RSIT - kontrola, podezření na rootkit

Zpráva

Thor · #1 Příspěvek od **Thor** » 14 dub 2010 20:45

Dobrý den,
v poslední době mi pc začal dělat nepořádek. Např. se při hraní UT 2004 trhá obraz, seká se celá hra v podstatě. Jěště včera mi to nedělalo a normálně jsem si hrál

Projel jsme pc avirou, spybotem a SASem a našel jsem TROJAN v programu iPatch.exe, který si můj bratr stáhl. Tak jsem to vymazal, ale pc se mi sekne (využití CPU: 10% !!!) při zmáčknutí kláves typu: My Computer/ Calculator/ WWW - mám totiž multimediální klávesnici. Nemůžu otevřít např. ikonu Tento počítač ani jiné ikony, ale klávesovou zkratnkou Ctrl+Alt+Del nebo Ctrl+Shift+Esc mohu zobrazit Správce. Ba dokonce lze zobrazit Spustit pomocí Win+R. Ale nemůžu tam nic psát, ani nic myší spustit.

Je možné, aby to seknutí bylo způsobeno tím, že jsme rozebrali klávesnici a umyli ji (pouze tlačítka, na desku se spoji jsme nesahali)?
Já si myslím, že máme v pc nějaký ten Rootkit, protože Avira hlásila Hidden Objecty v pc. Proto přikládám log pro kontrolu.

Prosím o jeho kontrolu. Děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2010-04-14 21:30:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (42%) free of 25 GB
Total RAM: 1535 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:29, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Vlastik\[Programs]\Install (new windows)\RSIT\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [win2kproces2] C:\WINDOWS\system32:win2kk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5087 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"win2kproces2"=C:\WINDOWS\system32:win2kk.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-12-28 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2002-07-05 491008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-19 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-14 2010864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-14 21:30:22 ----D---- C:\rsit
2010-04-14 20:11:43 ----D---- C:\WINDOWS\SevenMizer
2010-04-14 19:38:43 ----A---- C:\WINDOWS\Instit.ini
2010-04-14 19:38:42 ----D---- C:\Program Files\KYE
2010-04-14 19:38:42 ----A---- C:\WINDOWS\mHotkey.exe
2010-04-14 19:38:42 ----A---- C:\WINDOWS\InstIt.exe
2010-04-14 19:38:41 ----A---- C:\WINDOWS\HKNTDLL.dll
2010-04-10 17:22:55 ----D---- C:\WINDOWS\Downloaded Installations
2010-04-08 14:17:02 ----D---- C:\Documents and Settings\Mike\Data aplikací\Thinstall
2010-04-06 20:27:45 ----D---- C:\Program Files\QuickTime
2010-04-06 20:27:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-04-06 15:08:16 ----D---- C:\Documents and Settings\Mike\Data aplikací\edxLabs
2010-04-05 18:01:16 ----A---- C:\WINDOWS\system32\mfc45.dll
2010-04-05 18:00:47 ----D---- C:\Documents and Settings\Mike\Data aplikací\iolo
2010-04-05 18:00:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\iolo
2010-04-03 15:44:00 ----D---- C:\Program Files\outlook express
2010-04-03 15:30:27 ----D---- C:\Program Files\Lavalys
2010-04-01 21:27:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2010-04-01 18:37:27 ----D---- C:\Program Files\Common Files\ChaosGroup
2010-04-01 08:33:45 ----A---- C:\WINDOWS\system32\muweb.dll
2010-04-01 08:33:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-04-01 08:33:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-29 15:02:48 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-27 13:18:53 ----D---- C:\Documents and Settings\Mike\Data aplikací\Avira

