Ahoj,
avast mi hlásil, že našel vir win32 rootkit-gen rtk. Po jeho přesunutí do karantény se pak velmi výrazně zpomalil chod počítače. Můžete mi někdo prosím pomoct?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hajkis at 2010-02-10 01:15:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (17%) free of 111 GB
Total RAM: 894 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:07, on 10.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Hajkis\Dokumenty\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Hajkis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: netuza32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\DOCUME~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9a1c5d9a7f664) (gupdate1c9a1c5d9a7f664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7135 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-04-30 491520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
""= []
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2006-08-23 1032192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-22 1591808]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
C:\Documents and Settings\Hajkis\Nabídka Start\Programy\Po spuštění
netuza32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\KONAMI\Pro Evolution Soccer 5\PES5.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 5\PES5.exe:*:Disabled:pes5.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Hajkis\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Hajkis\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Disabled:Crawler Spyware Terminator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-10 01:15:53 ----D---- C:\rsit
2010-02-10 01:15:53 ----D---- C:\Program Files\trend micro
2010-02-09 21:18:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-30 19:51:33 ----D---- C:\Program Files\Machinarium
2010-01-30 18:58:14 ----D---- C:\WINDOWS\system32\Adobe
2010-01-28 20:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-13 10:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 10:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-10 01:15:53 ----D---- C:\Program Files
2010-02-10 00:54:24 ----D---- C:\WINDOWS\Temp
2010-02-10 00:53:55 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 00:47:47 ----D---- C:\WINDOWS
2010-02-10 00:47:37 ----SD---- C:\WINDOWS\Tasks
2010-02-10 00:47:31 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-02-10 00:47:08 ----D---- C:\Program Files\Common Files
2010-02-10 00:46:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 00:18:46 ----D---- C:\WINDOWS\system32\Restore
2010-02-10 00:17:28 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 00:17:25 ----D---- C:\WINDOWS\Prefetch
2010-02-10 00:08:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-09 21:41:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-09 21:38:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-09 21:18:35 ----SHD---- C:\WINDOWS\Installer
2010-02-09 21:13:54 ----D---- C:\WINDOWS\system32
2010-02-09 21:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-02-09 11:10:10 ----D---- C:\Program Files\TuneUp Utilities 2007
2010-02-09 11:04:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-08 20:19:31 ----D---- C:\Program Files\Google
2010-02-06 22:14:41 ----HD---- C:\WINDOWS\inf
2010-01-31 12:17:37 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\XnView
2010-01-30 20:11:47 ----D---- C:\Program Files\Winamp
2010-01-30 19:01:36 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\Adobe
2010-01-28 20:01:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-17 19:29:21 ----D---- C:\Program Files\Democracy
2010-01-17 13:41:17 ----D---- C:\WINDOWS\system32\oodag
2010-01-17 12:34:21 ----A---- C:\WINDOWS\cdplayer.ini
2010-01-13 10:33:21 ----D---- C:\WINDOWS\AppPatch
2010-01-13 10:32:15 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-03 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-04-20 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-23 380928]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problem s win32 rootkit-gen rtk
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Problem s win32 rootkit-gen rtk
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
File::
C:\Documents and Settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Problem s win32 rootkit-gen rtk
tady je ten combofix:
ComboFix 10-02-09.04 - Hajkis 10.02.2010 9:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.504 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\63840.DAT
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\4fc41.DAT
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\0263F.DAT
2010-02-10 01:11 . 2010-02-10 01:11 54624 ----a-w- c:\windows\system32\cb81D.sys
2010-02-10 01:00 . 2010-02-10 01:00 54624 ----a-w- c:\windows\system32\d9a63.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
path=c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
backup=c:\windows\pss\netuza32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S0 0263F;0263F;c:\windows\system32\drivers\0263F.SYS --> c:\windows\system32\drivers\0263F.SYS [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
S1 63840;63840;\??\c:\windows\system32\drivers\63840.SYS --> c:\windows\system32\drivers\63840.SYS [?]
