Restart Win XP v průběhu činnosti Combofixu

Zpráva

Karpi · #1 Příspěvek od **Karpi** » 28 srp 2011 21:35

Dobrý den, prosím o radu. Na počítači s Windows XP SP3 se pravděpodobně uhnízdil nějaký rootkit. (Alespoň původně nainstalovaný AVG v9 ho v adr. System32 v nějakém EXE-souboru indentifikoval.)
Bohužel již nevím, jak se jmenoval, protože po odinstalaci AVG starší verze (abych mohl spustit Combofix) a následné instalaci AVG Internet Security 2011 se již nenašel...
Problém je v tom, že i po opětovné odinstalaci nové verze AVG, vypnutí firewalu a ostatních nepotřebným rezidentních programů, Combofix po dokončení fáze 50 vypíše "Mažu soubory" a následně ihned proběhne restart Windows. Proto mám podezření, že tam "něco" dokončení skenu Combofixu bojkotuje. Rovněž GMER při stuštění okamžitě vyvolá restart PC.
Děkuji za radu!

#2 Příspěvek od **Rudy** » 28 srp 2011 21:49

Zdravím!
ComboFix se nedoporučuje používat laikům. Lze jím celkem snadno shodit systém. Dejte nejprve log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

Karpi · #3 Příspěvek od **Karpi** » 29 srp 2011 20:23

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-08-29 20:40:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (7%) free of 153 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:51, on 29.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe
C:\Program Files\TrustPort\Antivirus\bin\avss.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TrustPort\Antivirus\bin\avas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TrustPort\Antivirus\bin\avcom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\TrustPort\Bin\tptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\ICQ6.5\ICQ.exe
F:\Hanička\rsit.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ocs_SM] C:\Documents and Settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files\TrustPort\Antivirus\bin\avcom.exe"
O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files\Common Files\TrustPort\Bin\tptray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0D21431-1AB5-44FD-9D25-2BD671F92221}: NameServer = 81.90.160.1,81.90.160.65
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avas.exe
O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - TrustPort, a.s. - C:\Program Files\TrustPort\Antivirus\bin\avss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrustPort Core Service (tpmgma_service) - TrustPort, a.s. - C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe

--
End of file - 8311 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-299502267-725345543-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-299502267-725345543-500UA.job
C:\WINDOWS\tasks\TrustPort Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zat5kis2.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, {DBBB3167-6E81-400f-BBFD-BD8921726F52}:7000.2010.1020.1412, {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Cabrilog.com/Cabri 3D]
"Description"=Cabri 3D Web Browser Plug-in 2.1.2 (318)
"Path"=C:\Program Files\Cabri\Cabri 3D Plug-in 2.1\bin\npcabri3d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
NPOFFICE.DLL

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zat5kis2.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{DBBB3167-6E81-400f-BBFD-BD8921726F52}
{e001c731-5e37-4538-a5cb-8168736a2360}

