Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Zpráva

subroofer · #1 Příspěvek od **subroofer** » 30 črc 2011 10:31

Ahoj, více jak týden se trápím s odhalením a odstraněním viru, který mi neustále žere přesně 29 - 32% CPU.
Jedná se o starší PC CD2 E6600 s WinXP na kterém produkuji hudbu, k práci však potřebuji 100% výkon, takže jsme hned poznal, že se něco děje.

Zkoušel jsem už snad všechny tradiční AntiSpy a Malware programy (Antivir byl ESET, potom KIS trial a nyní AVAST Free) i méně tradiční ComboFix - ten toho našel a pozabíjel asi nejvíc (chvíli jsem myslel že je vyhráno, ale po druhém restartu je vše při starém), ComboFix občas něco najde v System32, ale poslední skeny jsou čisté, taktéž MVAW a MBAM mlčí...

Počítač je nyní OK, ale pro jistotu nevypínám, pouze do úsporného režimu, abych mohl pracovat - ten záškodník tam na 99% stále je!. Zkusil bych poslat nějakej log, pomůžete mi?
Jinak mám v plánu přechod na Win7, ale rád bych tenhle systémový disk zachoval.

Zde je RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kimi9 at 2011-07-30 11:11:54
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 2751 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:07, on 30.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\Domino.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\mLAN Tools\mLANSoftPH.exe
C:\Program Files\mLAN Tools\mLANVDevice.exe
C:\Program Files\mLAN Tools\mLANTFamily.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\mLAN Tools\YAMAHA\mLANConnectionManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\nlssrv32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Dokumenty\Software\RSIT.exe
C:\Program Files\trend micro\Kimi9.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kimi9.webgarden.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: mLAN Manager.lnk = C:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe

--
End of file - 6734 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Data aplikací\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=C:\Program Files\Sony\Media Go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsILegitCheckPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npLegitCheckPlugin.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\extensions\
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}

C:\Documents and Settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{32099AAC-C132-4136-9E9A-4E364A424E17} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-09-06 1426432]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-09 1036288]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"BigDogPath323Domino"=C:\WINDOWS\Domino.exe [2007-06-29 49152]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe [2009-08-22 2781184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
C:\WINDOWS\system32\sti_ci.dll [2008-04-14 136704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2
"C-DillaCdaC11BA"=2
"bgsvcgen"=2
"Themes"=2
"TapiSrv"=3
"srservice"=2
"MSDTC"=3
"Microsoft Office Groove Audit Service"=3
"LightScribeService"=2
"JavaQuickStarterService"=2
"idsvc"=3
"IDriverT"=3
"FontCache3.0.0.0"=3
"EventSystem"=3
"EapHost"=3
"Dot3svc"=3
"Dnscache"=2
"Dhcp"=2
"CSIScanner"=2
"CryptSvc"=3
"COMSysApp"=3
"ACDaemon"=2
"WMPNetworkSvc"=3
"ServiceLayer"=3
"PSI_SVC_2"=2
"ProtexisLicensing"=2
"O&O Defrag"=2
"NMIndexingService"=3
"xmlprov"=3
"wscsvc"=2
"WmiApSrv"=3
"Wmi"=3
"WmdmPmSN"=3
"winmgmt"=2
"UxTuneUp"=2
"TrkWks"=2
"Schedule"=2
"SCardSvr"=3
"SamSs"=2
"RSVP"=3
"RasMan"=3
"RasAuto"=3
"NtLmSsp"=3
"Nla"=3
"lanmanworkstation"=2
"lanmanserver"=2
"BITS"=3
"Sony Ericsson PCCompanion"=3
"ose"=3
"odserv"=3
"ekrn"=2
"EhttpSrv"=3
"DTSRVC"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
mLAN Manager.lnk - C:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-11-26 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideRunAsVerb"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.ACDV"=ACDV.dll
"VIDC.FPS1"=frapsvid.dll
"msacm.vorbis"=vorbis.acm
"midi2"=wdmaud.drv
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
"wave3"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"midi3"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-29 21:01:00 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\Thinstall
2011-07-29 20:37:21 ----A---- C:\WINDOWS\system32\nlssrv32.exe
2011-07-29 20:37:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\onOne Software
2011-07-29 20:17:51 ----SHD---- C:\RECYCLER
2011-07-29 20:03:42 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\onOne Software
2011-07-28 15:53:10 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-28 15:53:10 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-28 15:53:08 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-28 15:53:08 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-28 15:53:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-28 15:53:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-28 15:53:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-28 15:53:07 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-28 15:52:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-28 15:52:47 ----A---- C:\WINDOWS\avastSS.scr
2011-07-28 15:52:33 ----D---- C:\Program Files\AVAST Software
2011-07-28 15:52:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-27 18:00:21 ----D---- C:\WINDOWS\temp
2011-07-27 18:00:20 ----A---- C:\ComboFix.txt
2011-07-26 22:40:51 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-26 21:53:01 ----AD---- C:\WINDOWS\rundll16.exe
2011-07-26 21:53:01 ----AD---- C:\WINDOWS\logo1_.exe
2011-07-26 19:52:40 ----A---- C:\Boot.bak
2011-07-26 19:52:06 ----RASHD---- C:\cmdcons
2011-07-26 19:45:26 ----A---- C:\WINDOWS\zip.exe
2011-07-26 19:45:26 ----A---- C:\WINDOWS\SWREG.exe
2011-07-26 19:45:26 ----A---- C:\WINDOWS\PEV.exe
2011-07-26 19:45:26 ----A---- C:\WINDOWS\MBR.exe
2011-07-26 19:45:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-26 19:45:25 ----A---- C:\WINDOWS\SWSC.exe
2011-07-26 19:45:25 ----A---- C:\WINDOWS\sed.exe
2011-07-26 19:45:25 ----A---- C:\WINDOWS\grep.exe
2011-07-26 19:30:37 ----A---- C:\WINDOWS\system32\drivers\Volsnap.sys
2011-07-26 19:30:04 ----D---- C:\WINDOWS\ERDNT
2011-07-26 19:29:59 ----D---- C:\Qoobox
2011-07-26 18:06:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-26 18:06:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-26 17:55:17 ----D---- C:\Program Files\trend micro
2011-07-26 17:55:16 ----D---- C:\rsit
2011-07-18 22:05:03 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-18 16:27:50 ----D---- C:\Program Files\XP Repair Pro 4.0
2011-07-17 19:51:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 11:08:38 ----AD---- C:\WINDOWS\VDLL.DLL
2011-07-17 11:08:38 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-07-17 11:08:38 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-07-17 11:08:38 ----AD---- C:\WINDOWS\logo_1.exe
2011-07-17 11:06:05 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-07-17 11:06:03 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-07-17 11:05:39 ----D---- C:\Program Files\Common Files\MicroWorld
2011-07-17 11:04:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-07-17 08:28:49 ----A---- C:\WINDOWS\system32\sh4native.exe
2011-07-17 07:33:46 ----A---- C:\WINDOWS\system32\drivers\pxrts.sys
2011-07-17 07:33:46 ----A---- C:\WINDOWS\system32\drivers\pxkbf.sys
2011-07-16 21:33:33 ----D---- C:\sh4ldr
2011-07-16 21:33:04 ----D---- C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-16 21:00:27 ----A---- C:\ntuser.dat
2011-07-03 10:42:17 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\JAM Software
2011-07-03 06:01:36 ----SH---- C:\WINDOWS\dtmn.exe

