Pomalý chod programů, grafika blbně

Zpráva

tomassovak · #46 Příspěvek od **tomassovak** » 29 zář 2012 14:52

Tak jsem si myslel že to bude ok. Vymazal pouze win bylo to ok potom jsem začal instalovat programy a doplňky a při jedné z varinata shockware to nešlo spusit. Instaloval jinou tj adobe a falsh a začala to blbnout. Nešlo zobrazit vlastnosti pc. Po spuštění to dlouho dobu neodpovídí a msconfig ukazuje klič po spuštěný, který jsem nezadával adobe ARm nebo něco takového. Přikládám log z CF:

ComboFix 12-09-27.03 - Administrator 29.09.2012 15:24:21.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3582.3233 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\regopt.log
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 13:18 . 2012-09-29 13:18 -------- d-----w- c:\documents and settings\Administrator.DOMOV-AC71F76AA
2012-09-29 12:52 . 2012-09-29 12:54 -------- d-----w- c:\program files\MonitorDriver
2012-09-29 12:44 . 2012-09-29 12:44 50844096 ----a-w- C:\AdbeRdr1014_en_US.exe
2012-09-29 12:34 . 2001-10-25 14:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0411.dll
2012-09-29 12:33 . 2004-08-03 20:32 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-09-29 12:32 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2012-09-29 12:32 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-09-29 12:32 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2012-09-29 12:32 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2012-09-29 12:32 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-09-29 12:32 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2012-09-29 12:32 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-09-29 12:17 . 2012-09-29 12:37 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-09-29 12:17 . 2012-09-29 12:37 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-09-29 12:16 . 2012-09-29 13:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2012-09-29 11:59 . 2012-09-29 11:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Apple Computer
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2012-09-29 11:59 . 2010-12-15 19:00 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2012-09-29 11:59 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-09-29 11:59 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-29 11:59 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2012-09-29 11:59 . 2012-09-29 11:59 -------- d-----w- c:\program files\QT Lite
2012-09-29 11:53 . 2012-09-29 11:53 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 11:53 . 2012-09-29 11:53 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 11:50 . 2012-09-29 11:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ATI
2012-09-29 11:28 . 2003-10-08 05:18 105984 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2012-09-29 11:23 . 2000-10-05 06:01 602244 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-09-29 11:22 . 2012-09-29 11:22 -------- d-----w- c:\documents and settings\HANS-P~1~DOM
2012-09-29 11:22 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-09-28 23:15 . 2004-08-03 23:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-09-28 23:15 . 2004-08-03 22:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2012-09-28 23:15 . 2001-08-17 22:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2012-09-28 23:15 . 2004-08-03 23:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2012-09-28 23:15 . 2004-08-03 22:58 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2012-09-28 23:15 . 2004-08-03 22:58 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2012-09-28 23:15 . 2004-08-03 23:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2012-09-28 23:15 . 2004-08-03 23:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2012-09-28 23:15 . 2004-08-03 23:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2012-09-28 23:15 . 2004-08-03 23:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2012-09-28 23:15 . 2004-08-03 22:58 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2012-09-28 23:15 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2012-09-28 23:13 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2012-09-28 23:13 . 2004-08-03 21:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2012-09-28 23:13 . 2004-08-17 15:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-09-28 23:13 . 2004-08-17 13:49 75264 -c--a-w- c:\windows\system32\dllcache\usbui.dll
2012-09-28 23:13 . 2004-08-17 13:49 75264 ----a-w- c:\windows\system32\usbui.dll
2012-09-28 23:08 . 2012-09-29 12:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Plocha
2012-09-28 23:08 . 2012-09-28 23:08 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Šablony
2012-09-28 23:08 . 2012-09-28 23:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Oblíbené položky
2012-09-28 23:08 . 2012-09-28 21:24 -------- d-----r- c:\documents and settings\All Users.WINDOWS\Nabídka Start
2012-09-28 23:08 . 2012-09-28 21:19 -------- d-----r- c:\documents and settings\All Users.WINDOWS\Dokumenty
2012-09-28 23:08 . 2004-08-17 14:46 14043 ----a-r- c:\windows\SET8.tmp
2012-09-28 23:08 . 2004-08-17 14:46 1086058 ----a-r- c:\windows\SET4.tmp
2012-09-28 23:08 . 2004-08-17 14:50 1014483 ----a-r- c:\windows\SET3.tmp
2012-09-28 23:07 . 2012-09-28 21:22 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2012-09-28 21:27 . 2012-09-29 12:58 -------- d-----w- c:\documents and settings\Hans-Peter Geerdes.DOMOV-AC71F76AA
2012-09-28 21:26 . 2012-09-28 21:26 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000