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zat5kis2.default\searchplugins\
{5D9F3897-80D1-4BD1-B8C7-3C6530F408F0}.xml
{6097A23A-9470-4A41-94E6-0CCEFC1710EA}.xml
{A39017AA-01DA-4BC5-88D1-02E2C43C3DE1}.xml
{C2244FE7-CFF5-4EAE-BE8D-330AA08F5286}.xml
{EAB4684D-3211-400E-A7F9-73AC829EEC94}.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-23 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Ocs_SM"=C:\Documents and Settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizer.exe [2011-04-05 106496]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-07 98304]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-07-05 20053608]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]
"AntivirusCommunicatorAgent"=C:\Program Files\TrustPort\Antivirus\bin\avcom.exe [2011-07-08 774416]
"TrustPortTray"=C:\Program Files\Common Files\TrustPort\Bin\tptray.exe [2011-07-08 721168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-12-03 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2
"avg8emc"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-08 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Maple 9.5\bin.win\mserver.exe"="C:\Program Files\Maple 9.5\bin.win\mserver.exe:*:Enabled:mserver"
"C:\Program Files\Maple 9.5\jre\bin\java.exe"="C:\Program Files\Maple 9.5\jre\bin\java.exe:*:Enabled:java"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader"
"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=L3codeca.acm
"vidc.divx"=divx.dll
"vidc.div4"=DivXc32f.dll
"vidc.div3"=DivXc32.dll
"vidc.xvid"=xvid.dll
"vidc.mp43"=mpg4c32.dll
"msacm.l3radius"=l3codecp.acm
"msacm.divxa"=divxa32.acm
"msacm.vorbis"=Vorbis.acm
"msacm.a3d"=a3d.dll
"msacm.ogg"=ogg.dll
"msacm.vorbisenc"=vorbisenc.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-29 20:40:32 ----D---- C:\Program Files\trend micro
2011-08-29 20:40:31 ----D---- C:\rsit
2011-08-28 19:06:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2011-08-28 19:04:49 ----D---- C:\Program Files\VideoLAN
2011-08-28 18:57:14 ----D---- C:\Program Files\totalcmd
2011-08-28 18:57:14 ----A---- C:\WINDOWS\UC.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\RAR.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\PKZIP.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\LHA.PIF
2011-08-28 18:57:14 ----A---- C:\WINDOWS\ARJ.PIF
2011-08-28 18:53:26 ----D---- C:\Total Commander v7.55
2011-08-28 18:28:39 ----A---- C:\WINDOWS\system32\drivers\avasdmft.sys
2011-08-28 18:28:37 ----D---- C:\Program Files\TrustPort
2011-08-28 18:28:37 ----D---- C:\Program Files\Common Files\TrustPort
2011-08-28 18:28:37 ----A---- C:\WINDOWS\system32\drivers\tpsec.sys
2011-08-28 18:23:08 ----SD---- C:\ComboFix
2011-08-28 18:07:01 ----A---- C:\WINDOWS\zip.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\SWSC.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\SWREG.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\sed.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\PEV.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\NIRCMD.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\MBR.exe
2011-08-28 18:07:01 ----A---- C:\WINDOWS\grep.exe
2011-08-28 18:06:53 ----D---- C:\Qoobox
2011-08-27 18:30:39 ----HD---- C:\$AVG
2011-08-27 17:44:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG10
2011-08-27 17:43:54 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-08-27 17:42:38 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-08-27 17:42:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-08-27 17:35:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-08-27 17:14:47 ----A---- C:\WINDOWS\ntbtlog.txt
2011-08-27 16:43:38 ----D---- C:\WINDOWS\Minidump
2011-08-27 16:38:33 ----A---- C:\Boot.bak
2011-08-27 16:38:28 ----RASHD---- C:\cmdcons
2011-08-27 16:35:47 ----D---- C:\WINDOWS\ERDNT
2011-08-26 20:42:28 ----D---- C:\Program Files\EurotelSMS
2011-08-26 20:36:32 ----D---- C:\Program Files\ESET
2011-08-26 20:35:07 ----D---- C:\Documents and Settings\Administrator\Data aplikací\QuickScan
2011-08-24 18:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-21 23:42:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2011-08-21 23:42:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-08-21 23:41:58 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-21 23:41:14 ----D---- C:\TuneUp Utilities 2011 v10.0.4320.15 (CZ)
2011-08-20 20:49:56 ----AH---- C:\WINDOWS\system32\mlfcache.dat
2011-08-20 20:49:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2011-08-20 16:09:02 ----D---- C:\Program Files\OpenAL
2011-08-20 16:09:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-08-20 16:09:02 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-08-20 16:08:49 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2011-08-20 16:08:24 ----D---- C:\Program Files\Common Files\Futuremark Shared
2011-08-20 16:07:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-08-20 16:06:49 ----D---- C:\Program Files\Futuremark
2011-08-20 12:09:39 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2011-08-20 12:09:33 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2011-08-20 12:09:22 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2011-08-20 12:09:22 ----A---- C:\WINDOWS\system32\drivers\point32.sys
2011-08-20 12:08:51 ----D---- C:\Program Files\Microsoft IntelliPoint
2011-08-20 12:07:34 ----A---- C:\WINDOWS\vncutil.exe
2011-08-20 12:07:32 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2011-08-20 12:07:32 ----A---- C:\WINDOWS\RtkAudioService.exe
2011-08-20 12:07:31 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2011-08-20 12:07:29 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2011-08-20 12:06:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-08-20 12:04:21 ----D---- C:\Program Files\AMD APP
2011-08-20 12:02:42 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-08-20 11:42:38 ----D---- C:\Program Files\Driver-Soft
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bwhnt.sys
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bserd.sys
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bmdm.sys
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bmdfl.sys
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bcmnt.sys
2011-08-15 12:10:59 ----A---- C:\WINDOWS\system32\drivers\ss_bbus.sys
2011-08-14 20:35:33 ----D---- C:\WINDOWS\pss
2011-08-14 20:34:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Origin
2011-08-14 20:34:14 ----D---- C:\Program Files\Origin Games
2011-08-14 20:34:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Origin
2011-08-14 20:33:48 ----D---- C:\Program Files\Origin
2011-08-11 18:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-11 18:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-11 18:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-11 18:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-11 18:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$