======List of files/folders modified in the last 1 month======

2011-07-30 11:12:02 ----D---- C:\WINDOWS\Prefetch
2011-07-29 21:08:33 ----D---- C:\WINDOWS\system32\config
2011-07-29 20:37:38 ----SHD---- C:\WINDOWS\Installer
2011-07-29 20:37:37 ----D---- C:\WINDOWS\WinSxS
2011-07-29 20:37:37 ----D---- C:\Config.Msi
2011-07-29 20:37:21 ----D---- C:\WINDOWS\system32
2011-07-29 20:37:14 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-29 20:24:16 ----D---- C:\Program Files\onOne Software
2011-07-29 20:13:12 ----AD---- C:\WINDOWS
2011-07-28 16:15:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-28 15:53:10 ----D---- C:\WINDOWS\system32\drivers
2011-07-28 15:52:33 ----D---- C:\Program Files
2011-07-28 15:30:15 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-28 15:22:03 ----D---- C:\WINDOWS\inf
2011-07-28 15:21:28 ----SHD---- C:\System Volume Information
2011-07-27 19:54:04 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\HPAppData
2011-07-27 19:46:49 ----D---- C:\WINDOWS\Help
2011-07-27 17:58:41 ----A---- C:\WINDOWS\system.ini
2011-07-27 17:55:56 ----D---- C:\WINDOWS\AppPatch
2011-07-27 17:55:55 ----D---- C:\Program Files\Common Files
2011-07-27 17:29:28 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-26 21:49:57 ----A---- C:\WINDOWS\win.ini
2011-07-26 20:56:27 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-26 19:52:40 ----RASH---- C:\boot.ini
2011-07-26 19:42:08 ----D---- C:\WINDOWS\system32\Restore
2011-07-26 18:29:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-26 18:22:31 ----D---- C:\WINDOWS\Corel
2011-07-23 10:34:10 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-20 19:33:17 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\Media Player Classic
2011-07-18 16:34:06 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\uTorrent
2011-07-17 16:39:02 ----D---- C:\WINDOWS\system32\wbem
2011-07-17 11:30:53 ----D---- C:\Program Files\PowerISO
2011-07-17 09:51:38 ----D---- C:\Documents and Settings\Kimi9\Data aplikací\Download Manager
2011-07-17 07:33:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2011-07-17 07:33:44 ----A---- C:\WINDOWS\wininit.ini
2011-07-16 21:32:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-07-16 21:11:39 ----D---- C:\WINDOWS\Debug
2011-07-16 21:09:03 ----D---- C:\WINDOWS\Logs
2011-07-16 20:56:32 ----D---- C:\Program Files\CCleaner
2011-07-16 20:53:35 ----RD---- C:\Program Files\Skype
2011-07-16 20:52:14 ----D---- C:\Program Files\SpeedFan
2011-07-01 20:16:37 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-07-05 43392]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-07-06 72896]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2011-07-17 32008]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-07-06 79232]
R1 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2011-07-17 76696]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-11-02 12032]
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-08 278984]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-11 15440]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-06-26 18048]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-11-26 5555712]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 hypaudio;hypaudio; C:\WINDOWS\system32\DRIVERS\hypaudio.sys [2010-11-30 1351168]
R3 hypkern;hypkern; C:\WINDOWS\system32\drivers\hypkern.sys [2010-11-30 164864]
R3 mLanBus;Yamaha mLAN Bus Driver; C:\WINDOWS\System32\Drivers\mLanBus.sys [2008-04-25 93568]
R3 mLanMIDI;Yamaha mLAN MIDI Driver; C:\WINDOWS\system32\drivers\mLanMIDI.sys [2008-04-25 12800]
R3 mLanPDev;YAMAHA mLAN Physical Driver; C:\WINDOWS\System32\Drivers\mLanPDev.sys [2006-10-04 20992]
R3 mLanStrm;Yamaha mLAN Audio Driver; C:\WINDOWS\system32\drivers\mLanStrm.sys [2008-04-25 25472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-15 47360]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-07 10368]
R3 Powercore;PowerCore; C:\WINDOWS\system32\DRIVERS\PCore.sys [2008-09-16 77312]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2011-07-17 26096]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
S3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\ADIDTSFiltService.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-10 313856]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-20 103424]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-04-08 101904]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
S3 catchme;catchme; \??\C:\DOCUME~1\Kimi9\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CEUSBAUD;Lexicon USB MIDI Driver; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2008-02-18 17920]
S3 Epiusb;USB Flash; C:\WINDOWS\System32\Drivers\Epiusb.sys [2001-09-05 14940]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-05-07 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-05-07 25512]
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\system32\drivers\gHidPnp.sys []
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\drivers\gMouPS2.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP; C:\WINDOWS\System32\Drivers\KORGUMDS.SYS [2009-10-15 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\drivers\kwflower.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-06-12 11776]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-18 392960]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2005-11-03 16896]
S3 UAD2System;UAD-2 Global System Service; C:\WINDOWS\system32\DRIVERS\UAD2System.sys [2009-03-24 39040]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vmfilter323;323 filter service, Normal; C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 476672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323); C:\WINDOWS\System32\Drivers\usbvm323.sys [2007-01-04 260096]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-11-26 614400]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\WINDOWS\system32\nlssrv32.exe [2011-05-17 66560]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]
S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-15 145504]
S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-05-04 54784]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-06-29 73728]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 Hs2icsfmeie;Hs2icsfmeie; C:\WINDOWS\system32\drivers\MSKSSRV.sys [2008-04-14 7552]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S4 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 30 črc 2011 10:57

Zdravím!
Toto je OK. Dejte log z ComboFix. Pokud jste měl problém již 26.7., stačí mi ten, který jste ten den dělal.

subroofer · #3 Příspěvek od **subroofer** » 30 črc 2011 11:14

Zdravím, díky.
Tady je historickej LOG z ComboFix (mám ještě asi 3 nebo 4 novější, tady jsou však patrné ty výmazy:

ComboFix 11-07-26.02 - Kimi9 26.07.2011 20:02:46.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2751.2338 [GMT 2:00]
Spuštěný z: h:\dokumenty\Software\ComboFix.exe
.
/wow section - STAGE 31
Handle není názvem vnitřního ani vnějšího příkazu
.0.\\. není názvem vnitřního ani vnějšího příkazu
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kimi9\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\windows\Google Earth Pro 4.2.exe
c:\windows\regedit.com
c:\windows\SW_Win2000X1.DLL
c:\windows\SW_Win3112X32.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msvcsv60.dll
c:\windows\system32\Packet.dll
c:\windows\system32\sfc_os.dll.orig
c:\windows\system32\SysInfo.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\wpcap.dll
.