2012-09-28 21:26 . 2012-09-28 21:26 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000
2012-09-28 21:23 . 2004-08-17 13:49 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-09-28 21:22 . 2001-10-25 14:00 9728 -c--a-w- c:\windows\system32\dllcache\change.exe
2012-09-28 21:21 . 2012-09-28 21:21 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2012-09-28 21:20 . 2001-10-25 14:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2012-09-28 21:20 . 2001-10-25 14:00 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2012-09-28 21:20 . 2001-10-25 14:00 7168 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2012-09-28 21:20 . 2001-10-25 14:00 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
2012-09-28 21:20 . 2001-10-25 14:00 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2012-09-28 21:20 . 2001-10-25 14:00 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2012-09-28 21:20 . 2001-10-25 14:00 11264 ----a-w- c:\windows\system32\atrace.dll
2012-09-28 21:18 . 2004-08-17 13:49 28672 ----a-w- c:\program files\Messenger\custsat.dll
2012-09-28 21:17 . 2004-08-17 13:49 87176 -c--a-w- c:\windows\system32\dllcache\rdpwsx.dll
2012-09-23 21:18 . 2012-09-23 21:18 15056224 ----a-w- C:\MediaMonkey_4.0.6.1501.exe
2012-09-23 21:14 . 2012-09-23 21:14 17335648 ----a-w- C:\winamp563_full_emusic-7plus_all.exe
2012-09-23 21:12 . 2012-09-23 21:12 18064168 ----a-w- C:\Songbird_2.0.0-2311_windows-i686-msvc8.exe
2012-09-23 21:09 . 2012-09-23 21:09 22617148 ----a-w- C:\vlc-2.0.3-win32.exe
2012-09-23 20:47 . 2012-09-23 20:47 18136665 ----a-w- C:\QT_Lite_410.exe
2012-09-23 20:42 . 2012-09-23 20:42 20840906 ----a-w- C:\K-Lite_Codec_Pack_930_Full.exe
2012-09-23 15:39 . 2012-09-23 15:39 9573296 ----a-w- C:\install_flash_player_ax.exe
2012-09-18 21:07 . 2012-09-18 21:07 483809 ----a-w- C:\ntregopt-setup.exe
2012-09-18 21:06 . 2012-09-18 21:06 791393 ----a-w- C:\erunt-setup.exe
2012-09-18 20:50 . 2012-09-18 20:50 2951802 ----a-w- C:\EClea2_0.exe
2012-09-17 20:07 . 2012-09-17 19:00 731136 ----a-w- C:\avenger.exe
2012-09-16 15:14 . 2012-09-16 15:14 -------- d-----w- c:\program files\CrystalDiskInfo
2012-09-15 21:50 . 2012-09-15 21:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Identities
2012-09-15 20:03 . 2012-09-15 20:03 -------- d---a-w- c:\windows\rundll16.exe
2012-09-15 20:03 . 2012-09-15 20:03 -------- d---a-w- c:\windows\logo1_.exe
2012-09-15 19:57 . 2012-09-15 19:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google
2012-09-11 17:06 . 2012-09-11 17:06 -------- d-----w- c:\program files\Ray Adams
2012-09-10 20:13 . 2012-09-10 20:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\GHISLER
2012-09-10 16:49 . 2012-09-10 16:49 -------- d-----w- c:\windows\ERUNT
2012-09-10 16:48 . 2012-09-10 18:10 -------- d-----w- C:\SDFix
2012-09-10 16:46 . 2012-09-10 16:46 -------- d-----w- C:\!KillBox
2012-09-10 15:27 . 2012-09-10 15:27 -------- d-----w- c:\program files\VS Revo Group
2012-09-08 19:16 . 2012-09-08 19:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Temp
2012-09-07 19:24 . 2012-09-07 19:27 -------- d-----w- c:\program files\trend micro
2012-09-07 19:24 . 2012-09-07 19:27 -------- d-----w- C:\rsit
2012-09-06 17:04 . 2012-09-06 17:04 -------- d-----w- C:\0a109e3b06f8f61f6c914b
2012-09-06 16:58 . 2012-09-06 17:09 -------- d-----w- C:\6c98aff78ab5def6d47d037bf3
2012-09-06 16:46 . 2012-09-06 16:47 -------- d-----w- C:\4ce403cfa0aa6609d6c34047ba
2012-09-04 15:56 . 2012-09-10 10:05 -------- d-----w- c:\program files\Driver Sweeper
2012-09-03 18:06 . 2012-09-29 12:28 -------- d-----w- C:\Samsung
2012-09-03 17:05 . 2012-09-11 17:09 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-09-02 19:08 . 2012-09-22 21:33 -------- d-----w- c:\program files\SpeedFan
2012-09-01 18:11 . 2012-09-01 18:11 -------- d-----w- c:\program files\AMD APP
2012-09-01 17:15 . 2012-09-01 17:15 -------- d-----w- c:\program files\ATI
2012-09-01 17:14 . 2012-09-01 18:03 -------- d-----w- c:\program files\ATI Technologies
2012-09-01 17:09 . 2012-09-01 17:09 -------- d-----w- C:\AMD
2012-09-01 11:23 . 2012-09-28 23:00 -------- d-----w- c:\windows\system32\zálohadx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 20:36 . 2003-08-06 10:24 130048 ----a-w- c:\program files\DDScv.exe
2011-12-21 20:36 . 2002-01-05 04:37 344064 ----a-w- c:\program files\msvcr70.dll
2011-12-21 20:36 . 2002-07-19 15:06 27648 ----a-w- c:\program files\ilu.dll
2011-12-21 20:36 . 2002-07-19 15:05 269312 ----a-w- c:\program files\devil.dll
2011-01-18 17:02 . 2011-01-18 17:21 904544 ----a-w- c:\program files\GPU-Z.0.4.9.exe
2009-03-08 14:38 . 2009-05-10 10:47 373760 ----a-w- c:\program files\rF_AIW_CAM_362.exe
2006-07-27 00:30 . 2009-05-10 10:47 24576 ----a-w- c:\program files\MTS_UNLOCKAR.exe
2004-05-08 23:28 . 2009-05-10 10:47 1870336 ----a-w- c:\program files\F1AIW-program-40.exe
2002-10-27 19:25 . 2009-05-10 10:47 1559040 ----a-w- c:\program files\xb.dll
2012-02-20 16:34 . 2011-06-24 10:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-09-04 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 14:42 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 19:39 19472]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 15:39
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2012-09-29 15:43:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-29 13:42
ComboFix2.txt 2012-09-26 21:24
ComboFix3.txt 2012-09-16 21:34
ComboFix4.txt 2012-09-16 14:27
ComboFix5.txt 2012-09-29 13:20
.
Před spuštěním: Volných bajtů: 54 139 305 984
Po spuštění: Volných bajtů: 54 159 159 296
.
- - End Of File - - 1CB9E2DFDEB2AE5B27249D23130DD9DB