======List of files/folders modified in the last 1 month======

2011-08-29 20:40:38 ----D---- C:\WINDOWS\Prefetch
2011-08-29 20:40:32 ----RD---- C:\Program Files
2011-08-29 18:38:58 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-29 18:31:11 ----D---- C:\WINDOWS\Temp
2011-08-29 08:19:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-28 22:56:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2011-08-28 20:22:08 ----D---- C:\WINDOWS\system32
2011-08-28 19:08:44 ----A---- C:\WINDOWS\WINCMD.INI
2011-08-28 18:57:14 ----D---- C:\WINDOWS
2011-08-28 18:32:36 ----HD---- C:\WINDOWS\inf
2011-08-28 18:31:46 ----D---- C:\WINDOWS\system32\drivers
2011-08-28 18:29:57 ----SD---- C:\WINDOWS\Tasks
2011-08-28 18:29:56 ----D---- C:\WINDOWS\system32\config
2011-08-28 18:28:37 ----D---- C:\Program Files\Common Files
2011-08-28 18:09:18 ----D---- C:\WINDOWS\AppPatch
2011-08-28 17:52:26 ----D---- C:\Program Files\Mozilla Firefox
2011-08-28 17:38:14 ----SHD---- C:\Config.Msi
2011-08-28 17:36:43 ----SHD---- C:\WINDOWS\Installer
2011-08-28 17:34:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-27 17:42:00 ----D---- C:\WINDOWS\WinSxS
2011-08-27 17:10:59 ----SHD---- C:\RECYCLER
2011-08-27 17:10:52 ----SHD---- C:\System Volume Information
2011-08-27 17:10:52 ----D---- C:\WINDOWS\system32\Restore
2011-08-27 16:38:33 ----RASH---- C:\boot.ini
2011-08-27 16:24:15 ----A---- C:\WINDOWS\win.ini
2011-08-27 16:24:15 ----A---- C:\WINDOWS\system.ini
2011-08-27 16:20:56 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-08-24 18:45:42 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-23 11:28:24 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-08-22 23:44:38 ----D---- C:\Program Files\Electronic Arts
2011-08-22 23:44:37 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-20 16:08:55 ----D---- C:\WINDOWS\system32\DirectX
2011-08-20 16:08:54 ----RSD---- C:\WINDOWS\assembly
2011-08-20 16:07:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2011-08-20 12:10:25 ----D---- C:\Program Files\Realtek
2011-08-20 12:09:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-08-20 12:08:57 ----RSD---- C:\WINDOWS\Fonts
2011-08-20 12:07:50 ----D---- C:\WINDOWS\system32\RTCOM
2011-08-20 12:04:01 ----D---- C:\Program Files\ATI Technologies
2011-08-18 10:05:52 ----RD---- C:\Program Files\Skype
2011-08-18 10:05:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-08-15 12:08:54 ----D---- C:\Program Files\PC Connectivity Solution
2011-08-15 12:07:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Samsung
2011-08-15 12:07:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2011-08-14 20:43:23 ----D---- C:\WINDOWS\Debug
2011-08-14 20:34:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2011-08-12 00:07:09 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-11 18:40:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-11 18:38:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-11 18:36:26 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-11 18:35:59 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-03 431672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 tpsec;TrustPort Security Filter; C:\WINDOWS\system32\drivers\tpsec.sys [2011-07-08 35920]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-08 7023104]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-03-30 101392]
R3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF; C:\WINDOWS\System32\DRIVERS\avasdmft.sys [2011-07-08 37648]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-07-07 6367848]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-06-13 306664]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 akrm9xox;akrm9xox; C:\WINDOWS\system32\drivers\akrm9xox.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 dsio;TrustPort Raw IO Driver; \??\C:\Program Files\Common Files\TrustPort\bin\dsio.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSI_DVD_010507;MSI_DVD_010507; \??\C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys []
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys []
S3 MSI_VGASYS_010507;MSI_VGASYS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys []
S3 MsibiosDevice;MsibiosDevice; \??\C:\Program Files\MSI\Live Update 4\LU4\msibios.sys []
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-08 643072]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-23 153376]
R2 SearchAnonymizer;SearchAnonymizer; C:\Documents and Settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe [2011-04-05 40960]
R2 tpmgma_service;TrustPort Core Service; C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe [2011-07-08 404040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avas_service;TrustPort Antivirus On-Access Scanner Agent; C:\Program Files\TrustPort\Antivirus\bin\avas.exe [2011-07-08 495888]
R3 avss_service;TrustPort Antivirus Service Scanner Provider; C:\Program Files\TrustPort\Antivirus\bin\avss.exe [2011-07-08 291088]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 29 srp 2011 20:34

