Downloader, Conficker,...??? Vyřešeno

[jaro3]

Máš otevřeny nějaké porty ( proxy server)?

Stáhni si Panda USB and AutoRun Vaccine

Nainstaluj a spusť , klikni na Vaccinate computer.

*********************************************************************************************************************************************
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[Reklama]

[Mazůrek Petr]

Logfile of random's system information tool 1.07 (written by random/random)
Run by XXX at 2010-06-18 10:31:12
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (35%) free of 50 GB
Total RAM: 1535 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:23, on 18.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
D:\Download mozilla\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\XXX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01545C1F-0A20-48AB-8894-198547A62148}: NameServer = 78.110.208.34,78.110.208.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{01545C1F-0A20-48AB-8894-198547A62148}: NameServer = 78.110.208.34,78.110.208.38
O17 - HKLM\System\CS4\Services\Tcpip\..\{01545C1F-0A20-48AB-8894-198547A62148}: NameServer = 78.110.208.34,78.110.208.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c994eec038c7e6) (gupdate1c994eec038c7e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9314 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-16 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VirtualDrive"=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2002-07-16 245760]
"vcdplayx"=C:\WINDOWS\vcdplayx.exe [2002-03-18 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2008-04-04 131072]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2008-04-04 233472]
"MimBoot"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [2004-12-06 11264]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-14 344064]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-06-18 1287120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe

C:\Documents and Settings\XXX\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\XXX\Dokumenty\stahnuto\strongdc++\StrongDC.exe"="C:\Documents and Settings\XXX\Dokumenty\stahnuto\strongdc++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\Act of war\ACTOFWAR.EXE"="D:\Hry\Act of war\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"D:\Hry\1946\il2fb.exe"="D:\Hry\1946\il2fb.exe:*:Enabled:il2fb"
"D:\Hry\Act of war\AOWEditor.exe"="D:\Hry\Act of war\AOWEditor.exe:*:Enabled:AOWEditor"
"C:\Hry\Valve\Steam\SteamApps\mazurek45\source sdk base\hl2.exe"="C:\Hry\Valve\Steam\SteamApps\mazurek45\source sdk base\hl2.exe:*:Enabled:hl2"
"D:\Hry\OperationFlashpoint\FlashpointResistance.exe"="D:\Hry\OperationFlashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Hry\MFS X\fsx.exe"="D:\Hry\MFS X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\FarStone\VirtualDrive\MGR.exe"="C:\Program Files\FarStone\VirtualDrive\MGR.exe:*:Disabled:VirtualDrive MGR"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-06-18 10:31:12 ----D---- C:\rsit
2010-06-18 10:30:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2010-06-18 10:30:22 ----D---- C:\Program Files\Panda USB Vaccine
2010-06-18 10:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-06-17 15:01:30 ----D---- C:\Documents and Settings\XXX\Data aplikací\QuickScan
2010-06-17 10:01:27 ----D---- C:\Documents and Settings\XXX\Data aplikací\SUPERAntiSpyware.com
2010-06-16 19:50:14 ----D---- C:\Documents and Settings\XXX\Data aplikací\QIP
2010-06-16 19:49:41 ----D---- C:\Program Files\QIP 2010
2010-06-16 15:26:12 ----D---- C:\_OTL
2010-06-16 15:25:40 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-16 15:25:40 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-16 15:25:40 ----A---- C:\WINDOWS\system32\java.exe
2010-06-16 15:25:40 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-16 07:54:07 ----D---- C:\Documents and Settings\XXX\Data aplikací\DivX
2010-06-16 07:51:08 ----D---- C:\Program Files\DivX
2010-06-16 07:37:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-06-15 17:11:11 ----SHD---- C:\RECYCLER
2010-06-12 09:39:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\F-Secure