.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 18:02 . 2011-07-26 18:02 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-07-26 17:30 . 2008-04-14 05:42 52480 ----a-w- c:\windows\system32\drivers\Volsnap.sys
2011-07-26 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- c:\program files\trend micro
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- C:\rsit
2011-07-20 15:26 . 2011-07-20 15:26 -------- d---a-w- c:\windows\rundll16.exe
2011-07-20 15:26 . 2011-07-20 15:26 -------- d---a-w- c:\windows\logo1_.exe
2011-07-18 19:07 . 2011-07-18 19:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-18 19:07 . 2011-07-18 19:07 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-18 19:05 . 2011-07-26 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2011-07-18 19:05 . 2011-07-18 19:05 -------- d-----w- c:\program files\Kaspersky Lab
2011-07-18 14:27 . 2011-07-18 14:27 78096 ----a-r- c:\documents and settings\Kimi9\Data aplikací\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\SUPERAntiSpyware.com
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\logo_1.exe
2011-07-17 09:06 . 2011-07-17 09:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-17 09:06 . 2011-07-17 09:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-17 09:05 . 2011-07-17 09:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-17 09:04 . 2011-07-17 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-17 06:28 . 2010-05-13 15:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2011-07-17 05:33 . 2011-07-17 05:33 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-17 05:33 . 2011-07-17 05:33 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- C:\sh4ldr
2011-07-16 19:33 . 2011-07-16 19:33 -------- d-----w- c:\program files\Enigma Software Group
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-03 08:42 . 2011-07-03 09:56 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\JAM Software
2011-07-03 04:01 . 2011-07-03 04:01 59835 --sh--w- c:\windows\dtmn.exe
2011-07-03 04:01 . 2011-07-03 04:01 66051 --sh--w- c:\windows\kdhr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:30 . 2011-07-17 09:28 11267211 ----a-w- c:\windows\REGBK08.ZIP
2011-07-17 05:33 . 2009-07-28 14:54 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-25 06:19 . 2011-05-18 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 23:15 . 2011-05-16 23:15 1092096 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2011-05-07 09:51 . 2011-05-07 09:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-07 09:51 . 2011-05-07 09:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-07 09:51 . 2011-05-07 09:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-04 02:52 . 2010-04-27 19:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-10-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 06:19 . 2011-05-05 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-17 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-21 . E68B798389848699012723B3F1A79E25 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[7] 2008-04-14 . 8F31505484A190D5B22274708799F4EC . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
.
[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
.
[7] 2008-04-14 . A75DD6FC3DBEE4FFF5EBC9F2C28BB66E . 295936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2004-08-17 . 2F5919F2F6EE7A845893D9C3AA2BC56A . 295936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
c:\windows\System32\regsvc.dll ... chybí !!
c:\windows\System32\ssdpsrv.dll ... chybí !!
c:\windows\System32\termsrv.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
mLAN Manager.lnk - c:\program files\mLAN Tools\YAMAHA\mLANmanager.exe [2007-3-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 06:52 136704 ----a-w- c:\windows\system32\sti_ci.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"bgsvcgen"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EventSystem"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CSIScanner"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ACDaemon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"O&O Defrag"=2 (0x2)
"NMIndexingService"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TrkWks"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"BITS"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"DTSRVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"AiSuite"=c:\program files\ASUS\Ai Suite\AiSuite.exe
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CTRegRun"=c:\windows\CTRegRun.EXE
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe"
"DT HWP"=c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SW20"=c:\windows\system32\sw20.exe
"SW24"=c:\windows\system32\sw24.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Microsoft WinUpdate"=c:\windows\system32\msupdte.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.7.2009 16:54 32008]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [17.7.2011 7:33 76696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.7.2011 23:55 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [7.5.2007 10:26 33792]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [7.7.2009 22:47 1351168]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [7.7.2009 22:47 164864]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
R3 mLanBus;Yamaha mLAN Bus Driver;c:\windows\system32\drivers\mLanBus.sys [25.4.2008 14:48 93568]
R3 mLanMIDI;Yamaha mLAN MIDI Driver;c:\windows\system32\drivers\mLanMIDI.sys [25.4.2008 14:48 12800]
R3 mLanPDev;YAMAHA mLAN Physical Driver;c:\windows\system32\drivers\mLanPDev.sys [4.10.2006 10:10 20992]
R3 mLanStrm;Yamaha mLAN Audio Driver;c:\windows\system32\drivers\mLanStrm.sys [25.4.2008 14:48 25472]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [25.1.2011 18:15 77312]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [17.7.2011 7:33 26096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [18.2.2008 18:20 17920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.5.2011 11:51 13224]
S3 gHidPnp;USB Device Enhanced Function Driver; [x]
S3 gMouPS2;PS2 Scroll Mouse Device; [x]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20.12.2005 2:07 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [26.7.2011 20:02 12568]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [29.7.2008 20:16 16896]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [7.7.2009 22:40 39040]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [30.12.2010 0:19 476672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.4.2011 15:33 260096]
S4 CSIScanner;CSIScanner; [x]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.5.2011 21:06 150528]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SECLOGON
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kimi9.webgarden.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... -
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: Interfaces\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
FF - ProfilePath - c:\documents and settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Convert XLS_is1 - c:\program files\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c8,f6,d0,ab,5c,43,39,89,e9,bc,17,20,cf,d5,fd,bf,7c,f4,ef,6a,cc,1d,49,
d9,3e,01,df,e4,25,ea,ae,51,04,05,45,ad,f2,4b,83,8c,33,ac,c2,cf,88,07,02,89,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,ed,bd,b3,59,50,ce,d3,9c,83,20,a0,27,0d,ab,01,7f,be,f5,c8,fa,
d3,23,11,60,2f,59,7e,7b,de,ec,e9,5f,e1,84,55,63,7e,b4,fa,ec,d4,43,49,b7,4a,\
"rkeysecu"=hex:cb,e0,07,12,60,53,54,7b,75,66,66,98,5f,26,ee,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1684)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\mLAN Tools\mLANSoftPH.exe
c:\program files\mLAN Tools\mLANVDevice.exe
c:\program files\mLAN Tools\mLANTFamily.exe
c:\program files\mLAN Tools\YAMAHA\mLANConnectionManager.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 21:05:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 19:05
.
Před spuštěním: Volných bajtů: 21 851 537 408
Po spuštění: Volných bajtů: 22 485 475 328
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /3GB /USERVA=2500
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E947946AE4DD654E140AE8D59A1E3BAF

subroofer · #4 Příspěvek od **subroofer** » 30 črc 2011 11:17

Myslím, že se tam opakovaně objevovaly soubory regedit.com a taskmgr.com a ComboFix je mazal tuším 2x...
Doplňuji log z karantény ComboFix:

2011-07-26 19:46:08 . 2008-04-14 06:52:44 147,968 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\regedit.com.vir
2011-07-26 19:46:08 . 2008-04-14 06:52:50 137,216 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\taskmgr.com.vir
2011-07-26 19:04:28 . 2011-07-26 19:04:28 1,912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Convert XLS_is1.reg.dat
2011-07-26 18:32:24 . 2011-07-26 18:32:24 2,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2011-07-26 18:31:56 . 2011-07-27 15:57:02 8,124 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-07-26 17:32:29 . 2011-07-27 15:47:20 338 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-05-07 20:10:21 . 2011-05-07 20:10:21 54 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SW_Win2000X1.DLL.vir
2011-05-07 20:02:26 . 2011-05-07 20:11:39 51 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SW_Win3112X32.DLL.vir
2010-07-31 10:47:17 . 2010-10-28 11:40:12 15,088 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Kimi9\Local Settings\Temporary Internet Files\SLOVA.WAV.vir
2009-07-17 06:18:53 . 2006-06-01 09:22:00 114,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SysInfo.dll.vir
2008-05-10 09:08:46 . 2008-05-10 09:08:46 42,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2008-05-10 09:08:46 . 2008-05-10 09:08:46 88,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
2008-05-10 09:08:46 . 2008-05-10 09:08:46 240,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2007-12-15 18:32:42 . 2011-07-26 15:31:18 144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msvcsv60.dll.vir
2007-05-06 14:41:51 . 2004-08-17 13:49:18 140,288 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sfc_os.dll.orig.vir
2004-08-03 20:59:44 . 2008-04-13 22:10:32 96,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
1999-11-29 22:00:00 . 1999-11-29 22:00:00 20,942,006 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Google Earth Pro 4.2.exe.vir

subroofer · #5 Příspěvek od **subroofer** » 30 črc 2011 13:37

Ještě aktuální respektive poslední provedený scan ComboFix:
ESET dávno nemám instalovanej, přitom mi ComboFix tvrdí, že jeho residentní štít běží

ComboFix 11-07-27.01 - Kimi9 27.07.2011 17:47:20.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2751.2454 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kimi9\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\rundll16.exe
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\logo1_.exe
2011-07-26 17:30 . 2008-04-14 05:42 52480 ----a-w- c:\windows\system32\drivers\Volsnap.sys
2011-07-26 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- c:\program files\trend micro
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- C:\rsit
2011-07-18 19:07 . 2011-07-18 19:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-18 19:07 . 2011-07-18 19:07 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-18 19:05 . 2011-07-27 15:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2011-07-18 19:05 . 2011-07-18 19:05 -------- d-----w- c:\program files\Kaspersky Lab
2011-07-18 14:27 . 2011-07-18 14:27 78096 ----a-r- c:\documents and settings\Kimi9\Data aplikací\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\logo_1.exe
2011-07-17 09:06 . 2011-07-17 09:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-17 09:06 . 2011-07-17 09:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-17 09:05 . 2011-07-17 09:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-17 09:04 . 2011-07-17 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-17 06:28 . 2010-05-13 15:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2011-07-17 05:33 . 2011-07-17 05:33 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-17 05:33 . 2011-07-17 05:33 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- C:\sh4ldr
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-03 08:42 . 2011-07-03 09:56 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\JAM Software
2011-07-03 04:01 . 2011-07-03 04:01 59835 --sh--w- c:\windows\dtmn.exe
2011-07-03 04:01 . 2011-07-03 04:01 66051 --sh--w- c:\windows\kdhr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:30 . 2011-07-17 09:28 11267211 ----a-w- c:\windows\REGBK08.ZIP
2011-07-17 05:33 . 2009-07-28 14:54 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-25 06:19 . 2011-05-18 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 23:15 . 2011-05-16 23:15 1092096 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2011-05-07 09:51 . 2011-05-07 09:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-07 09:51 . 2011-05-07 09:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-07 09:51 . 2011-05-07 09:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-04 02:52 . 2010-04-27 19:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-10-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 06:19 . 2011-05-05 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-17 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-21 . E68B798389848699012723B3F1A79E25 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.53.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-06 10:48 . 2011-07-27 06:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-06 10:48 . 2011-07-26 19:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
mLAN Manager.lnk - c:\program files\mLAN Tools\YAMAHA\mLANmanager.exe [2007-3-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 06:52 136704 ----a-w- c:\windows\system32\sti_ci.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"bgsvcgen"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EventSystem"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CSIScanner"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ACDaemon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"O&O Defrag"=2 (0x2)
"NMIndexingService"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TrkWks"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"BITS"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"DTSRVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"AiSuite"=c:\program files\ASUS\Ai Suite\AiSuite.exe
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CTRegRun"=c:\windows\CTRegRun.EXE
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe"
"DT HWP"=c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SW20"=c:\windows\system32\sw20.exe
"SW24"=c:\windows\system32\sw24.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Microsoft WinUpdate"=c:\windows\system32\msupdte.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.7.2009 16:54 32008]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [7.5.2007 10:26 33792]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [17.7.2011 7:33 26096]
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [4.3.2011 13:23 11352]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [17.7.2011 7:33 76696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [18.2.2008 18:20 17920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.5.2011 11:51 13224]
S3 gHidPnp;USB Device Enhanced Function Driver; [x]
S3 gMouPS2;PS2 Scroll Mouse Device; [x]
S3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [7.7.2009 22:47 1351168]
S3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [7.7.2009 22:47 164864]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.3.2011 18:34 34608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20.12.2005 2:07 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x]
S3 mLanBus;Yamaha mLAN Bus Driver;c:\windows\system32\drivers\mLanBus.sys [25.4.2008 14:48 93568]
S3 mLanMIDI;Yamaha mLAN MIDI Driver;c:\windows\system32\drivers\mLanMIDI.sys [25.4.2008 14:48 12800]
S3 mLanPDev;YAMAHA mLAN Physical Driver;c:\windows\system32\drivers\mLanPDev.sys [4.10.2006 10:10 20992]
S3 mLanStrm;Yamaha mLAN Audio Driver;c:\windows\system32\drivers\mLanStrm.sys [25.4.2008 14:48 25472]
S3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [25.1.2011 18:15 77312]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [29.7.2008 20:16 16896]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [7.7.2009 22:40 39040]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [30.12.2010 0:19 476672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.4.2011 15:33 260096]
S4 CSIScanner;CSIScanner; [x]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.5.2011 21:06 150528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kimi9.webgarden.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... -
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: Interfaces\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
FF - ProfilePath - c:\documents and settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c8,f6,d0,ab,5c,43,39,89,e9,bc,17,20,cf,d5,fd,bf,7c,f4,ef,6a,cc,1d,49,
d9,3e,01,df,e4,25,ea,ae,51,04,05,45,ad,f2,4b,83,8c,33,ac,c2,cf,88,07,02,89,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,ed,bd,b3,59,50,ce,d3,9c,83,20,a0,27,0d,ab,01,7f,be,f5,c8,fa,
d3,23,11,60,2f,59,7e,7b,de,ec,e9,5f,e1,84,55,63,7e,b4,fa,ec,d4,43,49,b7,4a,\
"rkeysecu"=hex:cb,e0,07,12,60,53,54,7b,75,66,66,98,5f,26,ee,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-07-27 18:00:19
ComboFix-quarantined-files.txt 2011-07-27 16:00
ComboFix2.txt 2011-07-27 15:38
ComboFix3.txt 2011-07-26 20:55
ComboFix4.txt 2011-07-26 19:05
.
Před spuštěním: Volných bajtů: 23 260 893 184
Po spuštění: Volných bajtů: 23 232 913 408
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 55A3284FC8B60AE34D2E36E255DB1906

