Prosím o prohlédnutí logu,Avira hlásí skrytý objekt-viz obr

[jarnotrulli]

http://forum.viry.cz/download/file.php? ... ew&id=5770

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kafac at 2012-03-27 17:36:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (1%) free of 477 GB
Total RAM: 3582 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:37, on 27.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Utility\Rsit\RSIT.exe
C:\Program Files\trend micro\Kafac.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AWUS036H Wireless LAN Utility.lnk = C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2848034189
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B83927-3EF7-407D-9644-031FA1006FCA}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 7046 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Kafac M\Data aplikací\Mozilla\Firefox\Profiles\7ysjppm0.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {20a82645-c095-46ed-80e3-08825760534b}:1.1, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-01-31 258512]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
AWUS036H Wireless LAN Utility.lnk - C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-11-26 159744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kafac M\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Kafac M\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe"="C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:WPS UI"
"C:\Program Files\Corel\DVD9\WinDVD.exe"="C:\Program Files\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Rocrail\rocrail.exe"="C:\Program Files\Rocrail\rocrail.exe:*:Enabled:rocrail"
"C:\Program Files\AWUS036H Wireless LAN Utility\RTLDHCP.exe"="C:\Program Files\AWUS036H Wireless LAN Utility\RTLDHCP.exe:*:Enabled:RTLDHCP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-03-27 17:34:56 ----SHD---- C:\RECYCLER
2012-03-27 17:09:15 ----D---- C:\rsit
2012-03-27 12:30:00 ----RASHD---- C:\cmdcons
2012-03-27 12:26:54 ----A---- C:\WINDOWS\zip.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\SWSC.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\SWREG.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\sed.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\PEV.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\MBR.exe
2012-03-27 12:26:54 ----A---- C:\WINDOWS\grep.exe
2012-03-27 11:57:02 ----D---- C:\Documents and Settings\Kafac M\Data aplikací\Avira
2012-03-27 11:52:09 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-03-27 11:52:07 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-03-27 11:52:07 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-03-27 11:52:07 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-03-27 11:52:06 ----D---- C:\Program Files\Avira
2012-03-27 11:52:06 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Avira
2012-03-26 20:19:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
2012-03-26 11:18:56 ----D---- C:\LogAvira
2012-03-26 10:17:31 ----D---- C:\Documents and Settings\Kafac M\Data aplikací\Malwarebytes
2012-03-26 10:17:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-03-26 10:17:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-25 23:11:50 ----D---- C:\Documents and Settings\Kafac M\Data aplikací\GetRight
2012-03-25 23:03:03 ----D---- C:\Program Files\Free Download Manager
2012-03-25 22:22:26 ----ASH---- C:\pagefile.sys
2012-03-14 13:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 13:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 13:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-10 14:21:40 ----D---- C:\Android
2012-03-05 11:25:45 ----D---- C:\KASENS
2012-03-04 23:16:13 ----D---- C:\MOBAC

======List of files/folders modified in the last 1 month======

2012-03-27 17:36:37 ----D---- C:\WINDOWS\Temp
2012-03-27 17:36:37 ----D---- C:\Program Files\trend micro
2012-03-27 17:09:21 ----D---- C:\WINDOWS\Prefetch
2012-03-27 12:57:30 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-27 12:57:25 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-27 12:57:01 ----D---- C:\WINDOWS\system32\drivers
2012-03-27 12:55:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-27 12:40:55 ----D---- C:\Qoobox
2012-03-27 12:36:21 ----D---- C:\WINDOWS
2012-03-27 12:36:21 ----A---- C:\WINDOWS\system.ini
2012-03-27 12:34:28 ----D---- C:\WINDOWS\system32\config
2012-03-27 12:34:23 ----D---- C:\WINDOWS\ERDNT
2012-03-27 12:33:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-27 12:33:48 ----D---- C:\WINDOWS\system32\RtlGina
2012-03-27 12:32:53 ----D---- C:\WINDOWS\system32
2012-03-27 12:32:53 ----D---- C:\WINDOWS\AppPatch
2012-03-27 12:32:51 ----D---- C:\Program Files\Common Files
2012-03-27 12:30:04 ----RASH---- C:\boot.ini
2012-03-27 12:20:19 ----D---- C:\WINDOWS\system32\NtmsData
2012-03-27 12:04:09 ----D---- C:\WINDOWS\Registration
2012-03-27 11:52:17 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-27 11:52:06 ----RD---- C:\Program Files
2012-03-27 11:31:17 ----SHD---- C:\WINDOWS\Installer
2012-03-27 11:31:16 ----D---- C:\Config.Msi
2012-03-27 08:26:16 ----D---- C:\Documents and Settings\Kafac M\Data aplikací\vlc
2012-03-26 20:50:26 ----D---- C:\Program Files\uTorrent
2012-03-26 20:20:08 ----HD---- C:\WINDOWS\inf
2012-03-26 10:17:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-26 00:02:22 ----HD---- C:\aa
2012-03-25 23:14:52 ----D---- C:\Downloads
2012-03-25 12:45:04 ----D---- C:\Documents and Settings
2012-03-23 07:37:18 ----SD---- C:\Documents and Settings\Kafac M\Data aplikací\Microsoft
2012-03-22 19:46:26 ----D---- C:\Documents and Settings\Kafac M\Data aplikací\Adobe
2012-03-22 19:46:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2012-03-20 23:38:48 ----D---- C:\LOKO
2012-03-18 13:10:17 ----D---- C:\Program Files\Mozilla Firefox
2012-03-18 09:01:42 ----SHD---- C:\System Volume Information
2012-03-14 13:09:46 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-14 13:08:29 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-14 13:08:25 ----A---- C:\WINDOWS\imsins.BAK
2012-03-12 14:22:01 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-01-31 137416]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-03-31 21361]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-01-31 74640]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 giveio;giveio; \??\D:\Vlacky\RailExpres\DDWdriver\giveio.sys []
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-11-26 5555712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2010-11-17 101904]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 xpsec;Ovladač IPSEC; C:\WINDOWS\system32\drivers\xpsec.sys []
S3 0zx_fqi6i.sys;0zx_fqi6i.sys; \??\C:\WINDOWS\system32\drivers\0zx_fqi6i.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-06-26 335104]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 xcpip;Ovladač protokolu TCP/IP; C:\WINDOWS\system32\drivers\xcpip.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-01-31 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-11-26 614400]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-03 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Dávat log RSIT po skenu ComboFix je nesmysl, neboť CF z PC odstraní všechny stopy nákazy, které by jinak RSIT zobrazil. Dejte log ComboFix, najdete ho v c:\combofix.txt.