S2 4fc41;4fc41;\??\c:\windows\system32\drivers\4fc41.SYS --> c:\windows\system32\drivers\4fc41.SYS [?]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
S3 cb81D;cb81D;c:\windows\system32\cb81D.sys [10.2.2010 2:11 54624]
S3 d9a63;d9a63;c:\windows\system32\d9a63.sys [10.2.2010 2:00 54624]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2B.tmp --> c:\windows\system32\2B.tmp [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DaemonTools_WhenUSaveNow_Installer - c:\program files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 09:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2B.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-10 09:33:40
ComboFix-quarantined-files.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 543 040 000
Po spuštění: Volných bajtů: 19 618 988 032
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=JO8VHL /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /noexecute=optin /fastdetect /usepmtimer /TUTag=JO8VHL-BAK
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C73466C3169A0E2B53C0514ECBDDEC36
ComboFix 10-02-09.04 - Hajkis 10.02.2010 9:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.504 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\63840.DAT
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\4fc41.DAT
2010-02-10 01:34 . 2010-02-10 01:34 160 --sha-w- c:\windows\system32\drivers\0263F.DAT
2010-02-10 01:11 . 2010-02-10 01:11 54624 ----a-w- c:\windows\system32\cb81D.sys
2010-02-10 01:00 . 2010-02-10 01:00 54624 ----a-w- c:\windows\system32\d9a63.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
path=c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
backup=c:\windows\pss\netuza32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S0 0263F;0263F;c:\windows\system32\drivers\0263F.SYS --> c:\windows\system32\drivers\0263F.SYS [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
S1 63840;63840;\??\c:\windows\system32\drivers\63840.SYS --> c:\windows\system32\drivers\63840.SYS [?]
S2 4fc41;4fc41;\??\c:\windows\system32\drivers\4fc41.SYS --> c:\windows\system32\drivers\4fc41.SYS [?]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
S3 cb81D;cb81D;c:\windows\system32\cb81D.sys [10.2.2010 2:11 54624]
S3 d9a63;d9a63;c:\windows\system32\d9a63.sys [10.2.2010 2:00 54624]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2B.tmp --> c:\windows\system32\2B.tmp [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-DaemonTools_WhenUSaveNow_Installer - c:\program files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 09:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2B.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-10 09:33:40
ComboFix-quarantined-files.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 543 040 000
Po spuštění: Volných bajtů: 19 618 988 032
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=JO8VHL /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /noexecute=optin /fastdetect /usepmtimer /TUTag=JO8VHL-BAK
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C73466C3169A0E2B53C0514ECBDDEC36
Re: Problem s win32 rootkit-gen rtk
takze zopakujes akciu s novym CFS:
Kód: Vybrat vše
Driver::
0263F
63840
4fc41
aswArKrn;
cb81D
d9a63
MEMSWEEP2
File::
c:\windows\system32\drivers\63840.DAT
c:\windows\system32\drivers\4fc41.DAT
c:\windows\system32\drivers\0263F.DAT
c:\windows\system32\cb81D.sys
c:\windows\system32\d9a63.sys
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN
Registry::
[HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
path=-
backup=-
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Problem s win32 rootkit-gen rtk
tak zase:
ComboFix 10-02-09.04 - Hajkis 10.02.2010 9:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.517 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN"
"c:\windows\system32\cb81D.sys"
"c:\windows\system32\d9a63.sys"
"c:\windows\system32\drivers\0263F.DAT"
"c:\windows\system32\drivers\4fc41.DAT"
"c:\windows\system32\drivers\63840.DAT"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\cb81D.sys
c:\windows\system32\d9a63.sys
c:\windows\system32\drivers\0263F.DAT
c:\windows\system32\drivers\4fc41.DAT
c:\windows\system32\drivers\63840.DAT
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CB81D
-------\Legacy_D9A63
-------\Legacy_MEMSWEEP2
-------\Service_0263F
-------\Service_4fc41
-------\Service_63840
-------\Service_cb81D
-------\Service_d9a63
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
path=c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
backup=c:\windows\pss\netuza32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 09:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE >>UNKNOWN [0x857D70E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x857d70e8
\Driver\ACPI -> ACPI.sys @ 0xf7580cb8
\Driver\atapi -> atapi.sys @ 0xf753bb40
IoDeviceObjectType -> ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf742ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf743ba21
SendHandler -> NDIS.sys @ 0xf741987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\oodag.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\stsystra.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2010-02-10 10:03:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-10 09:03