#47 Příspěvek od **Rudy** » 29 zář 2012 17:10

Proč dáváte rovnou ComboFix? Hodláte si zbořit systém? ComboFix není utilita pro laiky. Navíc jste nevypnul antivir, ačkoli jste o to byl před skenem žádán.

Máte nainstalovány všechny ovladače hardwaru?

tomassovak · #48 Příspěvek od **tomassovak** » 29 zář 2012 21:54

tak problém je opravdu v antiviru. Blbne. Instalace ten problém vyřešila. Rezidentní štít pozastaven a je po problému. Nechápu to proč to blbne. Procesor to nebrzdí přesto při spouštění programů je to pomalé. Nevím co dodat.

#49 Příspěvek od **Rudy** » 29 zář 2012 22:00

Zkuste AV přeinstalovat.

tomassovak · #50 Příspěvek od **tomassovak** » 03 led 2013 12:55

A jéje z nějaké příčiny se infiltrace vrátila. Blbne škubá grafika se zvukem. Jsem zvědav jestli na to přijdu. Mám zálohu potřeboval jsem něco z registrů ale vypadá že z klíčů se to vrátilo. Ale nevidím ty soubory co blbly. Přehrávání to zaškubne potom při vytížení se to zadrhává a škube muzika na pozadí, ale když to dám na pozadí je to ok. Všechno ostatní je ok. Bude to ve win. Něco tam běží ale není to vidět.

a proč zrovna nyní? Protože mi pípal zvuk ten jsem odstranil a náhle se začalo škubat video. testování gk je to stejné jako minule nepatrné škubnutí při činnosti jiného procesoru ale naštěstí to nehlásá chybu v openAL. Nákaza ze záloh registru, z media dvd, flash nebo z instalatoru