======List of files/folders modified in the last 1 months======

2010-04-14 21:29:15 ----D---- C:\WINDOWS\Temp
2010-04-14 21:28:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-14 21:28:30 ----D---- C:\WINDOWS
2010-04-14 21:23:13 ----AD---- C:\WINDOWS\system32
2010-04-14 21:12:57 ----D---- C:\WINDOWS\Internet Logs
2010-04-14 20:50:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 20:19:58 ----RASH---- C:\boot.ini
2010-04-14 20:19:58 ----A---- C:\WINDOWS\win.ini
2010-04-14 20:19:58 ----A---- C:\WINDOWS\system.ini
2010-04-14 20:17:33 ----D---- C:\WINDOWS\system32\wbem
2010-04-14 20:17:33 ----D---- C:\WINDOWS\network diagnostic
2010-04-14 20:17:33 ----D---- C:\Program Files\Windows Media Player
2010-04-14 20:17:33 ----D---- C:\Program Files\NetMeeting
2010-04-14 20:17:33 ----D---- C:\Program Files\Movie Maker
2010-04-14 20:17:33 ----D---- C:\Program Files\Internet Explorer
2010-04-14 20:17:32 ----D---- C:\WINDOWS\system32\usmt
2010-04-14 20:17:32 ----D---- C:\WINDOWS\system32\Setup
2010-04-14 20:17:32 ----D---- C:\WINDOWS\system32\Restore
2010-04-14 20:17:32 ----D---- C:\WINDOWS\system32\oobe
2010-04-14 20:17:32 ----D---- C:\WINDOWS\srchasst
2010-04-14 20:17:32 ----D---- C:\WINDOWS\msagent
2010-04-14 20:17:32 ----D---- C:\WINDOWS\ime
2010-04-14 20:17:32 ----D---- C:\Program Files\Windows NT
2010-04-14 20:17:32 ----D---- C:\Program Files\Common Files\System
2010-04-14 20:17:31 ----D---- C:\WINDOWS\system32\1029
2010-04-14 20:16:34 ----A---- C:\WINDOWS\system32\uxtheme.dll
2010-04-14 20:16:30 ----D---- C:\WINDOWS\Media
2010-04-14 20:16:27 ----RSD---- C:\WINDOWS\Fonts
2010-04-14 20:16:27 ----D---- C:\WINDOWS\Cursors
2010-04-14 20:12:40 ----D---- C:\WINDOWS\Prefetch
2010-04-14 19:38:42 ----RD---- C:\Program Files
2010-04-14 19:38:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-14 18:52:36 ----D---- C:\Documents and Settings\Mike\Data aplikací\Skype
2010-04-14 16:33:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 16:12:32 ----D---- C:\Documents and Settings\Mike\Data aplikací\skypePM
2010-04-14 15:42:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-14 14:16:21 ----D---- C:\WINDOWS\Registration
2010-04-14 14:12:05 ----SHD---- C:\System Volume Information
2010-04-14 13:31:59 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-13 17:22:00 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-04-13 14:03:10 ----SHD---- C:\WINDOWS\Installer
2010-04-13 14:02:05 ----D---- C:\Program Files\Adobe
2010-04-13 12:18:26 ----D---- C:\WINDOWS\system32\drivers
2010-04-10 00:58:06 ----D---- C:\Program Files\L2Informer
2010-04-08 19:03:13 ----D---- C:\Documents and Settings\Mike\Data aplikací\XnView
2010-04-07 21:55:39 ----D---- C:\WINDOWS\system32\config
2010-04-02 22:31:36 ----D---- C:\Program Files\CCleaner
2010-04-02 17:50:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 21:55:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-01 21:31:31 ----D---- C:\Documents and Settings\Mike\Data aplikací\Google
2010-04-01 18:37:27 ----D---- C:\Program Files\Common Files
2010-04-01 15:41:21 ----HD---- C:\WINDOWS\inf
2010-04-01 11:35:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-01 11:30:14 ----RSD---- C:\WINDOWS\assembly
2010-04-01 11:11:44 ----D---- C:\WINDOWS\ie8updates
2010-04-01 11:11:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-01 11:11:26 ----D---- C:\WINDOWS\WinSxS
2010-03-30 10:14:26 ----D---- C:\Documents and Settings
2010-03-29 16:13:36 ----SHD---- C:\RECYCLER
2010-03-29 15:02:48 ----D---- C:\WINDOWS\repair
2010-03-29 07:22:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-23 271360]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-23 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 a9fb5bsu;a9fb5bsu; C:\WINDOWS\system32\drivers\a9fb5bsu.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-01-17 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-01-17 25512]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-26 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-26 21488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 npkcrypt;npkcrypt; \??\D:\Games\Interlude\system\npkcrypt.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva324;XDva324; \??\C:\WINDOWS\system32\XDva324.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-18 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-18 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-19 153376]
S3 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 14 dub 2010 20:52

Zdravím

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Thor · #3 Příspěvek od **Thor** » 14 dub 2010 21:28

Zde je:
Jěště mám otázku: Jaký je rozdíl mezi účtem mým (Mike), který má práva stejná jako adminiastrator a účtem adminstratora do kterého se musím dostat přes Nouzový režim (F8) ? Já vidím rozdíl v tom, že v F8 Administrátorském účtu běží jen základní procesy a tudíž Combo Fix nic neruší, zatímco v mém normálním účtu (Mike) mohou běžet ostatní procesy.