ComboFix2.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 602 853 888
Po spuštění: Volných bajtů: 19 454 746 624
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCB8B1E407B8A5D2BA9120CAC5328954
ComboFix 10-02-09.04 - Hajkis 10.02.2010 9:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.517 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN"
"c:\windows\system32\cb81D.sys"
"c:\windows\system32\d9a63.sys"
"c:\windows\system32\drivers\0263F.DAT"
"c:\windows\system32\drivers\4fc41.DAT"
"c:\windows\system32\drivers\63840.DAT"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\cb81D.sys
c:\windows\system32\d9a63.sys
c:\windows\system32\drivers\0263F.DAT
c:\windows\system32\drivers\4fc41.DAT
c:\windows\system32\drivers\63840.DAT
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CB81D
-------\Legacy_D9A63
-------\Legacy_MEMSWEEP2
-------\Service_0263F
-------\Service_4fc41
-------\Service_63840
-------\Service_cb81D
-------\Service_d9a63
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
path=c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
backup=c:\windows\pss\netuza32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 09:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE >>UNKNOWN [0x857D70E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x857d70e8
\Driver\ACPI -> ACPI.sys @ 0xf7580cb8
\Driver\atapi -> atapi.sys @ 0xf753bb40
IoDeviceObjectType -> ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf742ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf743ba21
SendHandler -> NDIS.sys @ 0xf741987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\oodag.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\stsystra.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Celkový čas: 2010-02-10 10:03:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-10 09:03
ComboFix2.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 602 853 888
Po spuštění: Volných bajtů: 19 454 746 624
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCB8B1E407B8A5D2BA9120CAC5328954
Re: Problem s win32 rootkit-gen rtk
tak je to omnoho lepsie - do tretice vsetko dobre >> CFS
>> CFS
Kód: Vybrat vše
File::
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN
c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe
c:\windows\pss\netuza32.exeStartup
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Hajkis^Nabídka Start^Programy^Po spuštění^netuza32.exe]
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Problem s win32 rootkit-gen rtk
combofix:
ComboFix 10-02-09.04 - Hajkis 10.02.2010 10:20:38.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN"
"c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe"
"c:\windows\pss\netuza32.exeStartup"
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-10_08.31.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 09:18 . 2010-02-10 09:18 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 10:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-10 10:27:05
ComboFix-quarantined-files.txt 2010-02-10 09:27
ComboFix2.txt 2010-02-10 09:03
ComboFix3.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 464 863 744
Po spuštění: Volných bajtů: 19 426 033 664
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F7250E98A6FF29EC11A9EC525C076C68
ComboFix 10-02-09.04 - Hajkis 10.02.2010 10:20:38.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.894.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hajkis\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hajkis\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100209-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\netuza32.exe.REN"
"c:\documents and settings\Hajkis\Nabídka Start\Programy\Po spuštění\netuza32.exe"
"c:\windows\pss\netuza32.exeStartup"
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 01:44 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- C:\rsit
2010-02-10 00:15 . 2010-02-10 00:16 -------- d-----w- c:\program files\trend micro
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-02-09 20:37 . 2008-04-13 19:32 196224 ----a-w- c:\windows\system32\dllcache\rdpdr.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-09 20:14 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-09 09:56 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-30 18:51 . 2010-01-30 18:52 -------- d-----w- c:\program files\Machinarium
2010-01-30 17:58 . 2010-01-30 18:03 -------- d-----w- c:\windows\system32\Adobe
2010-01-13 09:16 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 10:10 . 2007-04-28 10:37 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-02-08 19:19 . 2009-03-10 21:18 -------- d-----w- c:\program files\Google
2010-01-30 19:11 . 2007-04-20 18:45 -------- d-----w- c:\program files\Winamp
2010-01-17 18:29 . 2008-02-25 19:53 -------- d-----w- c:\program files\Democracy
