Prosim o kontrolu logu - pomale pc

[cybernovi]

Prosim o kontrolu logu, Page file po startu 600Mb... [ viz. priloha]. Predem velice dekuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:58 AM, on 10/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkeyman.exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\RButton.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\User\My Documents\Stažené soubory\hijackthis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mk.zcu.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mbcz06024/IClient
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Hotkey] C:\WINDOWS\system32\hkeyman.exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8650722750
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
O23 - Service: mrDPMServer3 - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe
O23 - Service: mrPerfMonitoring - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe
O23 - Service: mrUserAdminServer - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7230 bytes

[Reklama]

[jaro3]

Odinstaluj:
Ask Toolbar, Ask.com\GenericAskToolbar
PandoraTV Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\dllhost.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[cybernovi]

Dr. Web CureIt nenasel nic

Test na dllhost.exe
http://www.virustotal.com/file-scan/report.html?id=8a8116429189d631fc00596278c92a363ec734f0cde76f52c7456fdc9c56e384-1286131578

log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4736

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/3/2010 9:42:27 PM
mbam-log-2010-10-03 (21-42-27).txt

Typ skenu: Rychlý sken
Skenované objekty: 166793
Uplynulý čas: 13 minuta(y), 24 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[cybernovi]

Page file po startu klesnul z 600Mb na 300Mb. PC je vyrazne rychlejsi!!!

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4736

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/4/2010 6:25:55 PM
mbam-log-2010-10-04 (18-25-55).txt

Typ skenu: Rychlý sken
Skenované objekty: 168743
Uplynulý čas: 17 minuta(y), 50 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)



ComboFix 10-10-03.03 - User 10/04/2010 18:40:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.502.162 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-04 do 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-03 18:49 . 2010-10-03 18:49 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-10-03 18:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 18:48 . 2010-10-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-03 18:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 18:48 . 2010-10-03 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 17:39 . 2010-10-03 18:40 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-09-29 15:11 . 2010-10-04 16:33 286888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-18 14:34 . 2010-09-18 14:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos
2010-09-18 14:18 . 2010-09-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-18 14:18 . 2010-09-18 14:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 16:53 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-10-04 16:53 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-10-04 16:28 . 2010-02-28 18:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-09-29 15:31 . 2009-11-20 14:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-09-22 14:14 . 2010-03-08 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 20:09 . 2010-02-28 18:14 -------- d-----w- c:\program files\QIP
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"FTMSFLT(USB)"="c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE" [2005-06-23 82063]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-10 245760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\MY DOCUMENTS\\Games\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/19/2009 5:44 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/19/2009 5:44 PM 38912]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [11/19/2009 7:07 PM 7168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 2:22 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/10/2009 2:18 PM 98304]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [11/23/2009 1:48 PM 1581512]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [6/23/2005 4:20 PM 27031]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/23/2009 1:48 PM 10688]
S3 FIDMOUF;Fujitsu Touch Panel;c:\windows\system32\DRIVERS\FIDMOUF.sys --> c:\windows\system32\DRIVERS\FIDMOUF.sys [?]
S3 mrDPMServer3;mrDPMServer3;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe [7/4/2009 8:14 PM 32768]
S3 mrPerfMonitoring;mrPerfMonitoring;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe [7/4/2009 8:19 PM 24576]
S3 mrUserAdminServer;mrUserAdminServer;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe [7/4/2009 8:17 PM 274432]
S3 MSSQL$SPSS_DIMENSIONS;MSSQL$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS [?]
S3 SQLAgent$SPSS_DIMENSIONS;SQLAgent$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS [?]
S4 mrLoadBalanceService;mrLoadBalanceService;c:\inetpub\wwwroot\SPSSMR\Shared\LoadBalanceService.exe [7/4/2009 8:18 PM 20480]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/19/2009 5:44 PM 14976]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/1/2010 11:35 AM 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mk.zcu.cz/
uInternet Connection Wizard,ShellNext = hxxp://mbcz06024/IClient
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j7i7zfy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mk.zcu.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RButton.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-04 18:56:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-04 16:56

Před spuštěním: 18,331,267,072 bytes free
Po spuštění: 18,428,633,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DC40E14E9E1F09C4F6ECF1D20033E0C4

[jaro3]

Odinstaluj:
Spybot - Search & Destroy

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
FIDMOUF
MSSQL$SPSS_DIMENSIONS
SQLAgent$SPSS_DIMENSIONS

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[cybernovi]

http://www.virustotal.com/file-scan/report.html?id=0540af0e232a205e284ca60433e1e906fadb7ed8d0f95bd8b75b6513ffe0b97e-1286387335