#51 Příspěvek od **Rudy** » 03 led 2013 19:11

Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

tomassovak · #52 Příspěvek od **tomassovak** » 03 led 2013 19:42

já nevím ať jsem se na to díval. Projel jendím druhým falešné detekce. KAV Tool jsem to nestačil projet. Mám sice podezření na soubory *.tmp v sys32 ale jistota je jistota.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hans-Peter Geerdes at 2013-01-03 12:57:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (27%) free of 153 GB
Total RAM: 3582 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:29, on 3.1.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\TOSHIBA\Zaloha\C\Documents and Settings\Hans Peter Geerdes\Local Settings\Temp\MWAVSCAN.COM
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Hans-Peter Geerdes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 5421 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll [2010-07-01 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-07 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-07 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll [2010-07-01 191160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-03 98304]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-02-07 40960]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-10-04 28672]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe [2009-08-22 2781184]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2012-11-13 352976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-07-01 228024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=223
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft DirectX SDK (June 2010)\Utilities\bin\x86\AudConsole3.exe"="C:\Program Files\Microsoft DirectX SDK (June 2010)\Utilities\bin\x86\AudConsole3.exe:*:Enabled:Audio Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe:*:Enabled:LWEMon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.ctmp3"=C:\WINDOWS\system32\ctmp3.acm
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2013-01-03 09:11:52 ----AD---- C:\WINDOWS\rundll16.exe
2013-01-03 09:11:52 ----AD---- C:\WINDOWS\logo1_.exe
2013-01-02 21:30:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2013-01-02 16:46:27 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-12-27 22:28:46 ----A---- C:\WINDOWS\system32\rapture3d_oal.dll
2012-12-27 21:24:49 ----RA---- C:\WINDOWS\system32\tmp3EA.tmp
2012-12-27 21:24:48 ----RA---- C:\WINDOWS\system32\tmp3E9.tmp
2012-12-27 21:19:51 ----RA---- C:\WINDOWS\system32\tmp3E3.tmp
2012-12-27 21:19:51 ----RA---- C:\WINDOWS\system32\tmp3E2.tmp
2012-12-27 21:19:46 ----RA---- C:\WINDOWS\system32\tmp3E1.tmp
2012-12-27 21:19:46 ----RA---- C:\WINDOWS\system32\tmp3E0.tmp
2012-12-25 10:56:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ArcSoft
2012-12-25 10:56:45 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2012-12-25 10:52:02 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2012-12-25 10:52:00 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2012-12-25 10:51:58 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2012-12-25 10:51:56 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2012-12-25 10:51:55 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2012-12-25 10:51:52 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2012-12-25 10:51:50 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2012-12-25 10:51:47 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2012-12-25 10:51:37 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2012-12-25 10:51:37 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2012-12-25 10:51:35 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2012-12-25 10:51:31 ----A---- C:\WINDOWS\system32\AF9100EX.dll
2012-12-25 10:51:25 ----A---- C:\WINDOWS\system32\drivers\IT9135BDA.sys
2012-12-22 19:57:26 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Media Player Classic
2012-12-18 19:18:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ
2012-12-18 19:18:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Skype
2012-12-10 19:57:57 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\ICQ
2012-12-10 19:46:27 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Skype
2012-12-03 09:58:58 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-12-03 09:58:35 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-12-01 21:14:08 ----A---- C:\WINDOWS\system32\unrar.dll
2012-12-01 20:48:26 ----A---- C:\WINDOWS\3DSIMED.INI
2012-11-27 21:01:14 ----ASH---- C:\pagefile.sys
2012-11-23 20:47:12 ----A---- C:\WINDOWS\pcvcdvw.INI
2012-11-16 19:32:05 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\vPacs
2012-11-12 20:49:11 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-11-12 20:49:11 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-11-12 20:47:56 ----D---- C:\Program Files\Kaspersky Lab
2012-11-12 20:47:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2012-11-12 20:47:39 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-11-12 20:45:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab Setup Files
2012-10-28 11:53:16 ----D---- C:\floppy
2012-10-10 16:23:17 ----A---- C:\WINDOWS\NeroDigital.ini
2012-10-09 19:11:04 ----A---- C:\WINDOWS\system32\wmpns.dll
2012-10-08 15:07:29 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Help
2012-10-08 15:03:06 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2012-10-08 15:03:05 ----A---- C:\WINDOWS\system32\SensorDLL.dll
2012-10-08 15:03:05 ----A---- C:\WINDOWS\system32\HH.EXE
2012-10-08 15:03:01 ----A---- C:\WINDOWS\system32\drivers\smb.sys
2012-10-08 15:02:46 ----A---- C:\WINDOWS\system32\drivers\SMBios.sys
2012-10-08 15:02:45 ----A---- C:\WINDOWS\system32\drivers\SIODRV.SYS
2012-10-08 14:53:37 ----RA---- C:\WINDOWS\system32\msvcr70.dll
2012-10-08 14:53:37 ----RA---- C:\WINDOWS\system32\msvcp70.dll
2012-10-08 14:17:26 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\TuneUp Software
2012-10-08 14:10:32 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\GlarySoft
2012-10-08 14:03:34 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Registry Cleaner
2012-10-08 12:32:23 ----A---- C:\WINDOWS\d3dx.dat