2009-12-22 05:09 . 2004-09-16 15:58 668160 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-09-16 15:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-19 10:25 . 2009-12-19 10:25 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-09 00:51 . 2004-09-16 15:58 83586 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 00:51 . 2004-09-16 15:58 439390 ----a-w- c:\windows\system32\perfh005.dat
2009-11-24 23:54 . 2007-04-20 19:21 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-04-20 19:22 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2007-04-20 19:22 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-04-20 19:22 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-04-20 19:22 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-04-20 19:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-09-16 15:58 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-10_08.31.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 09:18 . 2010-02-10 09:18 16384 c:\windows\Temp\Perflib_Perfdata_780.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Hajkis\Nabˇdka Start\Programy\Po spuçtŘnˇ\
netuza32.exe.REN [2008-4-14 23040]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 15:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ModemOnHold"=c:\program files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"SigmatelSysTrayApp"=stsystra.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31.3.2008 5:29 114768]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10.2.2010 2:44 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 5:29 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2007 20:23 643072]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664);c:\program files\Google\Update\GoogleUpdate.exe [10.3.2009 22:19 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-10 19:42]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 21:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
IE: E&xportovat do aplikace Microsoft Excel - c:\docume~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
FF - ProfilePath - c:\documents and settings\Hajkis\Data aplikací\Mozilla\Firefox\Profiles\4v4ktrah.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 10:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F1A3B2F323BDA865E76766EE8FDD12CF29503A41F4ED305C4D80663C474B3DED7D82C9E2BE18F07B8019E2DC6B784E295466E54463207C42E45D5FB8EC2EB170C309664C50D52D537AA1DEBAA96244DBE6EC4BF0CB7DF9012CF7B2653FCCA83D2E170CC2C1E1C1DF233C48DF607291AE2E1EE20319679E5512277F05993993246D3EA2ADFD98B6268AD971F6AC73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667A6A0AC4980AC793303C6F8107E98E1ACCFB356A4EF927145EB6FA787108984B4F84C3EF2951DE983E8C9B065BE684C4071A4AA3513BC84FA96BAC4733528028DC9BB7AA346D0433B0FA4253DD59AD61D3C150A81E720F8DEC06F792186FCB3C97F46FE2DE1E51823BB9F9CE0058D87D592839CB1986183F203DFEEB335121CF98EB494D1C269DE78DA16A2CFEF73E2F5F680502032785CAD1B711183D644C59F8B604806A93F126AFC7A86BCA055F6779330525C263141F76BA0919D6743BE3333BB6E74B79A301E55CEDA0E018B514D364E1AAAC92BF13279F86743C415989D64471DF8F5863C2ABC2CF55DE346875DCD265D82D6D8332B709E48E73111E83F201BACA6D061BC1B2DBFF4797B87B07E7199980FE905CC2C1CC6353553E5496C1063BC43955CBBF048C7B6E4E127E6FE571E0D3105480EEC6F3D6C86B592D6E8FC5E2E46F77CC820511BDC5713CDCBA05FBBBE7A0D14C39B015E736CC56C3472D6DEA8DE901DF510319F50BA6EFB0316871274334C2BC6DB099D15AB569B0637AFCE156E5A6A5B1D71D2BAAC3A84338AF650BBD670276BC267015DBD1E1FF6DABF26A28A34E6111845458C019D0E8899763DE31509F192599B231DCD3845B4F2E0F5437CE0E837C3FC1A773D2513B1D5713102D18D4D1A204EB26ABC21346F8B92612C4189987158938B741D41E2E343F91AECA3554BE686C6EF1D20BD64DE24F61FD80BB8F564822463BD0E469E55DAC477C1D69FD2E2F375B2D33F51A2BAADD57B863FDE513CE16D83D1B2ECBE430A2AE1E0EA0CA2F941EA656E17890FC1929954B7774D50278A5360F461D08D6CB0A77FED92A2C79CBEDC061358F220352AD01EB102BCED57045F81ADA5732A14A5DD0F50374AA8402DA5272B677F9C5B462FDF80DEC7F5834B3C04473DB90682B191E03571D17A5CC143ED625C87A27C280C35EF44EF8CE6CF3A96D09AE9E903112D5C0D14E8CAEEA7D616AA0444A2E70860CB959B95A540764E7E9D6532EEE5743BF78C20A777F7FB27EC3A5FD361EE904C684303020C51960E9445F6A1057D016D44A84E85B6FB519D550822B8F6E56093E1164BE05DE17BB644225D2EEDA2D09A5FA189608E822E49C353365AD0280B1B24EB79C08BBBE5A78E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-10 10:27:05
ComboFix-quarantined-files.txt 2010-02-10 09:27
ComboFix2.txt 2010-02-10 09:03
ComboFix3.txt 2010-02-10 08:33
Před spuštěním: Volných bajtů: 19 464 863 744
Po spuštění: Volných bajtů: 19 426 033 664
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F7250E98A6FF29EC11A9EC525C076C68
Re: Problem s win32 rootkit-gen rtk
takmer fajn
vycisti este PC s MBAM
vycisti este PC s MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Problem s win32 rootkit-gen rtk
Moc, dekuju
Re: Problem s win32 rootkit-gen rtk
za malo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Problem s win32 rootkit-gen rtk
Objevil se nyní ještě jeden problém. Při startu OS počítač jakoby zamrzne. Nemůžu se dostat do nabídky start, ale programy na ploše spustit mohu, i když jdou velmi pomalu. Navíc při spuštění PC mám na výběr, jestli chci spustit OS normálně, či ze zálohy, což před tím také nebývalo. Dále se také objevuje pípání, pokud například chci změnit nastavení programů po spuštění. Pomůže prosím někdo?