[jarnotrulli]

Hmmm... to jsem nevěděl
Tady je ten log z ComboFix:

ComboFix 12-03-27.01 - Kafac 27.03.2012 19:31:26.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2854 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kafac M\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-27 do 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 15:09 . 2012-03-27 15:09 -------- d-----w- C:\rsit
2012-03-27 09:57 . 2012-03-27 09:57 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Avira
2012-03-27 09:52 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-27 09:52 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-27 09:52 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\program files\Avira
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Avira
2012-03-26 19:57 . 2012-03-26 19:57 -------- d-----w- c:\documents and settings\Kafac M\Local Settings\Data aplikací\ESET
2012-03-26 18:20 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2012-03-26 18:19 . 2012-03-26 18:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2012-03-26 09:18 . 2012-03-26 09:19 -------- d-----w- C:\LogAvira
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:11 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\GetRight
2012-03-25 21:03 . 2012-03-25 21:08 -------- d-----w- c:\program files\Free Download Manager
2012-03-25 13:35 . 2012-03-25 13:35 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY.000\Oblíbené položky
2012-03-18 11:09 . 2012-03-18 11:09 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:09 . 2012-03-18 11:09 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-10 12:21 . 2012-03-10 14:07 -------- d-----w- C:\Android
2012-03-05 09:25 . 2012-03-20 21:39 -------- d-----w- C:\KASENS
2012-03-04 21:16 . 2012-03-04 21:48 -------- d-----w- C:\MOBAC
2012-03-01 17:51 . 2012-03-04 21:53 -------- d-----w- c:\documents and settings\vlacky\Ciy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 15:32 . 2011-06-19 17:46 3766 --sha-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2012-02-10 07:50 . 2012-02-10 07:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-17 15:44 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-14 22:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-20 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-05-17 22:36 . 2011-05-17 22:37 695578 ----a-w- c:\program files\unins000.exe
2011-04-21 06:28 . 2011-05-17 22:37 785920 ----a-w- c:\program files\Img2ozf.exe
2012-03-18 11:09 . 2011-06-02 15:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-12-27 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_10.36.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-27 17:36 . 2012-03-27 17:36 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
AWUS036H Wireless LAN Utility.lnk - c:\program files\AWUS036H Wireless LAN Utility\RtWLan.exe [2011-3-31 942080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Kafac M\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Rocrail\\rocrail.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RTLDHCP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27.3.2012 11:52 36000]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 16:52 33800]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2012 11:52 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.3.2012 10:17 652360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.12.2010 1:01 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.3.2012 10:17 20464]
R3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 0zx_fqi6i.sys;0zx_fqi6i.sys;\??\c:\windows\system32\drivers\0zx_fqi6i.sys --> c:\windows\system32\drivers\0zx_fqi6i.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2011 19:56 335104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - xcpip
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{70B83927-3EF7-407D-9644-031FA1006FCA}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kafac M\Data aplikací\Mozilla\Firefox\Profiles\7ysjppm0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - 46.4.7.198
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 203.172.167.119
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 46.4.7.198
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.4.7.198
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.4.7.198
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1052)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-03-27 19:40:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-27 17:40
ComboFix2.txt 2010-10-23 18:07
ComboFix3.txt 2010-10-21 22:03
ComboFix4.txt 2010-01-29 12:22
.
Před spuštěním: 4 301 238 272
Po spuštění: 4 288 008 192
.
- - End Of File - - 1D35E0C98F08825C9B9BE8C5C1D45E0A

[Rudy]

Máte tam pěkné nadělení. Ještě dočistíme:

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\drivers\0zx_fqi6i.sys

Driver::
0zx_fqi6i
xcpip

Registry::
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

Reboot::

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



Pak stáhněte a rozbalte na plochu: http://support.kaspersky.com/downloads/ ... killer.zip . Spusťte a nechte pracovat. Po akci sem zkopírujte log.

[jarnotrulli]

Ten ComboFix při skenování zatuhl....
Tady je lok z toho TDSSKilleru:

11:39:45.0468 2804 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:39:45.0687 2804 ============================================================
11:39:45.0687 2804 Current date / time: 2012/03/28 11:39:45.0687
11:39:45.0687 2804 SystemInfo:
11:39:45.0687 2804
11:39:45.0687 2804 OS Version: 5.1.2600 ServicePack: 3.0
11:39:45.0687 2804 Product type: Workstation
11:39:45.0687 2804 ComputerName: KAFAC
11:39:45.0687 2804 UserName: Kafac
11:39:45.0687 2804 Windows directory: C:\WINDOWS
11:39:45.0687 2804 System windows directory: C:\WINDOWS
11:39:45.0687 2804 Processor architecture: Intel x86
11:39:45.0687 2804 Number of processors: 2
11:39:45.0687 2804 Page size: 0x1000
11:39:45.0687 2804 Boot type: Normal boot
11:39:45.0687 2804 ============================================================
11:39:46.0609 2804 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:39:46.0609 2804 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:39:46.0625 2804 \Device\Harddisk0\DR0:
11:39:46.0625 2804 MBR used
11:39:46.0625 2804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
11:39:46.0625 2804 \Device\Harddisk1\DR1:
11:39:46.0625 2804 MBR used
11:39:46.0625 2804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:39:46.0750 2804 Initialize success
11:39:46.0750 2804 ============================================================
11:39:53.0125 3568 ============================================================
11:39:53.0125 3568 Scan started
11:39:53.0125 3568 Mode: Manual;
11:39:53.0125 3568 ============================================================
11:39:53.0312 3568 0zx_fqi6i.sys - ok
11:39:53.0328 3568 Abiosdsk - ok
11:39:53.0328 3568 abp480n5 - ok
11:39:53.0359 3568 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:39:53.0359 3568 ACPI - ok
11:39:53.0390 3568 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:39:53.0390 3568 ACPIEC - ok
11:39:53.0453 3568 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:39:53.0453 3568 Adobe LM Service - ok
11:39:53.0453 3568 adpu160m - ok
11:39:53.0468 3568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:39:53.0468 3568 aec - ok
11:39:53.0500 3568 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:39:53.0500 3568 AegisP - ok
11:39:53.0531 3568 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:39:53.0531 3568 AFD - ok
11:39:53.0531 3568 Aha154x - ok
11:39:53.0546 3568 aic78u2 - ok
11:39:53.0546 3568 aic78xx - ok
11:39:53.0593 3568 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
11:39:53.0593 3568 Alerter - ok
11:39:53.0609 3568 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
11:39:53.0609 3568 ALG - ok
11:39:53.0609 3568 AliIde - ok
11:39:53.0625 3568 amsint - ok
11:39:53.0656 3568 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:39:53.0656 3568 AntiVirSchedulerService - ok
11:39:53.0687 3568 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:39:53.0687 3568 AntiVirService - ok
11:39:53.0734 3568 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
11:39:53.0734 3568 AppMgmt - ok
11:39:53.0734 3568 asc - ok
11:39:53.0734 3568 asc3350p - ok
11:39:53.0750 3568 asc3550 - ok
11:39:53.0812 3568 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:39:53.0843 3568 aspnet_state - ok
11:39:53.0875 3568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:39:53.0875 3568 AsyncMac - ok
11:39:53.0875 3568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:39:53.0875 3568 atapi - ok
11:39:53.0890 3568 Atdisk - ok
11:39:53.0921 3568 Ati HotKey Poller (4ade3f07de5f5376e6030e16b945a5ef) C:\WINDOWS\system32\Ati2evxx.exe
11:39:53.0921 3568 Ati HotKey Poller - ok
11:39:54.0015 3568 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:39:54.0046 3568 ati2mtag - ok
11:39:54.0062 3568 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys
11:39:54.0062 3568 AtiHDAudioService - ok
11:39:54.0093 3568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:39:54.0093 3568 Atmarpc - ok
11:39:54.0140 3568 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
11:39:54.0140 3568 AudioSrv - ok
11:39:54.0156 3568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:39:54.0156 3568 audstub - ok
11:39:54.0187 3568 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:39:54.0187 3568 avgntflt - ok
11:39:54.0203 3568 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:39:54.0203 3568 avipbb - ok
11:39:54.0218 3568 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:39:54.0218 3568 avkmgr - ok
11:39:54.0234 3568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:39:54.0234 3568 Beep - ok
11:39:54.0281 3568 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
11:39:54.0281 3568 BITS - ok
11:39:54.0312 3568 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
11:39:54.0312 3568 Browser - ok
11:39:54.0328 3568 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:39:54.0328 3568 BthEnum - ok
11:39:54.0343 3568 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:39:54.0343 3568 BthPan - ok
11:39:54.0375 3568 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
11:39:54.0375 3568 BTHPORT - ok
11:39:54.0406 3568 BthServ (70ca4b3f634c9dca200832f8da76e009) C:\WINDOWS\System32\bthserv.dll
11:39:54.0406 3568 BthServ - ok
11:39:54.0421 3568 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:39:54.0421 3568 BTHUSB - ok
11:39:54.0500 3568 catchme - ok
11:39:54.0515 3568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:39:54.0531 3568 cbidf2k - ok
11:39:54.0531 3568 cd20xrnt - ok
11:39:54.0562 3568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:39:54.0562 3568 Cdaudio - ok
11:39:54.0593 3568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:39:54.0593 3568 Cdfs - ok
11:39:54.0593 3568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:39:54.0593 3568 Cdrom - ok
11:39:54.0609 3568 Changer - ok
11:39:54.0640 3568 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
11:39:54.0640 3568 CiSvc - ok
11:39:54.0687 3568 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
11:39:54.0687 3568 ClipSrv - ok
11:39:54.0734 3568 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:39:54.0781 3568 clr_optimization_v2.0.50727_32 - ok
11:39:54.0843 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:39:54.0875 3568 clr_optimization_v4.0.30319_32 - ok
11:39:54.0890 3568 CmdIde - ok
11:39:54.0890 3568 COMSysApp - ok
11:39:54.0890 3568 Cpqarray - ok
11:39:54.0937 3568 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
11:39:54.0937 3568 CryptSvc - ok
11:39:54.0937 3568 dac2w2k - ok
11:39:54.0953 3568 dac960nt - ok
11:39:55.0000 3568 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
11:39:55.0000 3568 DcomLaunch - ok
11:39:55.0015 3568 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
11:39:55.0015 3568 Dhcp - ok
11:39:55.0031 3568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:39:55.0031 3568 Disk - ok
11:39:55.0046 3568 dmadmin - ok
11:39:55.0093 3568 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
11:39:55.0093 3568 dmboot - ok
11:39:55.0109 3568 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
11:39:55.0109 3568 dmio - ok
11:39:55.0109 3568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:39:55.0109 3568 dmload - ok
11:39:55.0140 3568 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
11:39:55.0140 3568 dmserver - ok