ComboFix 10-04-14.01 - Administrator 14.04.2010 22:10:24.1.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1187 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\drivers\etc\lmhosts

Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SevenMizer\old\midimap.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-14 20:06 . 2010-04-14 19:55 3915740 ----a-r- C:\ComboFix.exe
2010-04-14 19:30 . 2010-04-14 19:30 -------- d-----w- C:\rsit
2010-04-14 18:11 . 2010-04-14 18:16 -------- d-----w- c:\windows\SevenMizer
2010-04-14 17:38 . 2002-11-06 13:14 4282 ----a-w- c:\windows\NT4_98.reg
2010-04-14 17:38 . 2002-11-06 08:15 4264 ----a-w- c:\windows\MeXP.reg
2010-04-14 17:38 . 2002-11-06 08:15 4280 ----a-w- c:\windows\2K.reg
2010-04-14 17:38 . 2010-04-14 17:38 -------- d-----w- c:\program files\KYE
2010-04-14 17:38 . 2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe
2010-04-14 17:38 . 2001-09-06 18:45 233472 ----a-w- c:\windows\InstIt.exe
2010-04-14 17:38 . 2001-07-02 18:36 24576 ----a-w- c:\windows\HKNTDLL.dll
2010-04-13 09:45 . 2010-04-13 09:45 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-04-10 15:22 . 2010-04-10 17:02 -------- d-----w- c:\windows\Downloaded Installations
2010-04-06 18:27 . 2010-04-06 18:29 -------- d-----w- c:\program files\QuickTime
2010-04-05 16:01 . 2010-04-05 16:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-03 13:30 . 2010-04-03 13:36 -------- d-----w- c:\program files\Lavalys
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-04-01 06:33 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 06:33 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-29 13:02 . 2010-04-14 12:12 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 18:16 . 2002-09-20 18:04 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-14 17:38 . 2009-12-18 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 14:24 . 2010-04-14 14:25 3301376 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-04-14 11:31 . 2009-12-18 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 08:23 . 2009-12-21 07:19 5564500 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-10 23:07 . 2010-04-11 08:23 3233280 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-04-09 22:58 . 2009-12-19 20:44 -------- d-----w- c:\program files\L2Informer
2010-04-03 06:56 . 2010-04-03 12:37 39424 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-04-02 20:31 . 2009-12-18 14:11 -------- d-----w- c:\program files\CCleaner
2010-04-01 20:07 . 2010-04-02 05:28 80384 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-03-29 17:34 . 2010-03-30 07:22 68608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-03-29 05:22 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 05:22 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 19:57 . 2010-03-29 05:20 3117568 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-03-21 14:29 . 2010-03-21 14:30 49664 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-03-15 13:48 . 2010-03-16 05:22 102400 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-03-13 20:04 . 2010-01-21 17:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-03 20:32 . 2010-03-03 20:32 0 ----a-w- c:\windows\PowerReg.dat
2010-03-01 08:05 . 2009-12-18 14:07 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 22:00 . 2010-03-01 07:17 36864 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-02-25 17:44 . 2010-02-26 13:02 75264 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-02-25 06:18 . 2002-09-20 18:05 1017856 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:37 . 2010-02-24 18:37 4096 ----a-w- c:\windows\d3dx.dat
2010-02-23 13:48 . 2010-02-23 13:48 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-23 13:48 . 2010-02-23 13:48 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-23 13:30 . 2010-02-23 13:25 25 ---h--w- c:\program files\Common Files\common.log
2010-02-21 19:46 . 2009-12-18 14:13 -------- d-----w- c:\program files\JetAudio
2010-02-20 15:21 . 2010-02-20 15:21 -------- d-----w- c:\program files\Boris Fx, Inc
2010-02-19 12:25 . 2010-02-19 12:24 -------- d-----w- c:\program files\Google
2010-02-18 18:35 . 2010-02-18 18:38 121856 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-02-16 12:24 . 2009-12-18 14:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 16:00 . 2010-02-14 16:19 2022400 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-02-12 22:52 . 2010-02-13 10:51 2023936 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-02-12 07:31 . 2010-02-12 08:10 2008064 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-02-11 21:36 . 2010-02-12 06:57 2026496 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-02-10 20:52 . 2010-02-11 06:47 2009088 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-02-08 20:41 . 2010-02-09 06:50 2000384 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-02-05 16:42 . 2010-02-07 16:00 1968640 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-02-02 23:19 . 2010-02-03 10:51 1926656 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-24 16:17 . 2010-01-25 06:20 36864 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-22 12:45 . 2010-01-23 09:14 111616 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-17 20:30 . 2010-01-17 20:30 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-17 20:30 . 2010-01-17 20:30 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-17 20:30 . 2010-01-17 20:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-16 08:12 . 2010-01-16 08:24 258352 ----a-w- c:\windows\system32\unicows.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2010-02-25 . F6B19C3520F8F33ED4E86B97E5FED45A . 5944832 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 4045EC195F5456FC803D9DDD22B83562 . 6167552 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FCB06A625ED7A348C4CE48716995937A . 3091968 . . [6.00.2900.5897] . . c:\windows\ie8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\mshtml.dll