ComboFix 10-10-05.06 - User 10/06/2010 19:33:36.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.502.182 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-06 do 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-03 18:49 . 2010-10-03 18:49 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-10-03 18:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 18:48 . 2010-10-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-03 18:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 18:48 . 2010-10-03 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 17:39 . 2010-10-03 18:40 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-09-29 15:11 . 2010-10-04 16:33 286888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-18 14:34 . 2010-09-18 14:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos
2010-09-18 14:18 . 2010-09-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-18 14:18 . 2010-09-18 14:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 17:40 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-10-06 16:30 . 2010-02-28 18:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-10-06 14:07 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-10-04 17:06 . 2009-11-20 14:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-09-22 14:14 . 2010-03-08 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 20:09 . 2010-02-28 18:14 -------- d-----w- c:\program files\QIP
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"FTMSFLT(USB)"="c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE" [2005-06-23 82063]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-10 245760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\MY DOCUMENTS\\Games\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/19/2009 5:44 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/19/2009 5:44 PM 38912]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [11/19/2009 7:07 PM 7168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 2:22 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/10/2009 2:18 PM 98304]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [11/23/2009 1:48 PM 1581512]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [6/23/2005 4:20 PM 27031]
R3 mrDPMServer3;mrDPMServer3;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe [7/4/2009 8:14 PM 32768]
R3 mrPerfMonitoring;mrPerfMonitoring;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe [7/4/2009 8:19 PM 24576]
R3 mrUserAdminServer;mrUserAdminServer;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe [7/4/2009 8:17 PM 274432]
R3 MSSQL$SPSS_DIMENSIONS;MSSQL$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS [?]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/23/2009 1:48 PM 10688]
S3 FIDMOUF;Fujitsu Touch Panel;c:\windows\system32\DRIVERS\FIDMOUF.sys --> c:\windows\system32\DRIVERS\FIDMOUF.sys [?]
S3 SQLAgent$SPSS_DIMENSIONS;SQLAgent$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS [?]
S4 mrLoadBalanceService;mrLoadBalanceService;c:\inetpub\wwwroot\SPSSMR\Shared\LoadBalanceService.exe [7/4/2009 8:18 PM 20480]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/19/2009 5:44 PM 14976]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/1/2010 11:35 AM 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mk.zcu.cz/
uInternet Connection Wizard,ShellNext = hxxp://mbcz06024/IClient
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j7i7zfy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mk.zcu.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(5464)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2010-10-06 19:44:32
ComboFix-quarantined-files.txt 2010-10-06 17:44
ComboFix2.txt 2010-10-04 16:56

Před spuštěním: 13,724,004,352 bytes free
Po spuštění: 13,713,616,896 bytes free

- - End Of File - - 6D562AA26268CC7712517FAE8BB35860

___________________________________________________

http://www.virustotal.com/file-scan/report.html?id=0540af0e232a205e284ca60433e1e906fadb7ed8d0f95bd8b75b6513ffe0b97e-1286387335


ComboFix 10-10-05.06 - User 10/06/2010 19:33:36.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.502.182 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-06 do 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-03 18:49 . 2010-10-03 18:49 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-10-03 18:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 18:48 . 2010-10-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-03 18:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 18:48 . 2010-10-03 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 17:39 . 2010-10-03 18:40 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-09-29 15:11 . 2010-10-04 16:33 286888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-18 14:34 . 2010-09-18 14:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos
2010-09-18 14:18 . 2010-09-18 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-18 14:18 . 2010-09-18 14:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 17:40 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-10-06 16:30 . 2010-02-28 18:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-10-06 14:07 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-10-04 17:06 . 2009-11-20 14:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-09-22 14:14 . 2010-03-08 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 20:09 . 2010-02-28 18:14 -------- d-----w- c:\program files\QIP
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"FTMSFLT(USB)"="c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE" [2005-06-23 82063]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-10 245760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\MY DOCUMENTS\\Games\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/19/2009 5:44 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/19/2009 5:44 PM 38912]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [11/19/2009 7:07 PM 7168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 2:22 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/10/2009 2:18 PM 98304]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [11/23/2009 1:48 PM 1581512]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [6/23/2005 4:20 PM 27031]
R3 mrDPMServer3;mrDPMServer3;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe [7/4/2009 8:14 PM 32768]
R3 mrPerfMonitoring;mrPerfMonitoring;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe [7/4/2009 8:19 PM 24576]
R3 mrUserAdminServer;mrUserAdminServer;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe [7/4/2009 8:17 PM 274432]
R3 MSSQL$SPSS_DIMENSIONS;MSSQL$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS [?]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/23/2009 1:48 PM 10688]
S3 FIDMOUF;Fujitsu Touch Panel;c:\windows\system32\DRIVERS\FIDMOUF.sys --> c:\windows\system32\DRIVERS\FIDMOUF.sys [?]
S3 SQLAgent$SPSS_DIMENSIONS;SQLAgent$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS [?]
S4 mrLoadBalanceService;mrLoadBalanceService;c:\inetpub\wwwroot\SPSSMR\Shared\LoadBalanceService.exe [7/4/2009 8:18 PM 20480]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/19/2009 5:44 PM 14976]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/1/2010 11:35 AM 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mk.zcu.cz/
uInternet Connection Wizard,ShellNext = hxxp://mbcz06024/IClient
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j7i7zfy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mk.zcu.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(5464)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Celkový čas: 2010-10-06 19:44:32
ComboFix-quarantined-files.txt 2010-10-06 17:44
ComboFix2.txt 2010-10-04 16:56