11:39:55.0156 3568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:39:55.0156 3568 DMusic - ok
11:39:55.0187 3568 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
11:39:55.0187 3568 Dnscache - ok
11:39:55.0234 3568 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
11:39:55.0234 3568 Dot3svc - ok
11:39:55.0234 3568 dpti2o - ok
11:39:55.0265 3568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:39:55.0265 3568 drmkaud - ok
11:39:55.0296 3568 eamon (a885ed0bdc9e7dec3a654bb91befef0f) C:\WINDOWS\system32\DRIVERS\eamon.sys
11:39:55.0296 3568 eamon - ok
11:39:55.0343 3568 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
11:39:55.0343 3568 EapHost - ok
11:39:55.0343 3568 epfwtdir (063ba83a061dbf2a53e1889446be729b) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
11:39:55.0343 3568 epfwtdir - ok
11:39:55.0375 3568 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
11:39:55.0375 3568 ERSvc - ok
11:39:55.0406 3568 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
11:39:55.0406 3568 Eventlog - ok
11:39:55.0437 3568 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
11:39:55.0437 3568 EventSystem - ok
11:39:55.0453 3568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:39:55.0453 3568 Fastfat - ok
11:39:55.0484 3568 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
11:39:55.0484 3568 FastUserSwitchingCompatibility - ok
11:39:55.0500 3568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:39:55.0500 3568 Fdc - ok
11:39:55.0500 3568 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
11:39:55.0500 3568 Fips - ok
11:39:55.0515 3568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:39:55.0515 3568 Flpydisk - ok
11:39:55.0531 3568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:39:55.0531 3568 FltMgr - ok
11:39:55.0609 3568 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:39:55.0609 3568 FontCache3.0.0.0 - ok
11:39:55.0640 3568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:39:55.0640 3568 Fs_Rec - ok
11:39:55.0671 3568 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:39:55.0671 3568 Ftdisk - ok
11:39:55.0687 3568 gdrv (b6bfec7542730e9a376bf2408423d493) C:\WINDOWS\gdrv.sys
11:39:55.0718 3568 gdrv - ok
11:39:55.0812 3568 giveio (77ebf3e9386daa51551af429052d88d0) D:\Vlacky\RailExpres\DDWdriver\giveio.sys
11:39:55.0812 3568 giveio - ok
11:39:55.0843 3568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:39:55.0843 3568 Gpc - ok
11:39:55.0859 3568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:39:55.0859 3568 HDAudBus - ok
11:39:55.0906 3568 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:39:55.0906 3568 helpsvc - ok
11:39:55.0921 3568 HidServ - ok
11:39:55.0968 3568 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
11:39:55.0968 3568 hkmsvc - ok
11:39:55.0968 3568 hpn - ok
11:39:56.0000 3568 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:39:56.0000 3568 HPZid412 - ok
11:39:56.0031 3568 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:39:56.0031 3568 HPZipr12 - ok
11:39:56.0078 3568 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:39:56.0078 3568 HPZius12 - ok
11:39:56.0109 3568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:39:56.0125 3568 HTTP - ok
11:39:56.0156 3568 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
11:39:56.0156 3568 HTTPFilter - ok
11:39:56.0156 3568 i2omgmt - ok
11:39:56.0156 3568 i2omp - ok
11:39:56.0171 3568 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:39:56.0171 3568 i8042prt - ok
11:39:56.0250 3568 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:39:56.0265 3568 idsvc - ok
11:39:56.0281 3568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:39:56.0281 3568 Imapi - ok
11:39:56.0390 3568 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
11:39:56.0390 3568 ImapiService - ok
11:39:56.0390 3568 ini910u - ok
11:39:56.0484 3568 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:39:56.0500 3568 IntcAzAudAddService - ok
11:39:56.0500 3568 IntelIde - ok
11:39:56.0515 3568 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:39:56.0515 3568 intelppm - ok
11:39:56.0546 3568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:39:56.0546 3568 Ip6Fw - ok
11:39:56.0562 3568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:39:56.0562 3568 IpFilterDriver - ok
11:39:56.0609 3568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:39:56.0609 3568 IpInIp - ok
11:39:56.0625 3568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:39:56.0625 3568 IpNat - ok
11:39:56.0656 3568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:39:56.0656 3568 IPSec - ok
11:39:56.0687 3568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:39:56.0687 3568 IRENUM - ok
11:39:56.0718 3568 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:39:56.0718 3568 isapnp - ok
11:39:56.0765 3568 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
11:39:56.0765 3568 Iviaspi - ok
11:39:56.0828 3568 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:39:56.0828 3568 IviRegMgr - ok
11:39:56.0875 3568 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
11:39:56.0875 3568 JavaQuickStarterService - ok
11:39:56.0906 3568 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\WINDOWS\system32\DRIVERS\jraid.sys
11:39:56.0906 3568 JRAID - ok
11:39:56.0921 3568 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:39:56.0921 3568 Kbdclass - ok
11:39:56.0984 3568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:39:56.0984 3568 kmixer - ok
11:39:57.0015 3568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:39:57.0015 3568 KSecDD - ok
11:39:57.0031 3568 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
11:39:57.0031 3568 lanmanserver - ok
11:39:57.0046 3568 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
11:39:57.0046 3568 lanmanworkstation - ok
11:39:57.0062 3568 lbrtfdc - ok
11:39:57.0093 3568 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
11:39:57.0093 3568 LmHosts - ok
11:39:57.0109 3568 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:39:57.0109 3568 MBAMProtector - ok
11:39:57.0156 3568 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:39:57.0156 3568 MBAMService - ok
11:39:57.0203 3568 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
11:39:57.0203 3568 Messenger - ok
11:39:57.0218 3568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:39:57.0218 3568 mnmdd - ok
11:39:57.0250 3568 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
11:39:57.0250 3568 mnmsrvc - ok
11:39:57.0281 3568 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
11:39:57.0281 3568 Modem - ok
11:39:57.0312 3568 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:39:57.0312 3568 Mouclass - ok
11:39:57.0312 3568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:39:57.0312 3568 MountMgr - ok
11:39:57.0328 3568 mraid35x - ok
11:39:57.0343 3568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:39:57.0343 3568 MRxDAV - ok
11:39:57.0390 3568 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:39:57.0390 3568 MRxSmb - ok
11:39:57.0421 3568 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
11:39:57.0421 3568 MSDTC - ok
11:39:57.0453 3568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:39:57.0453 3568 Msfs - ok
11:39:57.0453 3568 MSIServer - ok
11:39:57.0500 3568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:39:57.0500 3568 MSKSSRV - ok