Toto je OK. Teď poprosím o log ze skenu CF. Najdete ho v C:\combofix.txt. Obsah toho souboru sem zkopírujte.

Karpi · #5 Příspěvek od **Karpi** » 29 srp 2011 21:22

No a to je právě ten problém! Viz nadpis mého dotazu a můj první příspěvek...
Jinými slovy - žádný log není.

#6 Příspěvek od **Rudy** » 29 srp 2011 21:45

Zkuste se nejprve podívat, zda existuje soubor C:\combofix.txt . V něm by měl být log. Pokud sobor chybí, restartujte do nouz. režimu, tam proveďte nový sken a dejte log.

Karpi · #7 Příspěvek od **Karpi** » 29 srp 2011 23:37

Na 100% tam žádný log není a ani být nemůže, protože CF vytváří log až na konci své činnosti, ale zde se dostane pouze do fáze pokusu o mazání souborů a ani ten nedokončí.
Opravdu to mám zkusit v nouzovém režimu? Co vím, tak se doporučuje spouštět CF pouze po klasickém nastartování. Mám pocit, že už jsem si takto jednou u jiného počítače vykoledoval nefunkčnost systému...

#8 Příspěvek od **Rudy** » 30 srp 2011 15:57

Combofix lze spouštět z nouz. režimu (některé naákazy ani jinak nelze léčit). Za to, že byl znefunkčněn systém, nemůže ComboFix, nýbrž virus. V podpisu mám, co dělat před započetím léčení a doporučuji se toho držet, neboť léčení PC nikdy není bez rizika.