[7] 2009-10-29 . 620A3A8FEAF5A007236013A3AC109905 . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[7] 2009-12-09 . 7782F11AE957B736585870CD2671227B . 2191488 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 3B0DC252A20C8A938ED21073EE736AEA . 2191360 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-12-09 . 34273D5C218B38F5BF406E00C7CC9A7D . 2369152 . . [5.1.2600.5913] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-12-09 . 3B0DC252A20C8A938ED21073EE736AEA . 2191360 . . [5.1.2600.5913] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2009-12-09 . 34273D5C218B38F5BF406E00C7CC9A7D . 2369152 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-12-09 . 34273D5C218B38F5BF406E00C7CC9A7D . 2369152 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . F61EB18DA0AA630E2F8A944ED6BD3BF9 . 2191360 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 3502DBBC657001D7A2A2768BD7DE1483 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 97480EBFE1D4B547657BAD75AAAB1325 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 . C1536014AC1CB1D5397E31D9735E6571 . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2002-09-20 . 21CDBE74E5C5F435B6C27DDA1BD27B34 . 2042112 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2010-02-25 . 4A4C190879347A0064731F39610F1F72 . 916480 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . B3698A70E869D9AD36A88EDB7602E864 . 1017856 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\wininet.dll
[7] 2009-10-29 . 6A0AC16511C25008628F632963F24475 . 668160 . . [6.00.2900.5897] . . c:\windows\ie8\wininet.dll
[7] 2009-10-29 . 7443D3D3D1025FEA4BF7BC35EA1F93BD . 669696 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-12-09 . 58516936F00D10D4B615C458A8A4AB71 . 2068352 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 166530C022AB3A0F9EADB20633AE034E . 2068224 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-12-09 . C45538016E8B6C3452E7B4D3FB21A9EE . 2246016 . . [5.1.2600.5913] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-12-09 . 166530C022AB3A0F9EADB20633AE034E . 2068224 . . [5.1.2600.5913] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2009-12-09 . C45538016E8B6C3452E7B4D3FB21A9EE . 2246016 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-12-09 . C45538016E8B6C3452E7B4D3FB21A9EE . 2246016 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-08-04 . 97815C93200676C727CE951AE5C78137 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 182A95C233C9C254FEE7F047E6CA73D1 . 2068224 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-09 . FF8A3F180A224AA27EBAB937CA027F4D . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 4DEE41C45E803DB91A72FD1BA69C05EE . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2002-09-20 . 42D5A8CF5E356F48FB36E388B1D87E6E . 1947776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-12-27 23:25 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 13:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 13:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-18 22:49 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-14 11:31 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58502:TCP"= 58502:TCP:Pando Media Booster
"58502:UDP"= 58502:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 14:05 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12.10.2009 22:24 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:07 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.2.2010 14:24 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.1.2010 22:30 13224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 12872]
S3 XDva324;XDva324;\??\c:\windows\system32\XDva324.sys --> c:\windows\system32\XDva324.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &U????????? - c:\program files\NamiRobot\Data\du.html
IE: &U???????????? - c:\documents and settings\Mike\Plocha\Nami\NamiRobot\Data\du.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Mike\Data aplikací\Mozilla\Firefox\Profiles\yto2aazn.default\
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-win2kproces2 - c:\windows\system32:win2kk.exe
ActiveSetup-{DCC75B46-2D2D-8CC5-F389-CCF06B7270D8} - c:\windows\system32:win2kk.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 22:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
win2kproces2 = c:\windows\system32:win2kk.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