11:39:57.0515 3568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:39:57.0515 3568 MSPCLOCK - ok
11:39:57.0562 3568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:39:57.0562 3568 MSPQM - ok
11:39:57.0593 3568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:39:57.0593 3568 mssmbios - ok
11:39:57.0609 3568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:39:57.0609 3568 Mup - ok
11:39:57.0625 3568 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
11:39:57.0625 3568 napagent - ok
11:39:57.0640 3568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:39:57.0656 3568 NDIS - ok
11:39:57.0671 3568 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:39:57.0671 3568 NdisTapi - ok
11:39:57.0703 3568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:39:57.0703 3568 Ndisuio - ok
11:39:57.0734 3568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:39:57.0734 3568 NdisWan - ok
11:39:57.0765 3568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:39:57.0765 3568 NDProxy - ok
11:39:57.0781 3568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:39:57.0781 3568 NetBIOS - ok
11:39:57.0796 3568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:39:57.0812 3568 NetBT - ok
11:39:57.0843 3568 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
11:39:57.0843 3568 NetDDE - ok
11:39:57.0843 3568 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
11:39:57.0843 3568 NetDDEdsdm - ok
11:39:57.0890 3568 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
11:39:57.0890 3568 Netlogon - ok
11:39:57.0921 3568 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
11:39:57.0921 3568 Netman - ok
11:39:58.0000 3568 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:39:58.0031 3568 NetTcpPortSharing - ok
11:39:58.0078 3568 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
11:39:58.0078 3568 Nla - ok
11:39:58.0078 3568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:39:58.0078 3568 Npfs - ok
11:39:58.0093 3568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:39:58.0109 3568 Ntfs - ok
11:39:58.0125 3568 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
11:39:58.0125 3568 NtLmSsp - ok
11:39:58.0156 3568 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
11:39:58.0171 3568 NtmsSvc - ok
11:39:58.0187 3568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:39:58.0187 3568 Null - ok
11:39:58.0218 3568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:39:58.0218 3568 NwlnkFlt - ok
11:39:58.0234 3568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:39:58.0234 3568 NwlnkFwd - ok
11:39:58.0234 3568 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
11:39:58.0234 3568 Parport - ok
11:39:58.0250 3568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:39:58.0250 3568 PartMgr - ok
11:39:58.0265 3568 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
11:39:58.0265 3568 ParVdm - ok
11:39:58.0281 3568 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
11:39:58.0281 3568 PCI - ok
11:39:58.0281 3568 PCIDump - ok
11:39:58.0312 3568 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:39:58.0312 3568 PCIIde - ok
11:39:58.0328 3568 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:39:58.0328 3568 Pcmcia - ok
11:39:58.0328 3568 PDCOMP - ok
11:39:58.0343 3568 PDFRAME - ok
11:39:58.0343 3568 PDRELI - ok
11:39:58.0343 3568 PDRFRAME - ok
11:39:58.0359 3568 perc2 - ok
11:39:58.0359 3568 perc2hib - ok
11:39:58.0406 3568 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
11:39:58.0406 3568 PlugPlay - ok
11:39:58.0437 3568 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
11:39:58.0437 3568 Pml Driver HPZ12 - ok
11:39:58.0437 3568 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
11:39:58.0437 3568 PolicyAgent - ok
11:39:58.0468 3568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:39:58.0468 3568 PptpMiniport - ok
11:39:58.0484 3568 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
11:39:58.0484 3568 ProtectedStorage - ok
11:39:58.0484 3568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:39:58.0484 3568 PSched - ok
11:39:58.0546 3568 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:39:58.0546 3568 PSI_SVC_2 - ok
11:39:58.0562 3568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:39:58.0562 3568 Ptilink - ok
11:39:58.0609 3568 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:39:58.0609 3568 PxHelp20 - ok
11:39:58.0609 3568 ql1080 - ok
11:39:58.0625 3568 Ql10wnt - ok
11:39:58.0625 3568 ql12160 - ok
11:39:58.0625 3568 ql1240 - ok
11:39:58.0640 3568 ql1280 - ok
11:39:58.0640 3568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:39:58.0640 3568 RasAcd - ok
11:39:58.0687 3568 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
11:39:58.0687 3568 RasAuto - ok
11:39:58.0687 3568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:39:58.0687 3568 Rasl2tp - ok
11:39:58.0734 3568 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
11:39:58.0734 3568 RasMan - ok
11:39:58.0750 3568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:39:58.0750 3568 RasPppoe - ok
11:39:58.0750 3568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:39:58.0750 3568 Raspti - ok
11:39:58.0765 3568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:39:58.0765 3568 Rdbss - ok
11:39:58.0765 3568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:39:58.0781 3568 RDPCDD - ok
11:39:58.0812 3568 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:39:58.0812 3568 rdpdr - ok
11:39:58.0843 3568 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:39:58.0843 3568 RDPWD - ok
11:39:58.0875 3568 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
11:39:58.0875 3568 RDSessMgr - ok
11:39:58.0890 3568 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:39:58.0890 3568 redbook - ok
11:39:58.0921 3568 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
11:39:58.0921 3568 regi - ok
11:39:58.0953 3568 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
11:39:58.0953 3568 RemoteAccess - ok
11:39:59.0000 3568 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
11:39:59.0000 3568 RemoteRegistry - ok
11:39:59.0031 3568 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:39:59.0031 3568 RFCOMM - ok
11:39:59.0062 3568 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
11:39:59.0062 3568 RpcLocator - ok
11:39:59.0109 3568 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
11:39:59.0109 3568 RpcSs - ok
11:39:59.0125 3568 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
11:39:59.0125 3568 RSVP - ok
11:39:59.0171 3568 RTL8187B (2e2e3a2d1ba5e540c32558f3f37d33e3) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
11:39:59.0171 3568 RTL8187B - ok
11:39:59.0203 3568 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:39:59.0203 3568 RTLE8023xp - ok
11:39:59.0250 3568 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
11:39:59.0250 3568 SamSs - ok
11:39:59.0265 3568 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
11:39:59.0265 3568 SCardSvr - ok
11:39:59.0296 3568 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
11:39:59.0296 3568 Schedule - ok
11:39:59.0343 3568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:39:59.0343 3568 Secdrv - ok
11:39:59.0390 3568 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
11:39:59.0390 3568 seclogon - ok