Karpi · #9 Příspěvek od **Karpi** » 31 srp 2011 20:38

OK, zde výpis CF z nouzového režimu:

ComboFix 11-08-29.03 - Administrator 31.08.2011 21:20:56.8.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1762 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Údržba počítače\ComboFix.exe
AV: TrustPort Antivirus *Disabled/Updated* {3E803F6C-6C2F-4647-BCA9-1C7E98603DB4}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-29 18:40 . 2011-08-29 18:40 -------- d-----w- c:\program files\trend micro
2011-08-29 18:40 . 2011-08-29 18:42 -------- d-----w- C:\rsit
2011-08-28 17:06 . 2011-08-28 17:06 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\vlc
2011-08-28 17:04 . 2011-08-28 17:04 -------- d-----w- c:\program files\VideoLAN
2011-08-28 16:57 . 2011-08-28 16:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2011-08-28 16:57 . 2011-08-28 16:57 -------- d-----w- c:\program files\totalcmd
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\UC.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\RAR.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\LHA.PIF
2011-08-28 16:57 . 2010-06-17 05:55 545 ----a-w- c:\windows\ARJ.PIF
2011-08-28 16:53 . 2011-08-28 16:53 -------- d-----w- C:\Total Commander v7.55
2011-08-28 16:28 . 2011-07-08 09:34 37648 ----a-w- c:\windows\system32\drivers\avasdmft.sys
2011-08-28 16:28 . 2011-08-28 16:29 -------- d-----w- c:\program files\Common Files\TrustPort
2011-08-28 16:28 . 2011-08-28 16:29 -------- d-----w- c:\program files\TrustPort
2011-08-28 16:28 . 2011-07-08 09:35 35920 ----a-w- c:\windows\system32\drivers\tpsec.sys
2011-08-27 16:30 . 2011-08-27 16:30 -------- d-----w- C:\$AVG
2011-08-27 15:44 . 2011-08-27 15:44 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG10
2011-08-27 15:43 . 2011-08-27 15:43 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-08-27 15:42 . 2011-08-28 15:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-08-27 15:42 . 2011-08-28 15:36 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-27 15:35 . 2011-08-28 15:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-08-26 18:42 . 2011-08-29 19:57 -------- d-----w- c:\program files\EurotelSMS
2011-08-26 18:36 . 2011-08-26 18:36 -------- d-----w- c:\program files\ESET
2011-08-26 18:35 . 2011-08-26 18:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\QuickScan
2011-08-21 21:42 . 2011-08-21 21:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TuneUp Software
2011-08-21 21:42 . 2011-08-21 21:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2011-08-21 21:41 . 2011-08-21 21:41 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-21 21:41 . 2011-08-21 21:41 -------- d-----w- C:\TuneUp Utilities 2011 v10.0.4320.15 (CZ)
2011-08-20 18:49 . 2011-08-20 18:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2011-08-20 18:49 . 2011-08-20 18:49 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Apple Computer
2011-08-20 14:09 . 2011-08-20 14:09 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-20 14:09 . 2011-08-20 14:09 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-20 14:09 . 2011-08-20 14:09 -------- d-----w- c:\program files\OpenAL
2011-08-20 14:08 . 2011-08-20 14:08 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-08-20 14:07 . 2011-08-20 14:07 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-08-20 14:06 . 2011-08-20 14:06 -------- d-----w- c:\program files\Futuremark
2011-08-20 10:09 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-08-20 10:09 . 2011-08-01 13:56 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2011-08-20 10:09 . 2011-08-01 13:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-08-20 10:08 . 2011-08-20 10:09 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-08-20 10:07 . 2010-11-03 16:15 359016 ----a-w- c:\windows\vncutil.exe
2011-08-20 10:07 . 2011-07-06 11:27 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-20 10:07 . 2010-11-03 16:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-08-20 10:07 . 2009-11-18 05:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-08-20 10:07 . 2009-11-18 05:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-08-20 10:06 . 2011-08-20 10:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-08-20 10:04 . 2011-08-20 10:04 -------- d-----w- c:\program files\AMD APP
2011-08-20 10:02 . 2011-07-08 03:15 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-08-20 09:42 . 2011-08-20 09:42 -------- d-----w- c:\program files\Driver-Soft
2011-08-15 10:10 . 2009-09-19 05:30 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-08-15 10:10 . 2009-09-19 05:30 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-08-15 10:10 . 2009-09-19 05:30 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-08-15 10:10 . 2009-09-19 05:30 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-08-15 10:10 . 2009-09-19 05:30 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-08-15 10:10 . 2009-09-19 05:30 100224 ----a-w- c:\windows\system32\drivers\ss_bserd.sys
2011-08-14 18:34 . 2011-08-14 18:34 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Origin
2011-08-14 18:34 . 2011-08-14 18:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Origin
2011-08-14 18:34 . 2011-08-14 18:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Origin
2011-08-14 18:34 . 2011-08-14 18:34 -------- d-----w- c:\program files\Origin Games
2011-08-14 18:33 . 2011-08-14 18:34 -------- d-----w- c:\program files\Origin
2011-08-11 06:47 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 06:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 12:17 . 2010-12-02 19:59 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-08 14:02 . 2004-08-18 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-08 04:12 . 2010-12-02 13:19 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-07-08 04:09 . 2010-12-11 19:40 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-07-08 03:45 . 2010-12-11 19:40 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:45 . 2010-12-11 19:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 03:42 . 2010-12-11 19:40 5111808 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 03:38 . 2010-12-11 19:40 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:23 . 2010-12-11 19:40 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:22 . 2008-04-14 03:21 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-07-08 03:21 . 2008-04-14 03:21 4091648 ----a-w- c:\windows\system32\ati3duag.dll