2012-10-08 11:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2012-10-08 11:34:21 ----A---- C:\WindowsXP-KB982381-x86-CSY.exe
2012-10-07 18:23:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sun
2012-10-07 18:23:15 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-10-07 18:23:15 ----A---- C:\WINDOWS\system32\javaws.exe
2012-10-07 18:23:15 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-10-07 18:22:56 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-07 18:22:56 ----A---- C:\WINDOWS\system32\javaw.exe
2012-10-07 18:22:56 ----A---- C:\WINDOWS\system32\java.exe
2012-10-07 18:12:33 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Sun
2012-10-07 18:12:23 ----A---- C:\chromeinstall-7u7.exe
2012-10-06 19:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2012-10-06 19:15:04 ----A---- C:\WindowsXP-KB938759-x86-CSY.exe
2012-10-06 15:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2675157$
2012-10-06 15:41:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2647516$
2012-10-06 15:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2618444$
2012-10-06 15:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2012-10-06 15:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2012-10-06 15:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2012-10-06 15:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2012-10-06 15:00:17 ----D---- C:\WINDOWS\Prefetch
2012-10-06 14:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2012-10-06 14:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2012-10-06 14:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2012-10-06 14:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978207_1$
2012-10-06 14:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2012-10-06 14:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2012-10-06 14:50:04 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2012-10-06 14:50:04 ----N---- C:\WINDOWS\system32\comsdupd.exe
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\azroles.dll
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-10-06 14:50:02 ----N---- C:\WINDOWS\system32\aaclient.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3msm.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2012-10-06 14:50:01 ----N---- C:\WINDOWS\system32\credssp.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eapsvc.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eapqec.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eappprxy.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eapphost.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eappgnui.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eappcfg.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2012-10-06 14:50:00 ----N---- C:\WINDOWS\system32\eapolqec.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\kbdpash.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2012-10-06 14:49:59 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\mssha.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\mmcperf.exe
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\mmcex.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2012-10-06 14:49:58 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\slserv.exe
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\slgen.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\setupn.exe
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\qutil.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\qcliprov.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\qagentrt.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\qagent.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\onex.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\napstat.exe
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\napmontr.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\napipsec.dll
2012-10-06 14:49:57 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2012-10-06 14:49:56 ----N---- C:\WINDOWS\system32\verclsid.exe
2012-10-06 14:49:56 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-10-06 14:49:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2012-10-06 14:49:56 ----N---- C:\WINDOWS\system32\tsgqec.dll
2012-10-06 14:49:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
2012-10-06 14:49:54 ----N---- C:\WINDOWS\system32\xmllite.dll
2012-10-06 14:49:54 ----N---- C:\WINDOWS\slrundll.exe
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-10-06 14:44:26 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2012-10-06 14:44:25 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2012-10-06 14:44:24 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-10-06 14:43:54 ----A---- C:\WINDOWS\002900_.tmp
2012-10-06 14:42:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2012-10-06 14:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB976749_0$
2012-10-06 14:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB976325_0$
2012-10-06 14:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2012-10-06 14:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2012-10-06 14:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946627$
2012-10-06 14:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB945007$
2012-10-06 14:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944533$
2012-10-06 14:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB942615$
2012-10-06 14:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB933566$
2012-10-06 14:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB922760$
2012-10-06 14:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2012-10-06 14:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2012-10-06 14:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890923$
2012-10-06 14:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB883939$
2012-10-06 14:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB867282$
2012-10-06 14:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978207_0$
2012-10-06 14:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2012-10-06 14:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB834707$
2012-10-05 22:13:52 ----A---- C:\gfwlivesetup.exe
2012-10-04 16:24:11 ----D---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\FreeStone Group