tady je log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hajkis at 2010-02-10 15:57:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (17%) free of 111 GB
Total RAM: 894 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:47, on 10.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Hajkis\Plocha\RSIT.exe
C:\Program Files\trend micro\Hajkis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\DOCUME~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9a1c5d9a7f664) (gupdate1c9a1c5d9a7f664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6248 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-04-30 491520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\Quickset.exe [2006-08-23 1032192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-10 14:43:45 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\Malwarebytes
2010-02-10 14:43:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-10 14:43:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 10:32:42 ----SHD---- C:\RECYCLER
2010-02-10 10:27:06 ----A---- C:\ComboFix.txt
2010-02-10 09:26:23 ----RASHD---- C:\cmdcons
2010-02-10 09:24:54 ----D---- C:\WINDOWS\ERDNT
2010-02-10 02:42:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-02-10 01:15:53 ----D---- C:\rsit
2010-02-10 01:15:53 ----D---- C:\Program Files\trend micro
2010-02-09 21:18:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-30 19:51:33 ----D---- C:\Program Files\Machinarium
2010-01-30 18:58:14 ----D---- C:\WINDOWS\system32\Adobe
2010-01-28 20:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-13 10:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 10:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-10 15:31:39 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 15:31:19 ----D---- C:\WINDOWS\Temp
2010-02-10 15:31:00 ----D---- C:\WINDOWS
2010-02-10 15:24:54 ----SD---- C:\WINDOWS\Tasks
2010-02-10 15:24:49 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-02-10 15:22:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 15:19:02 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 15:19:02 ----D---- C:\WINDOWS\system32\config
2010-02-10 15:19:02 ----D---- C:\Program Files\TuneUp Utilities 2007
2010-02-10 15:19:02 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\XnView
2010-02-10 14:53:25 ----D---- C:\WINDOWS\PeerNet
2010-02-10 14:43:38 ----D---- C:\Program Files
2010-02-10 10:33:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 10:25:09 ----A---- C:\WINDOWS\system.ini
2010-02-10 10:23:31 ----D---- C:\WINDOWS\system32
2010-02-10 10:23:31 ----D---- C:\WINDOWS\AppPatch
2010-02-10 10:23:23 ----D---- C:\Program Files\Common Files
2010-02-10 09:52:04 ----SHD---- C:\System Volume Information
2010-02-10 09:52:04 ----D---- C:\WINDOWS\system32\Restore
2010-02-10 09:26:32 ----RASH---- C:\boot.ini
2010-02-10 09:22:11 ----D---- C:\WINDOWS\Prefetch
2010-02-10 02:45:53 ----A---- C:\WINDOWS\WDICT32.INI
2010-02-10 02:36:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-10 02:30:40 ----A---- C:\WINDOWS\win.ini
2010-02-09 21:38:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-09 21:18:35 ----SHD---- C:\WINDOWS\Installer
2010-02-09 21:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-02-09 11:04:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-08 20:19:31 ----D---- C:\Program Files\Google
2010-02-06 22:14:41 ----HD---- C:\WINDOWS\inf
2010-01-30 20:11:47 ----D---- C:\Program Files\Winamp
2010-01-30 19:01:36 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\Adobe
2010-01-28 20:01:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-17 19:29:21 ----D---- C:\Program Files\Democracy
2010-01-17 13:41:17 ----D---- C:\WINDOWS\system32\oodag
2010-01-17 12:34:21 ----A---- C:\WINDOWS\cdplayer.ini
2010-01-13 10:32:15 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-03 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 aswArKrn;aswArKrn; \??\C:\DOCUME~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Hajkis\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-04-20 223128]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-20 643072]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-23 380928]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
tady je log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hajkis at 2010-02-10 15:57:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (17%) free of 111 GB
Total RAM: 894 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:47, on 10.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Hajkis\Plocha\RSIT.exe