#6 Příspěvek od **Rudy** » 30 črc 2011 16:15

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\dtmn.exe
c:\windows\kdhr.exe
c:\windows\system32\msupdte.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=-
"Microsoft WinUpdate"=-

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

subroofer · #7 Příspěvek od **subroofer** » 30 črc 2011 20:30

Zde je další log (po skončení bylo vyžádáno odeslat nějaký soubor na kontrolu):
PC se chová normálně, výkon není zvýšený. Ale pořád tam při spouštění ComboFix straší ten ESET štít.
Pokud se vám nezdá, že byl smazán pouze soubor dtmn.exe, tak je to proto, že po tom posledním logu ComboFixu jsem nechal udělat ještě Avast scan při spuštění počítače a ten zachytil a smazal ten khdr.exe, ale ten msupdate.exe nevim

ComboFix 11-07-29.03 - Kimi9 30.07.2011 20:56:02.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2751.2458 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kimi9\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kimi9\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\dtmn.exe
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dtmn.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-30 15:26 . 2011-07-30 16:37 -------- d-----w- c:\program files\Steel Storm Burning Retribution
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\Thinstall
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\Thinstall
2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\onOne Software
2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Default User\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Berunka\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-05-17 08:39 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\onOne Software
2011-07-29 18:03 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\onOne Software
2011-07-28 13:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-28 13:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-28 13:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 13:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-28 13:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-28 13:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-28 13:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-28 13:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-28 13:52 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 13:52 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\program files\AVAST Software
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\rundll16.exe
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\logo1_.exe
2011-07-26 17:30 . 2008-04-14 05:42 52480 ----a-w- c:\windows\system32\drivers\Volsnap.sys
2011-07-26 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 15:55 . 2011-07-30 09:11 -------- d-----w- c:\program files\trend micro
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- C:\rsit
2011-07-18 14:27 . 2011-07-18 14:27 78096 ----a-r- c:\documents and settings\Kimi9\Data aplikací\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\logo_1.exe
2011-07-17 09:06 . 2011-07-17 09:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-17 09:06 . 2011-07-17 09:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-17 09:05 . 2011-07-17 09:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-17 09:04 . 2011-07-17 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-17 06:28 . 2010-05-13 15:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2011-07-17 05:33 . 2011-07-17 05:33 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-17 05:33 . 2011-07-17 05:33 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- C:\sh4ldr
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-03 08:42 . 2011-07-03 09:56 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:30 . 2011-07-17 09:28 11267211 ----a-w- c:\windows\REGBK08.ZIP
2011-07-17 05:33 . 2009-07-28 14:54 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-25 06:19 . 2011-05-18 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 23:15 . 2011-05-16 23:15 1092096 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2011-05-07 09:51 . 2011-05-07 09:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-07 09:51 . 2011-05-07 09:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-07 09:51 . 2011-05-07 09:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-04 02:52 . 2010-04-27 19:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-10-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 06:19 . 2011-05-05 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-17 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-21 . E68B798389848699012723B3F1A79E25 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.53.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2007-05-06 10:48 . 2011-07-27 06:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-06 10:48 . 2011-07-26 19:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-07-29 18:01 . 2011-07-29 18:01 228352 c:\windows\Installer\509a5e0.msi
- 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
mLAN Manager.lnk - c:\program files\mLAN Tools\YAMAHA\mLANmanager.exe [2007-3-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 06:52 136704 ----a-w- c:\windows\system32\sti_ci.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"bgsvcgen"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EventSystem"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CSIScanner"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ACDaemon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"O&O Defrag"=2 (0x2)
"NMIndexingService"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TrkWks"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"BITS"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"DTSRVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"AiSuite"=c:\program files\ASUS\Ai Suite\AiSuite.exe
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CTRegRun"=c:\windows\CTRegRun.EXE
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe"
"DT HWP"=c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SW20"=c:\windows\system32\sw20.exe
"SW24"=c:\windows\system32\sw24.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.7.2009 16:54 32008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.7.2011 15:53 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.7.2011 15:53 309848]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [17.7.2011 7:33 76696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.7.2011 15:53 19544]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [29.7.2011 20:37 66560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [7.5.2007 10:26 33792]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [7.7.2009 22:47 1351168]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [7.7.2009 22:47 164864]
R3 mLanBus;Yamaha mLAN Bus Driver;c:\windows\system32\drivers\mLanBus.sys [25.4.2008 14:48 93568]
R3 mLanMIDI;Yamaha mLAN MIDI Driver;c:\windows\system32\drivers\mLanMIDI.sys [25.4.2008 14:48 12800]
R3 mLanPDev;YAMAHA mLAN Physical Driver;c:\windows\system32\drivers\mLanPDev.sys [4.10.2006 10:10 20992]
R3 mLanStrm;Yamaha mLAN Audio Driver;c:\windows\system32\drivers\mLanStrm.sys [25.4.2008 14:48 25472]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [25.1.2011 18:15 77312]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [17.7.2011 7:33 26096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [18.2.2008 18:20 17920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.5.2011 11:51 13224]
S3 gHidPnp;USB Device Enhanced Function Driver; [x]
S3 gMouPS2;PS2 Scroll Mouse Device; [x]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20.12.2005 2:07 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [29.7.2008 20:16 16896]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [7.7.2009 22:40 39040]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [30.12.2010 0:19 476672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.4.2011 15:33 260096]
S4 CSIScanner;CSIScanner; [x]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.5.2011 21:06 150528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kimi9.webgarden.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... -
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: Interfaces\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
FF - ProfilePath - c:\documents and settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c8,f6,d0,ab,5c,43,39,89,e9,bc,17,20,cf,d5,fd,bf,7c,f4,ef,6a,cc,1d,49,
d9,3e,01,df,e4,25,ea,ae,51,04,05,45,ad,f2,4b,83,8c,33,ac,c2,cf,88,07,02,89,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,ed,bd,b3,59,50,ce,d3,9c,83,20,a0,27,0d,ab,01,7f,be,f5,c8,fa,
d3,23,11,60,2f,59,7e,7b,de,ec,e9,5f,e1,84,55,63,7e,b4,fa,ec,d4,43,49,b7,4a,\
"rkeysecu"=hex:cb,e0,07,12,60,53,54,7b,75,66,66,98,5f,26,ee,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\mLAN Tools\mLANSoftPH.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\mLAN Tools\mLANVDevice.exe
c:\program files\mLAN Tools\mLANTFamily.exe
c:\program files\mLAN Tools\YAMAHA\mLANConnectionManager.exe
.
**************************************************************************
.
Celkový čas: 2011-07-30 21:16:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-30 19:16
ComboFix2.txt 2011-07-27 16:00
ComboFix3.txt 2011-07-27 15:38
ComboFix4.txt 2011-07-26 20:55
ComboFix5.txt 2011-07-30 18:55
.
Před spuštěním: Volných bajtů: 21 987 635 200
Po spuštění: Volných bajtů: 21 996 122 112
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1007167B170A988427043FF8FEABE31B
Nahr nˇ probŘhlo ŁspŘçnŘ