======List of files/folders modified in the last 1 months======

2010-06-18 10:31:23 ----D---- C:\WINDOWS\Prefetch
2010-06-18 10:31:23 ----D---- C:\Program Files\Trend Micro
2010-06-18 10:31:18 ----D---- C:\Program Files\Spyware Doctor
2010-06-18 10:31:17 ----D---- C:\WINDOWS\Temp
2010-06-18 10:30:23 ----SD---- C:\WINDOWS\Tasks
2010-06-18 10:30:22 ----RD---- C:\Program Files
2010-06-18 10:25:17 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-06-18 10:25:07 ----D---- C:\WINDOWS
2010-06-18 10:23:33 ----D---- C:\WINDOWS\system32
2010-06-18 10:22:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-18 10:21:54 ----HD---- C:\WINDOWS\inf
2010-06-18 10:21:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-18 10:21:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-18 10:21:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-18 10:09:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-18 09:58:50 ----D---- C:\WINDOWS\system32\drivers
2010-06-18 09:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2010-06-17 14:49:34 ----SHD---- C:\WINDOWS\CSC
2010-06-17 10:28:17 ----SHD---- C:\WINDOWS\Installer
2010-06-17 10:28:12 ----RSD---- C:\WINDOWS\Fonts
2010-06-17 08:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2010-06-17 08:33:39 ----D---- C:\Program Files\Common Files
2010-06-16 20:40:57 ----SHD---- C:\System Volume Information
2010-06-16 20:07:33 ----D---- C:\Documents and Settings\XXX\Data aplikací\ICQ
2010-06-16 19:38:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-16 15:26:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-16 15:21:49 ----D---- C:\Program Files\Java
2010-06-16 15:21:48 ----D---- C:\Program Files\Common Files\Java
2010-06-15 19:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-06-12 09:23:39 ----D---- C:\WINDOWS\Minidump
2010-06-12 09:19:34 ----D---- C:\WINDOWS\system32\Restore
2010-06-11 19:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2010-06-08 04:16:01 ----A---- C:\WINDOWS\BDTSupport.dll
2010-06-08 02:21:02 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-06-07 06:48:04 ----A---- C:\WINDOWS\system.ini
2010-06-06 19:36:00 ----D---- C:\Program Files\Lavasoft
2010-06-06 19:35:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-06-06 12:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2010-06-02 20:56:57 ----D---- C:\WINDOWS\Downloaded Installations
2010-05-29 13:52:10 ----D---- C:\WINDOWS\AppPatch
2010-05-29 09:55:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-28 12:37:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-22 08:24:03 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 cdawdm;CDAWDM; C:\WINDOWS\System32\DRIVERS\CDAWDM.sys [2002-01-24 46735]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-10-07 80576]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [2008-05-15 171520]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-11-30 17024]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-11-30 30299]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-11-30 148040]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2003-11-14 8192]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-06-03 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 SaiH0763;SaiH0763; C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 179968]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 lusbaudio;Mikrofon Logitech USB; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-03 48128]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [2005-02-01 165888]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-11-30 55288]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-04-28 223128]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 Mtdbeen;Mtdbeen; C:\WINDOWS\system32\drivers\partmgr.sys [2001-10-25 18688]
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology; C:\WINDOWS\System32\DRIVERS\mtdv2ku2.sys [2003-10-15 12288]
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology; C:\WINDOWS\System32\DRIVERS\mtdv2ks2.sys [2003-10-11 11648]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2005-02-01 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\System32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 SaiH0762;SaiH0762; C:\WINDOWS\system32\DRIVERS\SaiH0762.sys [2008-04-04 136832]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2008-04-04 14080]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2008-04-04 35456]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\screamingbdriver.sys []
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-03-07 642560]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe [2004-11-30 163840]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2002-07-18 46080]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-16 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 SaiDOutput;Saitek DirectOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 147456]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 gupdate1c994eec038c7e6;Google Update Service (gupdate1c994eec038c7e6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Avgmpuec;Avgmpuec; C:\WINDOWS\system32\drivers\atmlane.sys [2004-08-03 55936]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

[Mazůrek Petr]

Chtěl jsem ti ještě říct, že jsem zkoušel různé Kido Removery, ale žádný z nich jej ani nenašel, ačkoliv MbAM našel zase ty dvě infekce Worm.Conficker. Spyware Doctor opět nic. Pak jsem kouknul na internet, že nemám nainstalovanou aktualizaci MS08-67, která má nějak chránit systém, tak jsem ji nainstaloval. Panda je aktivovaná.

[Mazůrek Petr]

Proxy nastavený nemám, porty snad taky ne, kde se ujistím?

[bledulka]

Než přijde Jaro3
Zkoušeli jste tento program?
ftp://ftp.f-secure.com/anti-virus/tools ... wnadup.zip
-odpoj se od internetu, a v nouzovém režimu udělej sken

[Mazůrek Petr]

Ten jsem zkušel já v safe modu a nic nenalezl. Zatím mi Avast nic nehlásí, ale to bude spíš tím, že je zablokovanej ten autorun.

[bledulka]

Avast ti ho hlásil na fleškách?
AVPtool jste zkoušeli ?(ať nemusím pročítat celých x stránek)

[Mazůrek Petr]

Vysvětlím:

Avast mi vždycky vyhodil takový okno, že zablokoval malware. Tak jsem taky zjistil, že něco mám. Pročistil jsem to, ale i když jsem to udělal důkladně, vždycky třeba po dvou hodinách (někdy už po hodině) mi naskočila zpráva, že byl malware opět zablokován. Tak jsme teď celou dobu řešili, co to může způsobovat, a nakonec jsem to projel Kasperským a našel jsem NET_WORM.WIN32.KIDO, naprosto stejný příznaky jako se uvadějí na netu. Odstranil jsem ho pomocí toho Kasperskyho, ale zase se objevil malware. Tak jsem si stáhnul různý odstraňovače a balík od Microsoftu. Na radu jsem nainstaloval pandu a zkusil to tím sofwarem - nic nenašel a od tý doby mi zpráva nevyskočila. Nabízí se vysvětlení buď, že pomohl balík od Microsoftu, nebo to je tím, že Panda blokuje autorun, takže se to nemůže samo spustit. Zas tak tomu nerozumím. Každopádně počítám i tak s nejhorším

[bledulka]

Aha. On pomohl určitě i firewall, pokud ho máš u Pandy. Jinak Panda není zrovna to co bych ti doporučovala, ale hlavně že svůj učel splní
Dobře, tak víš co, teď den dva počítač pozoruj a pak napiš, jak to vypadá, jestli se infekce znovu objevila.

[Mazůrek Petr]

Zatím se to znova neobjevilo, ale zdá se mi, že až vypnu Pandu, bude to zas tady Všiml jsem si ale ( ještě před tím, než jsem něco instaloval) se mi občas zpomalí počítač, než ho mám vypnout - hrozně dlouho trvá, než mi vyskočí to okno s nabídkou Vypnout/Restartovat. Jestli jsem si něco nerozhasil těmi "léčebnými procesy"

[bledulka]

Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat


Za pár dní tady vlož nový log ze Rsitu. Antivir a firewall jsou od toho,a by pc chránili, tkaže Pandu nevypínej .
Nemáš ve stejné síti další pc? Ono je možné, že je infikovaný další počítač a proto se Ti to stále vrací.

[Mazůrek Petr]

Díky za pomůcku k čištění.

Já mám od Pandy jen USB Vaccine, nainstaloval jsem jenom ji a ten balík od Microsoftu.
Máme tu síť od regionálního poskytovatele, DSL 2Mbit. Veškerý sdílení v síti a tak jsem se snažil vypnout, ale nevím, jestli je možný, aby se to v rámci toho šířilo...