11:39:59.0421 3568 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
11:39:59.0421 3568 SENS - ok
11:39:59.0437 3568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:39:59.0437 3568 serenum - ok
11:39:59.0484 3568 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
11:39:59.0484 3568 Serial - ok
11:39:59.0531 3568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:39:59.0531 3568 Sfloppy - ok
11:39:59.0562 3568 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
11:39:59.0562 3568 SharedAccess - ok
11:39:59.0593 3568 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
11:39:59.0593 3568 ShellHWDetection - ok
11:39:59.0593 3568 Simbad - ok
11:39:59.0609 3568 Sparrow - ok
11:39:59.0625 3568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:39:59.0625 3568 splitter - ok
11:39:59.0687 3568 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:39:59.0687 3568 Spooler - ok
11:39:59.0718 3568 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
11:39:59.0718 3568 sr - ok
11:39:59.0750 3568 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
11:39:59.0750 3568 srservice - ok
11:39:59.0796 3568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:39:59.0796 3568 Srv - ok
11:39:59.0828 3568 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
11:39:59.0828 3568 SSDPSRV - ok
11:39:59.0843 3568 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:39:59.0843 3568 ssmdrv - ok
11:39:59.0890 3568 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
11:39:59.0890 3568 stisvc - ok
11:39:59.0921 3568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:39:59.0921 3568 swenum - ok
11:39:59.0953 3568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:39:59.0953 3568 swmidi - ok
11:39:59.0953 3568 SwPrv - ok
11:39:59.0968 3568 symc810 - ok
11:39:59.0968 3568 symc8xx - ok
11:39:59.0968 3568 sym_hi - ok
11:39:59.0984 3568 sym_u3 - ok
11:39:59.0984 3568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:39:59.0984 3568 sysaudio - ok
11:40:00.0000 3568 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
11:40:00.0000 3568 SysmonLog - ok
11:40:00.0031 3568 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
11:40:00.0031 3568 TapiSrv - ok
11:40:00.0078 3568 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:40:00.0078 3568 Tcpip - ok
11:40:00.0109 3568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:40:00.0109 3568 TDPIPE - ok
11:40:00.0140 3568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:40:00.0140 3568 TDTCP - ok
11:40:00.0187 3568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:40:00.0187 3568 TermDD - ok
11:40:00.0234 3568 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
11:40:00.0234 3568 TermService - ok
11:40:00.0265 3568 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
11:40:00.0265 3568 Themes - ok
11:40:00.0296 3568 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\system32\tlntsvr.exe
11:40:00.0296 3568 TlntSvr - ok
11:40:00.0296 3568 TosIde - ok
11:40:00.0328 3568 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
11:40:00.0328 3568 TrkWks - ok
11:40:00.0359 3568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:40:00.0375 3568 Udfs - ok
11:40:00.0375 3568 ultra - ok
11:40:00.0406 3568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:40:00.0406 3568 Update - ok
11:40:00.0453 3568 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
11:40:00.0453 3568 upnphost - ok
11:40:00.0484 3568 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
11:40:00.0484 3568 UPS - ok
11:40:00.0500 3568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:40:00.0500 3568 usbccgp - ok
11:40:00.0515 3568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:40:00.0515 3568 usbehci - ok
11:40:00.0546 3568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:40:00.0546 3568 usbhub - ok
11:40:00.0562 3568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:40:00.0562 3568 usbprint - ok
11:40:00.0593 3568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:40:00.0593 3568 usbscan - ok
11:40:00.0609 3568 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:40:00.0609 3568 usbstor - ok
11:40:00.0625 3568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:40:00.0625 3568 usbuhci - ok
11:40:00.0625 3568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:40:00.0625 3568 VgaSave - ok
11:40:00.0640 3568 ViaIde - ok
11:40:00.0656 3568 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
11:40:00.0656 3568 VolSnap - ok
11:40:00.0671 3568 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
11:40:00.0671 3568 VSS - ok
11:40:00.0687 3568 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
11:40:00.0703 3568 W32Time - ok
11:40:00.0718 3568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:40:00.0718 3568 Wanarp - ok
11:40:00.0718 3568 WDICA - ok
11:40:00.0750 3568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:40:00.0750 3568 wdmaud - ok
11:40:00.0781 3568 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
11:40:00.0781 3568 WebClient - ok
11:40:00.0843 3568 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:40:00.0843 3568 winmgmt - ok
11:40:00.0890 3568 WmdmPmSN (6199b2ae3f9db9cb6db230471a1dc601) C:\WINDOWS\system32\mspmsnsv.dll
11:40:00.0890 3568 WmdmPmSN - ok
11:40:00.0921 3568 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
11:40:00.0937 3568 Wmi - ok
11:40:00.0937 3568 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:40:00.0937 3568 WmiApSrv - ok
11:40:01.0031 3568 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:40:01.0046 3568 WPFFontCache_v0400 - ok
11:40:01.0046 3568 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:40:01.0046 3568 WS2IFSL - ok
11:40:01.0093 3568 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
11:40:01.0093 3568 wscsvc - ok
11:40:01.0140 3568 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
11:40:01.0140 3568 wuauserv - ok
11:40:01.0171 3568 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
11:40:01.0171 3568 WZCSVC - ok
11:40:01.0187 3568 xcpip - ok
11:40:01.0218 3568 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
11:40:01.0218 3568 xmlprov - ok
11:40:01.0234 3568 xpsec - ok
11:40:01.0250 3568 MBR (0x1B8) (0e1d60863e74698b6255deeb65261da6) \Device\Harddisk0\DR0
11:40:01.0250 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
11:40:01.0250 3568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
11:40:01.0265 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:40:01.0265 3568 \Device\Harddisk1\DR1 - ok
11:40:01.0265 3568 Boot (0x1200) (cc78c780bb18133ee4ba20b8751a19a6) \Device\Harddisk0\DR0\Partition0
11:40:01.0265 3568 \Device\Harddisk0\DR0\Partition0 - ok
11:40:01.0265 3568 Boot (0x1200) (000326fd17870b32ee18eff3da2b4a00) \Device\Harddisk1\DR1\Partition0
11:40:01.0265 3568 \Device\Harddisk1\DR1\Partition0 - ok
11:40:01.0265 3568 ============================================================
11:40:01.0265 3568 Scan finished
11:40:01.0265 3568 ============================================================
11:40:01.0265 0228 Detected object count: 1
11:40:01.0265 0228 Actual detected object count: 1
11:41:16.0312 0228 \Device\Harddisk0\DR0\# - copied to quarantine
11:41:16.0312 0228 \Device\Harddisk0\DR0 - copied to quarantine
11:41:16.0312 0228 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Quarantine