2011-07-08 03:05 . 2010-12-11 19:40 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:05 . 2010-12-11 19:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:04 . 2010-12-11 19:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-07-08 03:04 . 2010-12-11 19:40 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:04 . 2010-12-11 19:40 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-07-08 03:03 . 2010-12-11 19:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-07-08 03:03 . 2008-04-14 03:21 3155072 ----a-w- c:\windows\system32\ativvaxx.dll
2011-07-08 03:01 . 2010-12-11 19:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-07-08 03:00 . 2010-12-11 19:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 02:56 . 2010-12-11 19:40 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-07-08 02:53 . 2010-12-11 19:40 507904 ----a-w- c:\windows\system32\atiok3x2.dll
2011-07-08 02:53 . 2010-12-11 19:40 208896 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:52 . 2010-12-11 19:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-07-08 02:47 . 2008-04-14 03:21 868352 ----a-w- c:\windows\system32\ati2cqag.dll
2011-07-08 02:46 . 2010-12-11 19:40 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:46 . 2010-12-11 19:40 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-08 02:46 . 2010-12-11 19:40 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-07 21:37 . 2011-07-07 21:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 21:37 . 2011-07-07 21:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 19:30 . 2011-07-07 19:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 15:39 . 2010-12-02 20:00 6367848 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-07-05 14:08 . 2010-12-02 19:59 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-07-03 19:57 . 2011-07-03 19:57 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-30 14:15 . 2010-12-02 20:00 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-06-24 14:10 . 2010-11-29 19:56 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-14 14:55 . 2010-11-29 20:10 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-13 09:03 . 2010-11-29 20:11 306664 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2010-01-28 3404600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Ocs_SM"="c:\documents and settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizer.exe" [2011-04-05 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 98304]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-05 20053608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"AntivirusCommunicatorAgent"="c:\program files\TrustPort\Antivirus\bin\avcom.exe" [2011-07-08 774416]
"TrustPortTray"="c:\program files\Common Files\TrustPort\Bin\tptray.exe" [2011-07-08 721168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-12-2 192512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [22.12.2009 4:31 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [3.12.2010 19:13 217088]
S2 SearchAnonymizer;SearchAnonymizer;c:\documents and settings\Administrator\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe [5.4.2011 10:53 40960]
S2 tpmgma_service;TrustPort Core Service;c:\program files\Common Files\TrustPort\bin\tpmgma.exe [28.8.2011 18:28 404040]
S2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [28.8.2011 18:28 35920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.8.2011 12:07 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [11.12.2010 21:46 101392]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [28.8.2011 18:28 495888]
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\drivers\avasdmft.sys [28.8.2011 18:28 37648]
S3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [28.8.2011 18:28 291088]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [22.12.2009 4:31 18136]
S3 dsio;TrustPort Raw IO Driver;c:\program files\Common Files\TrustPort\bin\dsio.sys [28.8.2011 18:28 16656]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2.12.2010 22:11 28160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3.12.2010 19:13 36640]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 11:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 11:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 11:44 16696]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [29.11.2010 22:20 18432]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2.12.2010 22:11 56320]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [15.8.2011 12:10 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [15.8.2011 12:10 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [15.8.2011 12:10 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [15.8.2011 12:10 100224]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-08-31 c:\windows\Tasks\TrustPort Updater.job
- c:\program files\Common Files\TrustPort\bin\tpupdate.exe [2011-08-28 09:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: Interfaces\{D0D21431-1AB5-44FD-9D25-2BD671F92221}: NameServer = 81.90.160.1,81.90.160.65
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zat5kis2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: F5 Networks Host Plugin: {DBBB3167-6E81-400f-BBFD-BD8921726F52} - %profile%\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-299502267-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,1d,5f,89,9d,71,e5,4f,99,6c,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,1d,5f,89,9d,71,e5,4f,99,6c,97,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2011-08-31 21:28:39
ComboFix-quarantined-files.txt 2011-08-31 19:28
.
Před spuštěním: Volných bajtů: 10 768 060 416
Po spuštění: Volných bajtů: 10 856 755 200
.
- - End Of File - - 939DD7B3100634275322AB15B000FE58