c:\windows\system32:win2kk.exe 368640 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spcz.sys >>UNKNOWN [0x898CA938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74a3cb8
\Driver\atapi -> prosync1.sys @ 0xf798f6c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(544)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3340)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-14 22:24:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-14 20:24

Před spuštěním: Volných bajtů: 12 607 754 240
Po spuštění: Volných bajtů: 10 919 735 296

- - End Of File - - 15DBBCAA5CA382D84E61171CF760025F

#4 Příspěvek od **Caroprd111** » 15 dub 2010 05:12

Zazálohujte si důležitá data

http://www.viry.cz/forum/viewtopic.php?f=46&t=7554 ComboFix můžete spouštět i na účtu s právy administrátora (u Vás Mike), ale nezapomeňte na to, že musíte odstavit ochranu (antivir, firewall atp.)

Obrázek

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File:: 
c:\windows\system32:win2kk.exe

Registry::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"win2kproces2"=-

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\user32.dll
c:\windows\system32\wininet.dll
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\XDva324.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Thor · #5 Příspěvek od **Thor** » 15 dub 2010 15:11

Log z Combo Fixu:

ComboFix 10-04-14.03 - Administrator 15.04.2010 15:53:02.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1289 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32:win2kk.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-15 do 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-14 18:11 . 2010-04-14 18:16 -------- d-----w- c:\windows\SevenMizer
2010-04-14 17:38 . 2002-11-06 13:14 4282 ----a-w- c:\windows\NT4_98.reg
2010-04-14 17:38 . 2002-11-06 08:15 4264 ----a-w- c:\windows\MeXP.reg
2010-04-14 17:38 . 2002-11-06 08:15 4280 ----a-w- c:\windows\2K.reg
2010-04-14 17:38 . 2010-04-14 17:38 -------- d-----w- c:\program files\KYE
2010-04-14 17:38 . 2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe
2010-04-14 17:38 . 2001-09-06 18:45 233472 ----a-w- c:\windows\InstIt.exe
2010-04-14 17:38 . 2001-07-02 18:36 24576 ----a-w- c:\windows\HKNTDLL.dll
2010-04-13 09:45 . 2010-04-13 09:45 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-04-10 15:22 . 2010-04-10 17:02 -------- d-----w- c:\windows\Downloaded Installations
2010-04-06 18:27 . 2010-04-06 18:29 -------- d-----w- c:\program files\QuickTime
2010-04-05 16:01 . 2010-04-05 16:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-03 13:30 . 2010-04-03 13:36 -------- d-----w- c:\program files\Lavalys
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-04-01 06:33 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 06:33 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-29 13:02 . 2010-04-14 12:12 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 18:16 . 2002-09-20 18:04 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-14 17:38 . 2009-12-18 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 14:24 . 2010-04-14 14:25 3301376 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-04-14 11:31 . 2009-12-18 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 08:23 . 2009-12-21 07:19 5564500 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-10 23:07 . 2010-04-11 08:23 3233280 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-04-09 22:58 . 2009-12-19 20:44 -------- d-----w- c:\program files\L2Informer
2010-04-03 06:56 . 2010-04-03 12:37 39424 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-04-02 20:31 . 2009-12-18 14:11 -------- d-----w- c:\program files\CCleaner
2010-04-01 20:07 . 2010-04-02 05:28 80384 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-03-29 17:34 . 2010-03-30 07:22 68608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-03-29 05:22 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 05:22 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 19:57 . 2010-03-29 05:20 3117568 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-03-21 14:29 . 2010-03-21 14:30 49664 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-03-15 13:48 . 2010-03-16 05:22 102400 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-03-13 20:04 . 2010-01-21 17:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-10 06:17 . 2002-09-20 18:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 20:32 . 2010-03-03 20:32 0 ----a-w- c:\windows\PowerReg.dat
2010-03-01 08:05 . 2009-12-18 14:07 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 22:00 . 2010-03-01 07:17 36864 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-02-25 17:44 . 2010-02-26 13:02 75264 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-02-25 06:18 . 2002-09-20 18:05 1017856 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:37 . 2010-02-24 18:37 4096 ----a-w- c:\windows\d3dx.dat