[Rudy]

Rootkit byl přesunut do karantény. Zkuste CF spustit znovu, ale v nouz. režimu.

[jarnotrulli]

ComboFix v nouzovem rezimu probehl, pak po restartu scanoval jeste jednou a tohle je log:

ComboFix 12-03-27.01 - Kafac 28.03.2012 18:55:44.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3075 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kafac M\Plocha\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 09:41 . 2012-03-28 09:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 18:13 . 2012-03-27 18:14 -------- d-----w- C:\Dane
2012-03-27 15:09 . 2012-03-27 15:09 -------- d-----w- C:\rsit
2012-03-27 09:57 . 2012-03-27 09:57 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Avira
2012-03-27 09:52 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-27 09:52 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-27 09:52 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\program files\Avira
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Avira
2012-03-26 19:57 . 2012-03-26 19:57 -------- d-----w- c:\documents and settings\Kafac M\Local Settings\Data aplikací\ESET
2012-03-26 18:20 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2012-03-26 18:19 . 2012-03-26 18:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2012-03-26 09:18 . 2012-03-26 09:19 -------- d-----w- C:\LogAvira
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:11 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\GetRight
2012-03-25 21:03 . 2012-03-25 21:08 -------- d-----w- c:\program files\Free Download Manager
2012-03-25 13:35 . 2012-03-25 13:35 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY.000\Oblíbené položky
2012-03-18 11:09 . 2012-03-18 11:09 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:09 . 2012-03-18 11:09 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-10 12:21 . 2012-03-10 14:07 -------- d-----w- C:\Android
2012-03-05 09:25 . 2012-03-20 21:39 -------- d-----w- C:\KASENS
2012-03-04 21:16 . 2012-03-04 21:48 -------- d-----w- C:\MOBAC
2012-03-01 17:51 . 2012-03-04 21:53 -------- d-----w- c:\documents and settings\vlacky\Ciy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 15:32 . 2011-06-19 17:46 3766 --sha-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2012-02-10 07:50 . 2012-02-10 07:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-17 15:44 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-14 22:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-20 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-05-17 22:36 . 2011-05-17 22:37 695578 ----a-w- c:\program files\unins000.exe
2011-04-21 06:28 . 2011-05-17 22:37 785920 ----a-w- c:\program files\Img2ozf.exe
2012-03-18 11:09 . 2011-06-02 15:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-12-27 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_10.36.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 17:04 . 2012-03-28 17:04 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 83398 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 83398 c:\windows\system32\perfc009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 488652 c:\windows\system32\perfh005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 488652 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
AWUS036H Wireless LAN Utility.lnk - c:\program files\AWUS036H Wireless LAN Utility\RtWLan.exe [2011-3-31 942080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Kafac M\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Rocrail\\rocrail.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RTLDHCP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27.3.2012 11:52 36000]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 16:52 33800]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2012 11:52 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.3.2012 10:17 652360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.12.2010 1:01 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.3.2012 10:17 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 0zx_fqi6i.sys;0zx_fqi6i.sys;\??\c:\windows\system32\drivers\0zx_fqi6i.sys --> c:\windows\system32\drivers\0zx_fqi6i.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2011 19:56 335104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{70B83927-3EF7-407D-9644-031FA1006FCA}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kafac M\Data aplikací\Mozilla\Firefox\Profiles\7ysjppm0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - 46.4.7.198
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 203.172.167.119
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 46.4.7.198
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.4.7.198
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.4.7.198
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1180)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-03-28 19:08:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-28 17:08
ComboFix2.txt 2012-03-27 17:40
ComboFix3.txt 2010-10-23 18:07
ComboFix4.txt 2010-10-21 22:03
ComboFix5.txt 2012-03-27 18:56
.
Před spuštěním: 4 385 308 672
Po spuštění: 4 421 808 128
.
- - End Of File - - DDA4009ACF9868108C214F3D82DFDA35

[Rudy]

Rootkity jsou pryč, ještě je třeba pozavírat otevřené porty. Spusťte znovu CF tímto skriptem:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"=-
"1542:UDP"=-
"53:UDP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

[jarnotrulli]

Ještě se zeptám, ty soubory co dal TDSSKiller do karantény se za nějakou dobu smažou samy? nebo je mám smazat?
Jinak tady je log z CF:

ComboFix 12-03-27.01 - Kafac 28.03.2012 23:59:15.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2618 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kafac M\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kafac M\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 09:41 . 2012-03-28 09:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 18:13 . 2012-03-27 18:14 -------- d-----w- C:\Dane
2012-03-27 15:09 . 2012-03-27 15:09 -------- d-----w- C:\rsit
2012-03-27 09:57 . 2012-03-27 09:57 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Avira
2012-03-27 09:52 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-27 09:52 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-27 09:52 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\program files\Avira
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Avira
2012-03-26 19:57 . 2012-03-26 19:57 -------- d-----w- c:\documents and settings\Kafac M\Local Settings\Data aplikací\ESET
2012-03-26 18:20 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2012-03-26 18:19 . 2012-03-26 18:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2012-03-26 09:18 . 2012-03-26 09:19 -------- d-----w- C:\LogAvira
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:11 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\GetRight
2012-03-25 21:03 . 2012-03-25 21:08 -------- d-----w- c:\program files\Free Download Manager
2012-03-25 13:35 . 2012-03-25 13:35 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY.000\Oblíbené položky
2012-03-18 11:09 . 2012-03-18 11:09 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:09 . 2012-03-18 11:09 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-10 12:21 . 2012-03-10 14:07 -------- d-----w- C:\Android
2012-03-05 09:25 . 2012-03-20 21:39 -------- d-----w- C:\KASENS
2012-03-04 21:16 . 2012-03-04 21:48 -------- d-----w- C:\MOBAC
2012-03-01 17:51 . 2012-03-04 21:53 -------- d-----w- c:\documents and settings\vlacky\Ciy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 15:32 . 2011-06-19 17:46 3766 --sha-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2012-02-10 07:50 . 2012-02-10 07:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-17 15:44 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-14 22:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-20 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-05-17 22:36 . 2011-05-17 22:37 695578 ----a-w- c:\program files\unins000.exe
2011-04-21 06:28 . 2011-05-17 22:37 785920 ----a-w- c:\program files\Img2ozf.exe
2012-03-18 11:09 . 2011-06-02 15:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-12-27 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_10.36.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 17:04 . 2012-03-28 17:04 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 83398 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 83398 c:\windows\system32\perfc009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 488652 c:\windows\system32\perfh005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 488652 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
AWUS036H Wireless LAN Utility.lnk - c:\program files\AWUS036H Wireless LAN Utility\RtWLan.exe [2011-3-31 942080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Kafac M\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Rocrail\\rocrail.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RTLDHCP.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27.3.2012 11:52 36000]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 16:52 33800]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2012 11:52 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.3.2012 10:17 652360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.12.2010 1:01 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.3.2012 10:17 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 0zx_fqi6i.sys;0zx_fqi6i.sys;\??\c:\windows\system32\drivers\0zx_fqi6i.sys --> c:\windows\system32\drivers\0zx_fqi6i.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2011 19:56 335104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 71792854
*Deregistered* - 71792854
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{70B83927-3EF7-407D-9644-031FA1006FCA}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kafac M\Data aplikací\Mozilla\Firefox\Profiles\7ysjppm0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - 46.4.7.198
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 203.172.167.119
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 46.4.7.198
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.4.7.198
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.4.7.198
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 00:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-03-29 00:05:21
ComboFix-quarantined-files.txt 2012-03-28 22:05
ComboFix2.txt 2012-03-28 17:08
ComboFix3.txt 2012-03-27 17:40
ComboFix4.txt 2010-10-23 18:07
ComboFix5.txt 2012-03-28 21:56
.
Před spuštěním: 4 482 273 280
Po spuštění: 4 463 480 832
.
- - End Of File - - 8712003C84A5915695BB17BC9BACDF82

