488

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C6FBF127F9A64053CD03F24C4FA27B03

[Kangaroo]

Ten uTorrent jsem již dávno zakázal (pár měsíců zpátky), odinstaloval i ručně vymazal veškerý soubory, tak přes něj to asi nebude.

[bledulka]

S těmi daty se Ti to stalo jen jednou?Zjisti, jak to vypadá, jeslti se stále něco stahuje.
Popřemýšlej nad firewallem, ten ve windows je na nic.



Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[Kangaroo]

Ted jsem pustil ten Mbam bude to asi na dlouho ale pošlu log. Až dneska jsem si toho všimnul že to může být takhle. Zatím se to neopakuje všechny ostatní PC jsem řekl at vypnou a zatím to jen občas na modemu problikne (asi jen aktualizace antiviru, skype) Prve to bylo jasný upload na plný obrátky. Moje verze je pokud tam něco je tak to asi pracuje tak, že když na PC makám tak nic moc, ale pokud se odhlásím tak to asi začne makat. Včera jsem totiž se odhlásil na 4 hodin odešel pryč a pak jsem přišel dal stáhnout film, makal a pak šel tisknou a zjistil jsem to. Ted mě ještě napadlo modem má VOIP 2xSFX aktivní a je možné (ale to by byla opravdu neuveřitelná náhoda) že zrovna moje ségra tajně volala přes bezdrátový telefon a zavěsila přibližně ve stejnou dobu co to skončilo. Zítra se jí musim zeptat.

[bledulka]

Zkus to zjistit. Ať se nehoníme za něčím, co není.