2010-02-24 13:11 . 2002-08-29 01:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 13:48 . 2010-02-23 13:48 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-23 13:48 . 2010-02-23 13:48 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-23 13:30 . 2010-02-23 13:25 25 ---h--w- c:\program files\Common Files\common.log
2010-02-21 19:46 . 2009-12-18 14:13 -------- d-----w- c:\program files\JetAudio
2010-02-20 15:21 . 2010-02-20 15:21 -------- d-----w- c:\program files\Boris Fx, Inc
2010-02-19 12:25 . 2010-02-19 12:24 -------- d-----w- c:\program files\Google
2010-02-18 18:35 . 2010-02-18 18:38 121856 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-02-17 12:09 . 2002-09-20 17:12 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-20 17:12 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-12-18 14:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 16:00 . 2010-02-14 16:19 2022400 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-02-12 22:52 . 2010-02-13 10:51 2023936 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-02-12 07:31 . 2010-02-12 08:10 2008064 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-02-12 04:35 . 2002-09-20 18:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 21:36 . 2010-02-12 06:57 2026496 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-02-11 12:02 . 2002-08-29 01:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 20:52 . 2010-02-11 06:47 2009088 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-02-08 20:41 . 2010-02-09 06:50 2000384 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-02-05 16:42 . 2010-02-07 16:00 1968640 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-02-02 23:19 . 2010-02-03 10:51 1926656 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-24 16:17 . 2010-01-25 06:20 36864 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-22 12:45 . 2010-01-23 09:14 111616 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-17 20:30 . 2010-01-17 20:30 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-17 20:30 . 2010-01-17 20:30 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-17 20:30 . 2010-01-17 20:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-16 08:12 . 2010-01-16 08:24 258352 ----a-w- c:\windows\system32\unicows.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2010-02-25 . F6B19C3520F8F33ED4E86B97E5FED45A . 5944832 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 4045EC195F5456FC803D9DDD22B83562 . 6167552 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FCB06A625ED7A348C4CE48716995937A . 3091968 . . [6.00.2900.5897] . . c:\windows\ie8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\mshtml.dll
[7] 2009-10-29 . 620A3A8FEAF5A007236013A3AC109905 . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2010-02-25 . 4A4C190879347A0064731F39610F1F72 . 916480 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . B3698A70E869D9AD36A88EDB7602E864 . 1017856 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\wininet.dll
[7] 2009-10-29 . 6A0AC16511C25008628F632963F24475 . 668160 . . [6.00.2900.5897] . . c:\windows\ie8\wininet.dll
[7] 2009-10-29 . 7443D3D3D1025FEA4BF7BC35EA1F93BD . 669696 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-12-27 23:25 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 13:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 13:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-18 22:49 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-14 11:31 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58502:TCP"= 58502:TCP:Pando Media Booster
"58502:UDP"= 58502:UDP:Pando Media Booster

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 14:05 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12.10.2009 22:24 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:07 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.2.2010 14:24 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.1.2010 22:30 13224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 12872]
S3 XDva324;XDva324;\??\c:\windows\system32\XDva324.sys --> c:\windows\system32\XDva324.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 15:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\system32:win2kk.exe 368640 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2010-04-15 16:02:34
ComboFix-quarantined-files.txt 2010-04-15 14:02

Před spuštěním: Volných bajtů: 12 268 232 704
Po spuštění: Volných bajtů: 12 252 463 104

- - End Of File - - 346D114B4C96685B075C9D5900067954

Tady výsledky z virustotal.com:

http://www.virustotal.com/cs/analisis/d ... 1271338518
http://www.virustotal.com/cs/analisis/6 ... 1271338708
http://www.virustotal.com/cs/analisis/d ... 1271338820
http://www.virustotal.com/cs/analisis/8 ... 1271338783
http://www.virustotal.com/cs/analisis/9 ... 1271338759
http://www.virustotal.com/cs/analisis/3 ... 1271338887
http://www.virustotal.com/cs/analisis/a ... 1271338913
http://www.virustotal.com/cs/analisis/4 ... 1271338958
http://www.virustotal.com/cs/analisis/8 ... 1271339142

Vše v pořádku, žádný infikovaný soubor.