C:\Program Files\trend micro\Hajkis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\DOCUME~1\Hajkis\DOKUME~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9a1c5d9a7f664) (gupdate1c9a1c5d9a7f664) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6248 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-04-30 491520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\Quickset.exe [2006-08-23 1032192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-10 14:43:45 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\Malwarebytes
2010-02-10 14:43:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-02-10 14:43:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 10:32:42 ----SHD---- C:\RECYCLER
2010-02-10 10:27:06 ----A---- C:\ComboFix.txt
2010-02-10 09:26:23 ----RASHD---- C:\cmdcons
2010-02-10 09:24:54 ----D---- C:\WINDOWS\ERDNT
2010-02-10 02:42:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-02-10 01:15:53 ----D---- C:\rsit
2010-02-10 01:15:53 ----D---- C:\Program Files\trend micro
2010-02-09 21:18:05 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-30 19:51:33 ----D---- C:\Program Files\Machinarium
2010-01-30 18:58:14 ----D---- C:\WINDOWS\system32\Adobe
2010-01-28 20:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-13 10:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 10:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-10 15:31:39 ----D---- C:\Program Files\Mozilla Firefox
2010-02-10 15:31:19 ----D---- C:\WINDOWS\Temp
2010-02-10 15:31:00 ----D---- C:\WINDOWS
2010-02-10 15:24:54 ----SD---- C:\WINDOWS\Tasks
2010-02-10 15:24:49 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-02-10 15:22:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-10 15:19:02 ----D---- C:\WINDOWS\system32\drivers
2010-02-10 15:19:02 ----D---- C:\WINDOWS\system32\config
2010-02-10 15:19:02 ----D---- C:\Program Files\TuneUp Utilities 2007
2010-02-10 15:19:02 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\XnView
2010-02-10 14:53:25 ----D---- C:\WINDOWS\PeerNet
2010-02-10 14:43:38 ----D---- C:\Program Files
2010-02-10 10:33:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-10 10:25:09 ----A---- C:\WINDOWS\system.ini
2010-02-10 10:23:31 ----D---- C:\WINDOWS\system32
2010-02-10 10:23:31 ----D---- C:\WINDOWS\AppPatch
2010-02-10 10:23:23 ----D---- C:\Program Files\Common Files
2010-02-10 09:52:04 ----SHD---- C:\System Volume Information
2010-02-10 09:52:04 ----D---- C:\WINDOWS\system32\Restore
2010-02-10 09:26:32 ----RASH---- C:\boot.ini
2010-02-10 09:22:11 ----D---- C:\WINDOWS\Prefetch
2010-02-10 02:45:53 ----A---- C:\WINDOWS\WDICT32.INI
2010-02-10 02:36:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-10 02:30:40 ----A---- C:\WINDOWS\win.ini
2010-02-09 21:38:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-09 21:18:35 ----SHD---- C:\WINDOWS\Installer
2010-02-09 21:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-02-09 11:04:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-08 20:19:31 ----D---- C:\Program Files\Google
2010-02-06 22:14:41 ----HD---- C:\WINDOWS\inf
2010-01-30 20:11:47 ----D---- C:\Program Files\Winamp
2010-01-30 19:01:36 ----D---- C:\Documents and Settings\Hajkis\Data aplikací\Adobe
2010-01-28 20:01:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-17 19:29:21 ----D---- C:\Program Files\Democracy
2010-01-17 13:41:17 ----D---- C:\WINDOWS\system32\oodag
2010-01-17 12:34:21 ----A---- C:\WINDOWS\cdplayer.ini
2010-01-13 10:32:15 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-03 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 aswArKrn;aswArKrn; \??\C:\DOCUME~1\Hajkis\LOCALS~1\Temp\aswArKrn.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Hajkis\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-04-20 223128]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-04-20 643072]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-23 380928]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9a1c5d9a7f664;Služba Google Update (gupdate1c9a1c5d9a7f664); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Problem s win32 rootkit-gen rtk
Opravdu nikdo neví, co by mohlo být za problém? Avast ani Anti-Malware nic nedetekují. Navíc se teď objevila chybové hlášení - bad direct sound driver.
Re: Problem s win32 rootkit-gen rtk
preventivne prescanuj PC s MWAV
+
chybova hlaska sa tyka ovladaca zvuk. karty > skus preinstalovat
+
chybova hlaska sa tyka ovladaca zvuk. karty > skus preinstalovat
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?