#8 Příspěvek od **Rudy** » 30 črc 2011 21:32

Ještě jednou spusťte CF tímto skriptem:

Collect::
c:\windows\system32\drivers\pxrts.sys
c:\windows\system32\drivers\pxkbf.sys

Driver::
pxrts
pxkbf

CF odesílá soubory autorovi, který ho pak podle nich updatuje.

subroofer · #9 Příspěvek od **subroofer** » 31 črc 2011 09:15

PRESTALA MI JIT KLAVESNICE; klikam do virtualni. spravce zarizeni - chyba - Ovladač zařízení byl pro tento hardware úspěšně zaveden, ale nelze najít hardwarové zařízení [kod 41]. HID i PS2 nefunguji. zkusim zatim drivery.

ComboFix 11-07-31.02 - Kimi9 31.07.2011 8:59.6.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2751.2461 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kimi9\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kimi9\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\system32\drivers\pxkbf.sys
file zipped: c:\windows\system32\drivers\pxrts.sys
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\pxkbf.sys
c:\windows\system32\drivers\pxrts.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PXRTS
-------\Service_pxkbf
-------\Service_pxrts
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-30 15:26 . 2011-07-30 16:37 -------- d-----w- c:\program files\Steel Storm Burning Retribution
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\Thinstall
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\Thinstall
2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\onOne Software
2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Default User\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Berunka\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\onOne Software
2011-07-29 18:37 . 2011-05-17 08:39 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2011-07-29 18:37 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\onOne Software
2011-07-29 18:03 . 2011-07-29 18:37 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\onOne Software
2011-07-28 13:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-28 13:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-28 13:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 13:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-28 13:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-28 13:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-28 13:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-28 13:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-28 13:52 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 13:52 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\program files\AVAST Software
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\rundll16.exe
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\logo1_.exe
2011-07-26 17:30 . 2008-04-14 05:42 52480 ----a-w- c:\windows\system32\drivers\Volsnap.sys
2011-07-26 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 15:55 . 2011-07-30 09:11 -------- d-----w- c:\program files\trend micro
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- C:\rsit
2011-07-18 14:27 . 2011-07-18 14:27 78096 ----a-r- c:\documents and settings\Kimi9\Data aplikací\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\logo_1.exe
2011-07-17 09:06 . 2011-07-17 09:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-17 09:06 . 2011-07-17 09:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-17 09:05 . 2011-07-17 09:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-17 09:04 . 2011-07-17 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-17 06:28 . 2010-05-13 15:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- C:\sh4ldr
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-03 08:42 . 2011-07-03 09:56 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:30 . 2011-07-17 09:28 11267211 ----a-w- c:\windows\REGBK08.ZIP
2011-07-17 05:33 . 2009-07-28 14:54 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-25 06:19 . 2011-05-18 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 23:15 . 2011-05-16 23:15 1092096 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2011-05-07 09:51 . 2011-05-07 09:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-07 09:51 . 2011-05-07 09:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-07 09:51 . 2011-05-07 09:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-04 02:52 . 2010-04-27 19:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-10-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 06:19 . 2011-05-05 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-17 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-21 . E68B798389848699012723B3F1A79E25 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.53.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2007-05-06 10:48 . 2011-07-27 06:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-06 10:48 . 2011-07-26 19:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-07-29 18:01 . 2011-07-29 18:01 228352 c:\windows\Installer\509a5e0.msi
- 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
mLAN Manager.lnk - c:\program files\mLAN Tools\YAMAHA\mLANmanager.exe [2007-3-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 06:52 136704 ----a-w- c:\windows\system32\sti_ci.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"bgsvcgen"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EventSystem"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CSIScanner"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ACDaemon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"O&O Defrag"=2 (0x2)
"NMIndexingService"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TrkWks"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"BITS"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"DTSRVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"AiSuite"=c:\program files\ASUS\Ai Suite\AiSuite.exe
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CTRegRun"=c:\windows\CTRegRun.EXE
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe"
"DT HWP"=c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SW20"=c:\windows\system32\sw20.exe
"SW24"=c:\windows\system32\sw24.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.7.2009 16:54 32008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.7.2011 15:53 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.7.2011 15:53 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.7.2011 15:53 19544]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [29.7.2011 20:37 66560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [7.5.2007 10:26 33792]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [7.7.2009 22:47 1351168]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [7.7.2009 22:47 164864]
R3 mLanBus;Yamaha mLAN Bus Driver;c:\windows\system32\drivers\mLanBus.sys [25.4.2008 14:48 93568]
R3 mLanMIDI;Yamaha mLAN MIDI Driver;c:\windows\system32\drivers\mLanMIDI.sys [25.4.2008 14:48 12800]
R3 mLanStrm;Yamaha mLAN Audio Driver;c:\windows\system32\drivers\mLanStrm.sys [25.4.2008 14:48 25472]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [25.1.2011 18:15 77312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [18.2.2008 18:20 17920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.5.2011 11:51 13224]
S3 gHidPnp;USB Device Enhanced Function Driver; [x]
S3 gMouPS2;PS2 Scroll Mouse Device; [x]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20.12.2005 2:07 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x]
S3 mLanPDev;YAMAHA mLAN Physical Driver;c:\windows\system32\drivers\mLanPDev.sys [4.10.2006 10:10 20992]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [29.7.2008 20:16 16896]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [7.7.2009 22:40 39040]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [30.12.2010 0:19 476672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.4.2011 15:33 260096]
S4 CSIScanner;CSIScanner; [x]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.5.2011 21:06 150528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kimi9.webgarden.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... -
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: Interfaces\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
FF - ProfilePath - c:\documents and settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c8,f6,d0,ab,5c,43,39,89,e9,bc,17,20,cf,d5,fd,bf,7c,f4,ef,6a,cc,1d,49,
d9,3e,01,df,e4,25,ea,ae,51,04,05,45,ad,f2,4b,83,8c,33,ac,c2,cf,88,07,02,89,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,ed,bd,b3,59,50,ce,d3,9c,83,20,a0,27,0d,ab,01,7f,be,f5,c8,fa,
d3,23,11,60,2f,59,7e,7b,de,ec,e9,5f,e1,84,55,63,7e,b4,fa,ec,d4,43,49,b7,4a,\
"rkeysecu"=hex:cb,e0,07,12,60,53,54,7b,75,66,66,98,5f,26,ee,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\mLAN Tools\mLANSoftPH.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\mLAN Tools\mLANVDevice.exe
c:\program files\mLAN Tools\mLANTFamily.exe
c:\program files\mLAN Tools\YAMAHA\mLANConnectionManager.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 09:18:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 07:18
ComboFix2.txt 2011-07-30 19:17
ComboFix3.txt 2011-07-27 16:00
ComboFix4.txt 2011-07-27 15:38
ComboFix5.txt 2011-07-31 06:58
.
Před spuštěním: Volných bajtů: 22 278 328 320
Po spuštění: Volných bajtů: 22 249 394 176
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1A2EC0CC59CD7ABC8E865E1F8B62DD73
Nahr nˇ probŘhlo ŁspŘçnŘ