[Rudy]

Stále se vrací rootkit. Spusťte znovu CF tímto skriptem:

KillAll::

Collect::
c:\windows\system32\drivers\0zx_fqi6i.sys

Driver::
0zx_fqi6i.sys
71792854

[jarnotrulli]

Tak opět v nouzovém režimu.
Tady je log:

ComboFix 12-03-27.01 - Kafac 30.03.2012 10:30:04.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3197 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kafac M\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kafac M\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_0ZX_FQI6I.SYS
-------\Legacy_71792854
-------\Service_0zx_fqi6i.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-29 21:54 . 2012-03-29 21:54 -------- d-----w- c:\documents and settings\vlacky\ZIMO-MX646
2012-03-28 09:41 . 2012-03-28 09:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-27 18:13 . 2012-03-27 18:14 -------- d-----w- C:\Dane
2012-03-27 15:09 . 2012-03-27 15:09 -------- d-----w- C:\rsit
2012-03-27 09:57 . 2012-03-27 09:57 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Avira
2012-03-27 09:52 . 2012-01-31 06:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-27 09:52 . 2012-01-31 06:57 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-27 09:52 . 2011-09-16 14:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\program files\Avira
2012-03-27 09:52 . 2012-03-27 09:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Avira
2012-03-26 19:57 . 2012-03-26 19:57 -------- d-----w- c:\documents and settings\Kafac M\Local Settings\Data aplikací\ESET
2012-03-26 18:20 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2012-03-26 18:19 . 2012-03-26 18:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2012-03-26 09:18 . 2012-03-26 09:19 -------- d-----w- C:\LogAvira
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2012-03-26 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-03-26 08:17 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:11 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Kafac M\Data aplikací\GetRight
2012-03-25 21:03 . 2012-03-25 21:08 -------- d-----w- c:\program files\Free Download Manager
2012-03-25 13:35 . 2012-03-25 13:35 -------- d-----r- c:\documents and settings\LocalService.NT AUTHORITY.000\Oblíbené položky
2012-03-18 11:09 . 2012-03-18 11:09 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:09 . 2012-03-18 11:09 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-10 12:21 . 2012-03-10 14:07 -------- d-----w- C:\Android
2012-03-05 09:25 . 2012-03-20 21:39 -------- d-----w- C:\KASENS
2012-03-04 21:16 . 2012-03-04 21:48 -------- d-----w- C:\MOBAC
2012-03-01 17:51 . 2012-03-04 21:53 -------- d-----w- c:\documents and settings\vlacky\Ciy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 15:32 . 2011-06-19 17:46 3766 --sha-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2012-02-10 07:50 . 2012-02-10 07:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-17 15:44 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-14 22:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-12-20 11:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-05-17 22:36 . 2011-05-17 22:37 695578 ----a-w- c:\program files\unins000.exe
2011-04-21 06:28 . 2011-05-17 22:37 785920 ----a-w- c:\program files\Img2ozf.exe
2012-03-18 11:09 . 2011-06-02 15:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2010-12-27 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_10.36.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-30 08:37 . 2012-03-30 08:37 16384 c:\windows\temp\Perflib_Perfdata_1f8.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 83398 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 83398 c:\windows\system32\perfc009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 97214 c:\windows\system32\perfc005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 492750 c:\windows\system32\perfh009.dat
- 2001-10-25 13:00 . 2012-02-15 02:09 488652 c:\windows\system32\perfh005.dat
+ 2001-10-25 13:00 . 2012-03-28 16:56 488652 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
AWUS036H Wireless LAN Utility.lnk - c:\program files\AWUS036H Wireless LAN Utility\RtWLan.exe [2011-3-31 942080]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Kafac M\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Rocrail\\rocrail.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RTLDHCP.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27.3.2012 11:52 36000]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 16:52 33800]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2012 11:52 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.3.2012 10:17 652360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.12.2010 1:01 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.3.2012 10:17 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2011 19:56 335104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 xpsec;Ovladač IPSEC;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{70B83927-3EF7-407D-9644-031FA1006FCA}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kafac M\Data aplikací\Mozilla\Firefox\Profiles\7ysjppm0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.ftp - 46.4.7.198
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 203.172.167.119
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 46.4.7.198
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.4.7.198
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.4.7.198
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1724)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-03-30 10:42:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-30 08:42
ComboFix2.txt 2012-03-28 22:05
ComboFix3.txt 2012-03-28 17:08
ComboFix4.txt 2012-03-27 17:40
ComboFix5.txt 2012-03-29 23:35
.
Před spuštěním: 6 593 019 904
Po spuštění: 4 431 585 280
.
- - End Of File - - 964CB18B8F9186ED9C639AD647914781

[Rudy]

Měl by být už pryč.