======List of files/folders modified in the last 3 months======

2013-01-03 12:57:13 ----D---- C:\Program Files\trend micro
2013-01-03 12:40:03 ----D---- C:\Program Files\HijackThis
2013-01-03 12:35:46 ----D---- C:\WINDOWS\temp
2013-01-03 12:11:40 ----A---- C:\WINDOWS\{00000003-00000000-00000001-00001102-00000002-00201102}.BAK
2013-01-03 12:10:54 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-03 09:44:58 ----A---- C:\WINDOWS\WINCMD.INI
2013-01-03 09:13:20 ----D---- C:\WINDOWS\system32\drivers
2013-01-03 09:11:52 ----D---- C:\WINDOWS
2013-01-03 09:03:23 ----A---- C:\WINDOWS\win.ini
2013-01-02 23:01:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-02 23:01:08 ----D---- C:\Program Files\Common Files
2013-01-02 21:40:39 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-02 21:27:11 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-02 21:27:11 ----D---- C:\WINDOWS\system32
2013-01-02 21:24:29 ----SD---- C:\WINDOWS\Tasks
2013-01-02 16:46:33 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-30 22:48:06 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\BOINC
2012-12-27 22:28:58 ----SHD---- C:\WINDOWS\Installer
2012-12-27 22:28:48 ----D---- C:\Program Files\BRS
2012-12-27 21:24:49 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2012-12-27 21:22:39 ----D---- C:\WINDOWS\system32\appmgmt
2012-12-27 21:19:47 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2012-12-25 10:52:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-25 10:51:46 ----HD---- C:\WINDOWS\inf
2012-12-24 19:18:08 ----D---- C:\WINDOWS\Help
2012-12-14 22:54:06 ----D---- C:\WINDOWS\Minidump
2012-12-13 16:58:45 ----D---- C:\Program Files\BOINC
2012-12-01 21:14:26 ----D---- C:\Program Files\K-Lite Codec Pack
2012-12-01 20:51:36 ----D---- C:\Program Files\3DSimED_v.1.14b+Trk_Maker_v.1.07
2012-11-27 16:24:17 ----D---- C:\WINDOWS\system32\config
2012-11-25 22:07:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Adobe
2012-11-23 13:55:43 ----D---- C:\Program Files\Lavalys
2012-11-22 13:50:50 ----RD---- C:\Program Files
2012-11-16 18:56:46 ----D---- C:\Downloads
2012-11-14 22:40:49 ----D---- C:\F1 Birkuc 2008
2012-11-12 20:49:32 ----SHD---- C:\System Volume Information
2012-11-11 18:45:57 ----D---- C:\Program Files\TuneUp Utilities 2006
2012-11-11 18:44:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-11-05 18:19:12 ----D---- C:\WINDOWS\WinSxS
2012-11-04 17:47:02 ----D---- C:\WINDOWS\system32\CatRoot
2012-11-03 17:17:24 ----A---- C:\WINDOWS\OEWABLog.txt
2012-11-02 23:27:12 ----D---- C:\WINDOWS\system32\Restore
2012-11-02 22:17:09 ----A---- C:\WINDOWS\ntbtlog.txt
2012-11-02 18:41:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-01 16:18:33 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2012-10-25 18:34:08 ----SD---- C:\Documents and Settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Data aplikací\Microsoft
2012-10-11 21:37:38 ----A---- C:\WINDOWS\imsins.BAK
2012-10-11 21:37:33 ----D---- C:\WINDOWS\system32\inetsrv
2012-10-09 22:05:07 ----D---- C:\WINDOWS\security
2012-10-09 19:11:08 ----D---- C:\WINDOWS\RegisteredPackages
2012-10-09 19:11:08 ----D---- C:\Program Files\Windows Media Player
2012-10-08 15:03:05 ----D---- C:\Program Files\Intel
2012-10-08 15:03:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-10-07 18:22:30 ----D---- C:\Program Files\Java
2012-10-07 16:57:39 ----D---- C:\WINDOWS\system32\DirectX
2012-10-06 19:14:07 ----D---- C:\WINDOWS\system32\xlive
2012-10-06 19:13:44 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2012-10-06 16:38:39 ----RSD---- C:\WINDOWS\assembly
2012-10-06 16:38:39 ----D---- C:\WINDOWS\Microsoft.NET
2012-10-06 16:17:10 ----D---- C:\WINDOWS\system32\en-US
2012-10-06 15:45:03 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-06 15:00:34 ----A---- C:\WINDOWS\setuplog.txt
2012-10-06 14:59:37 ----D---- C:\WINDOWS\system32\wbem
2012-10-06 14:59:37 ----D---- C:\WINDOWS\system32\Setup
2012-10-06 14:59:37 ----D---- C:\WINDOWS\AppPatch
2012-10-06 14:59:36 ----RSD---- C:\WINDOWS\Fonts
2012-10-06 14:50:14 ----D---- C:\Program Files\Messenger
2012-10-06 14:50:05 ----D---- C:\WINDOWS\ehome
2012-10-06 14:50:04 ----D---- C:\WINDOWS\network diagnostic
2012-10-06 14:50:04 ----D---- C:\WINDOWS\ime
2012-10-06 14:49:54 ----D---- C:\WINDOWS\system32\usmt
2012-10-06 14:49:54 ----D---- C:\WINDOWS\system32\cs-CZ
2012-10-06 14:49:53 ----D---- C:\WINDOWS\system32\cs
2012-10-06 14:49:53 ----D---- C:\WINDOWS\system32\bits
2012-10-06 14:49:53 ----D---- C:\WINDOWS\PeerNet
2012-10-06 14:49:53 ----D---- C:\WINDOWS\l2schemas
2012-10-06 14:49:53 ----D---- C:\Program Files\Internet Explorer
2012-10-06 14:49:52 ----D---- C:\Program Files\Movie Maker
2012-10-06 14:46:40 ----D---- C:\WINDOWS\system32\npp
2012-10-06 14:46:39 ----D---- C:\WINDOWS\msagent
2012-10-06 14:46:38 ----D---- C:\WINDOWS\srchasst
2012-10-06 14:46:34 ----D---- C:\Program Files\NetMeeting
2012-10-06 14:46:33 ----D---- C:\WINDOWS\system32\Com
2012-10-06 14:46:28 ----D---- C:\Program Files\Windows NT
2012-10-06 14:46:28 ----D---- C:\Program Files\Outlook Express
2012-10-06 14:46:23 ----D---- C:\Program Files\Common Files\System
2012-10-06 14:46:01 ----D---- C:\WINDOWS\system32\oobe
2012-10-06 14:46:00 ----D---- C:\WINDOWS\system
2012-10-06 14:08:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2012-10-05 21:47:12 ----ASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-11-13 475736]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 7874560]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-03-22 114944]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-03-22 835636]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-03-22 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-03-22 211724]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-10-28 130048]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-03-22 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-03-22 991656]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-03-22 195432]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2005-05-02 36484]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\smb.sys [2002-10-23 21963]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-27 31816]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz135;cpuz135; \??\D:\Program Files\PC Wizard 2012\pcwiz_x32.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2012-12-25 145920]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 643072]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2012-11-13 352976]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2005-08-10 118272]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 250808]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSVCCDA.EXE [1999-12-13 44032]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S4 imonNT;Intel(R) Active Monitor; C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe [2005-05-02 106496]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-10-07 161768]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S4 NetSvc;Intel NCS NetService; c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-10-30 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------

tomassovak · #53 Příspěvek od **tomassovak** » 04 led 2013 16:40

Tak Dr.Web našel dvě infiltrace ale přesto bych byl raději pro kontrolu. Chyba byla v sys32/drv/ hosts a stáhl se nějaký downloader...