subroofer · #10 Příspěvek od **subroofer** » 31 črc 2011 09:48

zatim nevim co s tim, soubor pxkbf.sys musel souviset s klavesnici, nikde nenachazim rozumnej driver nebo reseni... prosim o pomoc.

#11 Příspěvek od **Rudy** » 31 črc 2011 10:45

Na webu se o tom psalo jako o malware. Má klávesnice nějaké extra ovladače? Pokud ano přeinstalujte. Jinak zkuste obnovu systému k datu, kdy korektně kláveska fungovala.

subroofer · #12 Příspěvek od **subroofer** » 31 črc 2011 11:06

obyc usb od HP, nemam cd a na webu driverz nejsou, tohle resi win automaticky

#13 Příspěvek od **Rudy** » 31 črc 2011 11:50

OK. V adresáři C:\Quoobox najdete ty soubory. Přesuňte je do adresáře c:\windows\system32\drivers a odmažte jim koncovku "vir". Restratujte PC.

subroofer · #14 Příspěvek od **subroofer** » 31 črc 2011 17:30

Musel jsem se vrátit zpět v systému o dva dny dozadu. Pouhé navrácení těch dvou soboru nic neresilo, spustil jsem znovu tento script:

Rudy píše:Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\dtmn.exe
c:\windows\kdhr.exe
c:\windows\system32\msupdte.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=-
"Microsoft WinUpdate"=-
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-07-27.01 - Kimi9 31.07.2011 17:53:41.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2751.2178 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kimi9\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kimi9\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\dtmn.exe
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-839522115-1979792683-725345543-500(2)\INFO2
c:\windows\dtmn.exe
c:\windows\system32\drivers\pxrts.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_pxrts
-------\Service_pxrts
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 11:44 . 2011-07-31 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-31 10:04 . 2011-07-31 11:41 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-07-31 07:58 . 2011-07-31 11:41 -------- d-----w- c:\program files\Click-N-Type
2011-07-30 15:26 . 2011-07-31 11:42 -------- d-----w- c:\program files\Steel Storm Burning Retribution
2011-07-29 19:01 . 2011-07-29 19:01 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\Thinstall
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Adobe(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Adobe(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Default User\Data aplikací\Adobe(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Berunka\Data aplikací\Adobe(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Adobe(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\onOne Software(2)
2011-07-29 18:38 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\onOne Software(2)
2011-07-29 18:37 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Default User\Data aplikací\onOne Software(2)
2011-07-29 18:37 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Berunka\Data aplikací\onOne Software(2)
2011-07-29 18:37 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Admin\Data aplikací\onOne Software(2)
2011-07-29 18:37 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\onOne Software(2)
2011-07-29 18:03 . 2011-07-31 11:43 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\onOne Software
2011-07-28 13:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-28 13:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-28 13:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 13:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-28 13:53 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-28 13:53 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-28 13:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-28 13:53 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-28 13:52 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 13:52 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\program files\AVAST Software
2011-07-28 13:52 . 2011-07-28 13:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\rundll16.exe
2011-07-26 19:53 . 2011-07-26 19:53 -------- d---a-w- c:\windows\logo1_.exe
2011-07-26 17:30 . 2008-04-14 05:42 52480 ----a-w- c:\windows\system32\drivers\Volsnap.sys
2011-07-26 16:06 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:06 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 15:55 . 2011-07-31 11:42 -------- d-----w- c:\program files\trend micro
2011-07-26 15:55 . 2011-07-26 15:55 -------- d-----w- C:\rsit
2011-07-18 14:27 . 2011-07-18 14:27 78096 ----a-r- c:\documents and settings\Kimi9\Data aplikací\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\program files\XP Repair Pro 4.0
2011-07-18 14:27 . 2011-07-18 14:27 -------- d-----w- c:\documents and settings\Kimi9\Local Settings\Data aplikací\{42FFD6CD-1797-4302-8C84-959BECBCDA13}
2011-07-17 17:51 . 2011-07-17 17:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\VDLL.DLL
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\system32\runouce.exe
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-07-17 09:08 . 2011-07-17 09:08 -------- d---a-w- c:\windows\logo_1.exe
2011-07-17 09:06 . 2011-07-17 09:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-17 09:06 . 2011-07-17 09:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-17 09:05 . 2011-07-17 09:05 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-17 09:04 . 2011-07-17 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-17 06:28 . 2010-05-13 15:34 14232 ----a-w- c:\windows\system32\sh4native.exe
2011-07-17 05:33 . 2011-07-17 05:33 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- C:\sh4ldr
2011-07-16 19:33 . 2011-07-17 05:43 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-03 08:42 . 2011-07-03 09:56 -------- d-----w- c:\documents and settings\Kimi9\Data aplikací\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:30 . 2011-07-17 09:28 11267211 ----a-w- c:\windows\REGBK08.ZIP
2011-07-17 05:33 . 2009-07-28 14:54 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-25 06:19 . 2011-05-18 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-16 23:15 . 2011-05-16 23:15 1092096 ----a-w- c:\windows\system32\L6DriverControlPanel.cpl
2011-05-07 09:51 . 2011-05-07 09:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-05-07 09:51 . 2011-05-07 09:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-05-07 09:51 . 2011-05-07 09:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-05-04 02:52 . 2010-04-27 19:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2007-10-01 19:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-25 06:19 . 2011-05-05 14:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-17 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-21 . E68B798389848699012723B3F1A79E25 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2qfe\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\8b3f0b76a887dad5988d39ddc24cfa31\sp2gdr\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP2GDR\tcpip.sys