#10 Příspěvek od **Rudy** » 31 srp 2011 20:44

Pár nelegitimních položek CF smazal. Je možné, že právě ony způsobovaly ty problémy. Systém se chová normálně?

Karpi · #11 Příspěvek od **Karpi** » 31 srp 2011 20:49

Zatím ano, ale to se choval navenek i předtím... Jak si budu jistý, že je systém čistý? Je nějaký scanner rootkitů, který je spolehlivý na detekci?

#12 Příspěvek od **Rudy** » 31 srp 2011 21:35

Skenery existují, jen je třeba vyhodnotit jejich logy. Pro laiky je solidní AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Najde a smaže drtivou většinu virů, rootkity však pouze některé. Na některé rootkity (například TDL) jsou potřeba speciaální skenery, neboť jiný sw je neobjeví.

Karpi · #13 Příspěvek od **Karpi** » 31 srp 2011 23:30

OK, zkusím... na jiných diskuzích jsem viděl, že někdo používá různý script pro CF pro přesnější zacílení. Kde je možné tyto scripty a jejich popisy najít?

#14 Příspěvek od **Rudy** » 01 zář 2011 17:19

Spouštění CF pomocí skriptu se provádí v případě, že CF automaticky nesmaže nelegitimní položky. Z těch, které v logu zbudou se pak vytvoří skript, kterým se CF spustí a položky v něm uvedené budou smazány. Ve vašem případě byly smazány všechny automaticky (viz odstavec "Ostatní výmazy". CF dále smazal celou řadu neplatných položek v registry. Log po této akci již vypadá čistý.

Karpi · #15 Příspěvek od **Karpi** » 02 zář 2011 18:26

OK, díky za odpověď. Ještě by mě zajímal název nějakého opravdu dobrého vyhledávače rootkitů...

VIRY.CZ

Restart Win XP v průběhu činnosti Combofixu

Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu

Re: Restart Win XP v průběhu činnosti Combofixu