#54 Příspěvek od **Rudy** » 04 led 2013 18:29

Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

tomassovak · #55 Příspěvek od **tomassovak** » 07 led 2013 16:17

Myslel jsem si že jsem to vyčistil ale začalo to blbnout až včera. A dneska ráno mám log:

ComboFix 13-01-05.01 - Administrator 06.01.2013 23:24:12.2.2 - x86 DSREPAIR
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3194 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Dokumenty\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AF9100EX.dll
c:\windows\system32\tmp116.tmp
c:\windows\system32\tmp117.tmp
c:\windows\system32\tmp118.tmp
c:\windows\system32\tmp119.tmp
c:\windows\system32\tmp3E0.tmp
c:\windows\system32\tmp3E1.tmp
c:\windows\system32\tmp3E2.tmp
c:\windows\system32\tmp3E3.tmp
c:\windows\system32\tmp3E9.tmp
c:\windows\system32\tmp3EA.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-06 do 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 22:18 . 2013-01-06 22:18 -------- d-----w- c:\documents and settings\Administrator.DOMOV-AC71F76AA\Local Settings\Data aplikací\Temp
2013-01-06 22:18 . 2013-01-06 22:18 -------- d-----w- c:\documents and settings\Administrator.DOMOV-AC71F76AA\Local Settings\Data aplikací\Adobe
2013-01-06 22:15 . 2013-01-06 22:15 8782 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-01-06 22:15 . 2013-01-06 22:15 7271 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-01-06 22:15 . 2013-01-06 22:15 23327 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-01-03 19:07 . 2013-01-03 19:46 -------- d-----w- c:\documents and settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Doctor Web
2013-01-03 16:07 . 2013-01-03 16:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2013-01-03 08:11 . 2013-01-03 08:11 -------- d---a-w- c:\windows\rundll16.exe
2013-01-03 08:11 . 2013-01-03 08:11 -------- d---a-w- c:\windows\logo1_.exe
2013-01-02 20:30 . 2013-01-02 21:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2013-01-02 15:46 . 2013-01-02 15:46 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-27 21:28 . 2012-07-01 18:31 19129856 ----a-w- c:\windows\system32\rapture3d_oal.dll
2012-12-25 09:56 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2012-12-25 09:52 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-12-25 09:52 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-12-25 09:52 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-12-25 09:52 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2012-12-18 18:18 . 2012-12-18 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ICQ
2012-12-18 18:18 . 2012-12-18 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 15:46 . 2012-09-29 11:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-02 15:46 . 2012-09-29 11:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 20:24 . 2012-09-29 16:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-27 20:19 . 2012-09-29 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-22 18:45 . 2012-10-22 17:38 11646976 ----a-w- C:\FontPack1000_zh_TW.msi
2011-12-21 20:36 . 2003-08-06 10:24 130048 ----a-w- c:\program files\DDScv.exe
2011-12-21 20:36 . 2002-01-05 04:37 344064 ----a-w- c:\program files\msvcr70.dll
2011-12-21 20:36 . 2002-07-19 15:06 27648 ----a-w- c:\program files\ilu.dll
2011-12-21 20:36 . 2002-07-19 15:05 269312 ----a-w- c:\program files\devil.dll
2011-01-18 17:02 . 2011-01-18 17:21 904544 ----a-w- c:\program files\GPU-Z.0.4.9.exe
2009-03-08 14:38 . 2009-05-10 10:47 373760 ----a-w- c:\program files\rF_AIW_CAM_362.exe
2006-07-27 00:30 . 2009-05-10 10:47 24576 ----a-w- c:\program files\MTS_UNLOCKAR.exe
2004-05-08 23:28 . 2009-05-10 10:47 1870336 ----a-w- c:\program files\F1AIW-program-40.exe
2002-10-27 19:25 . 2009-05-10 10:47 1559040 ----a-w- c:\program files\xb.dll
2012-02-20 16:34 . 2011-06-24 10:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-03 28672]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft DirectX SDK (June 2010)\\Utilities\\bin\\x86\\AudConsole3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9.6.2010 17:43 11352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2.10.2012 18:36 20328]
S3 cpuz135;cpuz135;d:\program files\PC Wizard 2012\pcwiz_x32.sys [6.11.2012 15:43 24880]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [25.12.2012 10:51 145920]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7.5.2010 12:06 32856]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-06 23:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-01-06 23:41:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-06 22:41
ComboFix2.txt 2012-09-29 13:43
ComboFix3.txt 2012-09-26 21:24
ComboFix4.txt 2012-09-16 21:34
ComboFix5.txt 2013-01-06 22:19
.
Před spuštěním: Volných bajtů: 42 194 345 984
Po spuštění: Volných bajtů: 43 047 600 128
.
- - End Of File - - C9BD58294EDDB03B2A57FAE2904775DC

#56 Příspěvek od **Rudy** » 07 led 2013 18:54

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

tomassovak · #57 Příspěvek od **tomassovak** » 07 led 2013 22:12

Jenom se divím že opět něco podobného. Odkud nákaza? A zrovan že to bylo i v souborech od sound blaster creativelab. Další výmazy od adobe, to je mi fakt záhada. Použil jsem zálohu z ext disku a potom jsem procházel flešku ale i taky dvd. Ale instaloval jsem ICQ ale i Skype ale to nešlo přihlásit

zde přikládám to co udělal log:

ComboFix 13-01-06.01 - Administrator 07.01.2013 19:54:58.3.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.3195 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator.DOMOV-AC71F76AA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.DOMOV-AC71F76AA\Plocha\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install_flash_player_ax.exe
c:\windows\dasetup.log
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-07 do 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-06 22:18 . 2013-01-06 22:18 -------- d-----w- c:\documents and settings\Administrator.DOMOV-AC71F76AA\Local Settings\Data aplikací\Temp
2013-01-06 22:18 . 2013-01-06 22:18 -------- d-----w- c:\documents and settings\Administrator.DOMOV-AC71F76AA\Local Settings\Data aplikací\Adobe
2013-01-03 19:07 . 2013-01-03 19:46 -------- d-----w- c:\documents and settings\Hans-Peter Geerdes.DOMOV-AC71F76AA\Doctor Web
2013-01-03 16:07 . 2013-01-03 16:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2013-01-03 08:11 . 2013-01-03 08:11 -------- d---a-w- c:\windows\rundll16.exe
2013-01-03 08:11 . 2013-01-03 08:11 -------- d---a-w- c:\windows\logo1_.exe
2013-01-02 20:30 . 2013-01-02 21:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2013-01-02 15:46 . 2013-01-02 15:46 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-27 21:28 . 2012-07-01 18:31 19129856 ----a-w- c:\windows\system32\rapture3d_oal.dll
2012-12-25 09:56 . 2006-11-10 14:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2012-12-25 09:52 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-12-25 09:52 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2012-12-25 09:52 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-12-25 09:52 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2012-12-18 18:18 . 2012-12-18 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\ICQ
2012-12-18 18:18 . 2012-12-18 18:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 15:46 . 2012-09-29 11:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-02 15:46 . 2012-09-29 11:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 20:24 . 2012-09-29 16:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-27 20:19 . 2012-09-29 18:43 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-22 18:45 . 2012-10-22 17:38 11646976 ----a-w- C:\FontPack1000_zh_TW.msi
2011-12-21 20:36 . 2003-08-06 10:24 130048 ----a-w- c:\program files\DDScv.exe
2011-12-21 20:36 . 2002-01-05 04:37 344064 ----a-w- c:\program files\msvcr70.dll
2011-12-21 20:36 . 2002-07-19 15:06 27648 ----a-w- c:\program files\ilu.dll
2011-12-21 20:36 . 2002-07-19 15:05 269312 ----a-w- c:\program files\devil.dll
2011-01-18 17:02 . 2011-01-18 17:21 904544 ----a-w- c:\program files\GPU-Z.0.4.9.exe
2009-03-08 14:38 . 2009-05-10 10:47 373760 ----a-w- c:\program files\rF_AIW_CAM_362.exe
2006-07-27 00:30 . 2009-05-10 10:47 24576 ----a-w- c:\program files\MTS_UNLOCKAR.exe
2004-05-08 23:28 . 2009-05-10 10:47 1870336 ----a-w- c:\program files\F1AIW-program-40.exe
2002-10-27 19:25 . 2009-05-10 10:47 1559040 ----a-w- c:\program files\xb.dll
2012-02-20 16:34 . 2011-06-24 10:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-03 28672]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2012-11-13 352976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft DirectX SDK (June 2010)\\Utilities\\bin\\x86\\AudConsole3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9.6.2010 17:43 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 9:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 9:05 72944]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2.10.2012 18:36 20328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7.5.2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 20:27 19472]
S3 cpuz135;cpuz135;d:\program files\PC Wizard 2012\pcwiz_x32.sys [6.11.2012 15:43 24880]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [25.12.2012 10:51 145920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 9:05 7408]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2013-01-07 20:17:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-07 19:17
ComboFix2.txt 2013-01-06 22:41
ComboFix3.txt 2012-09-29 13:43
ComboFix4.txt 2012-09-26 21:24
ComboFix5.txt 2013-01-07 18:49
.
Před spuštěním: Volných bajtů: 43 022 077 952
Po spuštění: Volných bajtů: 42 986 090 496
.
- - End Of File - - D0472E8924B84C46408DC33A51A1E95E

#58 Příspěvek od **Rudy** » 07 led 2013 22:39

Log již vypadá OK. Nastala nějaká změna? Pochybuji, že by nákaza byla v souborech ovladače.

tomassovak · #59 Příspěvek od **tomassovak** » 15 led 2013 20:32

Ano ale až do dneška se zdá že to blbne. Nevím ale zaregistroval jsem že se mi tak spustila aplikace adobeARM to jsem vyškrtl ale zdá se že se to trhá a zvuk z repro taky. Ale jediná věc že by to bylo věci staré zvukovky že blbne? Ale po předchozí odvirování to neblbo. Jedině že by tam byl ještě nějaký spražený program co se neodstranil

#60 Příspěvek od **Rudy** » 15 led 2013 20:34

OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

VIRY.CZ

Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně

Re: Pomalý chod programů, grafika blbně