[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\88b61d8186801830b4c7eb1666dbe60c\SP1QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_20.53.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2007-05-06 10:48 . 2011-07-27 06:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-06 10:48 . 2011-07-26 19:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-30 13:40 . 2011-07-18 15:20 2420 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2007-05-30 13:40 . 2011-07-31 11:22 2420 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2011-07-31 07:10 . 2011-07-31 07:10 8192 c:\windows\ERDNT\subs(2)\Users(2)\00000002(2)\UsrClass.dat
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-05-06 12:27 . 2011-07-31 11:47 426208 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-31 07:10 . 2011-07-31 07:10 372736 c:\windows\ERDNT\subs(2)\Users(2)\00000004(2)\UsrClass.dat
+ 2011-07-31 07:10 . 2011-07-31 07:10 139264 c:\windows\ERDNT\subs(2)\Users(2)\00000001(2)\NTUSER.DAT
- 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2007-05-06 19:29 . 2011-07-31 11:45 7575920 c:\windows\system32\Restore\rstrlog.dat
+ 2011-07-31 07:10 . 2011-07-31 07:10 17498112 c:\windows\ERDNT\subs(2)\Users(2)\00000003(2)\ntuser.dat
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2007-06-29 49152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 100352]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
mLAN Manager.lnk - c:\program files\mLAN Tools\YAMAHA\mLANmanager.exe [2007-3-12 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=KORGUMDD.DRV
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 06:52 136704 ----a-w- c:\windows\system32\sti_ci.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)
"bgsvcgen"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"srservice"=2 (0x2)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EventSystem"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CSIScanner"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ACDaemon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"O&O Defrag"=2 (0x2)
"NMIndexingService"=3 (0x3)
"xmlprov"=3 (0x3)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TrkWks"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"BITS"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"DTSRVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"AiSuite"=c:\program files\ASUS\Ai Suite\AiSuite.exe
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"JMB36X Configure"=c:\windows\system32\JMRaidTool.exe boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CTRegRun"=c:\windows\CTRegRun.EXE
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe"
"DT HWP"=c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe -startup_folder
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SW20"=c:\windows\system32\sw20.exe
"SW24"=c:\windows\system32\sw24.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svehost.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [28.7.2009 16:54 32008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.7.2011 15:53 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.7.2011 15:53 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.7.2011 15:53 19544]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [7.5.2007 10:26 33792]
R3 hypaudio;hypaudio;c:\windows\system32\drivers\hypaudio.sys [7.7.2009 22:47 1351168]
R3 hypkern;hypkern;c:\windows\system32\drivers\hypkern.sys [7.7.2009 22:47 164864]
R3 mLanBus;Yamaha mLAN Bus Driver;c:\windows\system32\drivers\mLanBus.sys [25.4.2008 14:48 93568]
R3 mLanMIDI;Yamaha mLAN MIDI Driver;c:\windows\system32\drivers\mLanMIDI.sys [25.4.2008 14:48 12800]
R3 mLanStrm;Yamaha mLAN Audio Driver;c:\windows\system32\drivers\mLanStrm.sys [25.4.2008 14:48 25472]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [25.1.2011 18:15 77312]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [17.7.2011 7:33 26096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [18.2.2008 18:20 17920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [7.5.2011 11:51 13224]
S3 gHidPnp;USB Device Enhanced Function Driver; [x]
S3 gMouPS2;PS2 Scroll Mouse Device; [x]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20.12.2005 2:07 22232]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; [x]
S3 mLanPDev;YAMAHA mLAN Physical Driver;c:\windows\system32\drivers\mLanPDev.sys [4.10.2006 10:10 20992]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [29.7.2008 20:16 16896]
S3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [7.7.2009 22:40 39040]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [30.12.2010 0:19 476672]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [8.4.2011 15:33 260096]
S4 CSIScanner;CSIScanner; [x]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [7.5.2011 21:06 150528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 04:51]
.
2011-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.kimi9.webgarden.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... -
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: Interfaces\{BC9667D6-9190-4D3D-BC95-944A179D606B}: NameServer = 89.203.163.254,81.19.33.2
FF - ProfilePath - c:\documents and settings\Kimi9\Data aplikací\Mozilla\Firefox\Profiles\o05nk0mp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-31 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c8,f6,d0,ab,5c,43,39,89,e9,bc,17,20,cf,d5,fd,bf,7c,f4,ef,6a,cc,1d,49,
d9,3e,01,df,e4,25,ea,ae,51,04,05,45,ad,f2,4b,83,8c,33,ac,c2,cf,88,07,02,89,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-839522115-1979792683-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,ed,bd,b3,59,50,ce,d3,9c,83,20,a0,27,0d,ab,01,7f,be,f5,c8,fa,
d3,23,11,60,2f,59,7e,7b,de,ec,e9,5f,e1,84,55,63,7e,b4,fa,ec,d4,43,49,b7,4a,\
"rkeysecu"=hex:cb,e0,07,12,60,53,54,7b,75,66,66,98,5f,26,ee,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\mLAN Tools\mLANStart.exe
c:\program files\mLAN Tools\mLANSoftPH.exe
c:\program files\mLAN Tools\mLANSoftPH.exe
c:\program files\mLAN Tools\mLANVDevice.exe
c:\program files\mLAN Tools\mLANTFamily.exe
c:\program files\mLAN Tools\YAMAHA\mLANConnectionManager.exe
c:\windows\system32\dwwin.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-31 18:17:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-31 16:17
ComboFix2.txt 2011-07-31 07:19
ComboFix3.txt 2011-07-30 19:17
ComboFix4.txt 2011-07-27 16:00
ComboFix5.txt 2011-07-31 15:52
.
Před spuštěním: Volných bajtů: 21 789 691 904
Po spuštění: Volných bajtů: 21 732 507 648
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C6C9259BB4EC1B8C1F545E62DCE669E0
Nahr nˇ probŘhlo ŁspŘçnŘ

#15 Příspěvek od **Rudy** » 31 črc 2011 18:24

V tom případě log vypadá čistý.

VIRY.CZ

Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)

Re: Skrýtý proces mi žere 30% CPU - nemohu na něj přijít :)