Před spuštěním: 13,724,004,352 bytes free
Po spuštění: 13,713,616,896 bytes free

- - End Of File - - 6D562AA26268CC7712517FAE8BB35860

___________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:44 PM, on 10/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\My Documents\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mk.zcu.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mbcz06024/IClient
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FTMSFLT(USB)] C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8650722750
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
O23 - Service: mrDPMServer3 - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe
O23 - Service: mrPerfMonitoring - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe
O23 - Service: mrUserAdminServer - SPSS Limited - C:\Program Files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 6570 bytes

[jaro3]

Odinstaluj :
Spybot - Search & Destroy ( nebo u něj trvale vypni rez. ochranu)

Prosím Tě , udělal si jen sken Combofixu , já potřebuji , abys udělal ten script , co jsem psal výše...log z HJT už dávat nemusíš..

[cybernovi]

ComboFix 10-10-09.01 - User 10/09/2010 20:35:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.502.232 [GMT 2:00]
Spuštěný z: c:\documents and settings\User\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSQL$SPSS_DIMENSIONS
-------\Service_FIDMOUF
-------\Service_MSSQL$SPSS_DIMENSIONS
-------\Service_SQLAgent$SPSS_DIMENSIONS


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-09 do 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-07 07:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-07 07:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-07 07:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-07 07:31 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-03 18:49 . 2010-10-03 18:49 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-10-03 18:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 18:48 . 2010-10-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-03 18:48 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 18:48 . 2010-10-03 18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 17:39 . 2010-10-03 18:40 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-09-18 14:34 . 2010-09-18 14:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Sophos
2010-09-18 14:18 . 2010-10-06 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-18 14:18 . 2010-10-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 18:49 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-10-09 18:49 . 2010-02-28 19:46 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-10-07 21:15 . 2010-02-28 18:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-10-04 17:06 . 2009-11-20 14:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-09-22 14:14 . 2010-03-08 17:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 20:09 . 2010-02-28 18:14 -------- d-----w- c:\program files\QIP
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-19 17:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-10 126976]
"FTMSFLT(USB)"="c:\program files\FIDTPU\WIN2K\FTMSFLTU.EXE" [2005-06-23 82063]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-10 245760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\MY DOCUMENTS\\Games\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/19/2009 5:44 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/19/2009 5:44 PM 38912]
R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [11/19/2009 7:07 PM 7168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 2:22 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/10/2009 2:18 PM 98304]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [11/23/2009 1:48 PM 1581512]
R3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [6/23/2005 4:20 PM 27031]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/23/2009 1:48 PM 10688]
S3 mrDPMServer3;mrDPMServer3;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\DPMServerService.exe [7/4/2009 8:14 PM 32768]
S3 mrPerfMonitoring;mrPerfMonitoring;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\5.5.0.0\SPSSMR.Management.Monitoring.Service.exe [7/4/2009 8:19 PM 24576]
S3 mrUserAdminServer;mrUserAdminServer;c:\program files\Common Files\SPSS Dimensions\ProjectMgmt\mrUserAdminServer.exe [7/4/2009 8:17 PM 274432]
S4 mrLoadBalanceService;mrLoadBalanceService;c:\inetpub\wwwroot\SPSSMR\Shared\LoadBalanceService.exe [7/4/2009 8:18 PM 20480]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/19/2009 5:44 PM 14976]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/1/2010 11:35 AM 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mk.zcu.cz/
uInternet Connection Wizard,ShellNext = hxxp://mbcz06024/IClient
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j7i7zfy1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mk.zcu.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\iPass\iPassConnect Group IT Services\iPassPeriodicUpdateApp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\RButton.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\FIDTPU\WIN2K\CALWIN.exe
.
**************************************************************************
.
Celkový čas: 2010-10-09 20:54:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-09 18:54
ComboFix2.txt 2010-10-06 17:44
ComboFix3.txt 2010-10-04 16:56

Před spuštěním: 12,152,688,640 bytes free
Po spuštění: 12,160,475,136 bytes free

- - End Of File - - AA6A8D4180AAB18F2B1C77191F545352

[cybernovi]

Vyskytl se problem se spoustenim programu pro praci... Jedna se o SPSS_DIMENSIONS-MSSQLServer . Je nekde nejaka obnova ??? Haze mi to chybu: Servise MSSQL$SPSS_DIMENSIONS was not found on computer

[jaro3]

bohužel není , já jsem Ti dal smazat pouze zbytečnou službu , program hlásil nenález souborů:

S3 MSSQL$SPSS_DIMENSIONS;MSSQL$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlservr.exe -sSPSS_DIMENSIONS [?]
S3 SQLAgent$SPSS_DIMENSIONS;SQLAgent$SPSS_DIMENSIONS;c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS --> c:\program files\SPSS Dimensions\MSDEMSSQL$SPSS_DIMENSIONS\Binn\sqlagent.EXE -i SPSS_DIMENSIONS [?]

ten otazník znamená , že soubor(y) již chyběl(y) při prvním logu z CF.

Budeš muset program přeinstalovat..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Vlož ještě nový log z HJT + info o PC ( rychlost , ostatní problémy).