Počítač běží zatím dobře. UT 2004 se po vymazání toho včerejšího souboru Combo Fixem neseká, ani při stisknutí kláves My Pc a Calculatro se pc nesekne.

On byl totiž nakažen systémový soubor podle Combo Fixu, takže to všechno bylo tím souborem. Ale neprovedem jěště kontrolu na Rootkit raději?

#6 Příspěvek od **Caroprd111** » 15 dub 2010 15:15

Zkuste v PC najít (prohledávejte i skryté soubory).
c:\windows\system32:win2kk.exe

Thor · #7 Příspěvek od **Thor** » 15 dub 2010 16:48

Co mám najít? Ten soubor co je zeleně, nebo rootkity a popřípadě čím?

#8 Příspěvek od **Caroprd111** » 15 dub 2010 16:50

Ten soubor co je zeleně.

Thor · #9 Příspěvek od **Thor** » 15 dub 2010 16:51

Ve složce windows, system 32 je pouze tento soubor:

#10 Příspěvek od **Caroprd111** » 15 dub 2010 16:52

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Thor · #11 Příspěvek od **Thor** » 16 dub 2010 11:26

Proheldal jsem pc ( zaskrtl jsem i skryté soubory) a soubor: c:\windows\system32:win2kk.exe to nenašlo.

1. Odinstaloval jsem DEAMON.

2. SPTD jsem nainstaloval spustil a restartoval.

3. Deffoger taktéž.
log: defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:06 on 15/04/2010 (Mike)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

4. MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS NDIS.sys NVENET.sys
kernel: MBR read successfully
user & kernel MBR OK

5. Gmer:

log 1.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-16 10:28:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pxtdqpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

log 2:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-16 12:21:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\pxtdqpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB8FCCFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB8FC9C80]
SSDT F7AADC66 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB8FCD580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB8FE1900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB8FE1B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB8FE5B10]
SSDT F7AADC5C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB8FCD670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB8FCA210]
SSDT F7AADC6B ZwDeleteKey
SSDT F7AADC75 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB8FE1280]
SSDT F7AADC7A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB8FE4F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB8FCA070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB8FE3180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB8FE2F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB8FE56F0]
SSDT F7AADC84 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB8FCCBE0]
SSDT F7AADC7F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB8FCD190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB8FCA440]
SSDT F7AADC70 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB8FE2200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB8FE2080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, D5, FC, B8, 00, 19, FE, ...]
? srescan.sys Systém nemůže nalézt uvedený soubor. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA440360, 0x37388D, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB815B300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF780F300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B8FCFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B8FCFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B8FCFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B8FCFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B8FEAB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B8FD1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B8FCFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B8FD2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B8FD1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B8FCA8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B8FCAA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B8FCA5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B8FCA980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\prodrv06 \Device\ProDrv06 E156E008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E1012E98
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0x55 0x5D 0xA1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDA 0x55 0x5D 0xA1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.m4v?*.mpg?VIDEO\*.mpg?*.

---- Files - GMER 1.0.15 ----

ADS C:\WINDOWS\system32:win2kk.exe 368640 bytes executable

---- EOF - GMER 1.0.15 ----

Ovšem v GMERu to píše něco o tom zeleném souboru, tak nevím jestli se znovu nevytvořil. Myslím jestli nemá zadní vrátka. Avšak když jsem se podíval ručně do složky, tak jsem ho tam nenašel.

#12 Příspěvek od **Caroprd111** » 16 dub 2010 13:05

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

ADS::
C:\WINDOWS\system32

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Thor · #13 Příspěvek od **Thor** » 16 dub 2010 14:28

ComboFix 10-04-14.03 - Administrator 16.04.2010 15:12:24.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1290 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - system32: deleted 418609 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-16 do 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-14 18:11 . 2010-04-14 18:16 -------- d-----w- c:\windows\SevenMizer
2010-04-14 17:38 . 2002-11-06 13:14 4282 ----a-w- c:\windows\NT4_98.reg
2010-04-14 17:38 . 2002-11-06 08:15 4264 ----a-w- c:\windows\MeXP.reg
2010-04-14 17:38 . 2002-11-06 08:15 4280 ----a-w- c:\windows\2K.reg
2010-04-14 17:38 . 2010-04-14 17:38 -------- d-----w- c:\program files\KYE
2010-04-14 17:38 . 2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe
2010-04-14 17:38 . 2001-09-06 18:45 233472 ----a-w- c:\windows\InstIt.exe
2010-04-14 17:38 . 2001-07-02 18:36 24576 ----a-w- c:\windows\HKNTDLL.dll
2010-04-13 09:45 . 2010-04-13 09:45 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-04-10 15:22 . 2010-04-10 17:02 -------- d-----w- c:\windows\Downloaded Installations
2010-04-06 18:27 . 2010-04-06 18:29 -------- d-----w- c:\program files\QuickTime
2010-04-05 16:01 . 2010-04-05 16:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-03 13:30 . 2010-04-03 13:36 -------- d-----w- c:\program files\Lavalys
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-04-01 06:33 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-01 06:33 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-29 13:02 . 2010-04-14 12:12 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 18:16 . 2002-09-20 18:04 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-04-14 17:38 . 2009-12-18 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 14:24 . 2010-04-14 14:25 3301376 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-04-14 11:31 . 2009-12-18 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 08:23 . 2009-12-21 07:19 5564500 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-10 23:07 . 2010-04-11 08:23 3233280 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-04-09 22:58 . 2009-12-19 20:44 -------- d-----w- c:\program files\L2Informer
2010-04-03 06:56 . 2010-04-03 12:37 39424 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-04-02 20:31 . 2009-12-18 14:11 -------- d-----w- c:\program files\CCleaner
2010-04-01 20:07 . 2010-04-02 05:28 80384 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-04-01 16:37 . 2010-04-01 16:37 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-03-29 17:34 . 2010-03-30 07:22 68608 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-03-29 05:22 . 2001-10-25 14:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 05:22 . 2001-10-25 14:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 19:57 . 2010-03-29 05:20 3117568 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-03-21 14:29 . 2010-03-21 14:30 49664 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-03-15 13:48 . 2010-03-16 05:22 102400 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-03-13 20:04 . 2010-01-21 17:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-10 06:17 . 2002-09-20 18:04 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 20:32 . 2010-03-03 20:32 0 ----a-w- c:\windows\PowerReg.dat
2010-03-01 08:05 . 2009-12-18 14:07 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 22:00 . 2010-03-01 07:17 36864 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-02-25 17:44 . 2010-02-26 13:02 75264 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-02-25 06:18 . 2002-09-20 18:05 1017856 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 18:37 . 2010-02-24 18:37 4096 ----a-w- c:\windows\d3dx.dat
2010-02-24 13:11 . 2002-08-29 01:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 13:48 . 2010-02-23 13:48 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-23 13:48 . 2010-02-23 13:48 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-23 13:30 . 2010-02-23 13:25 25 ---h--w- c:\program files\Common Files\common.log
2010-02-21 19:46 . 2009-12-18 14:13 -------- d-----w- c:\program files\JetAudio
2010-02-20 15:21 . 2010-02-20 15:21 -------- d-----w- c:\program files\Boris Fx, Inc
2010-02-19 12:25 . 2010-02-19 12:24 -------- d-----w- c:\program files\Google
2010-02-18 18:35 . 2010-02-18 18:38 121856 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-02-17 12:09 . 2002-09-20 17:12 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2002-09-20 17:12 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-12-18 14:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 16:00 . 2010-02-14 16:19 2022400 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-02-12 22:52 . 2010-02-13 10:51 2023936 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-02-12 07:31 . 2010-02-12 08:10 2008064 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-02-12 04:35 . 2002-09-20 18:03 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 21:36 . 2010-02-12 06:57 2026496 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-02-11 12:02 . 2002-08-29 01:37 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 20:52 . 2010-02-11 06:47 2009088 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-02-08 20:41 . 2010-02-09 06:50 2000384 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-02-05 16:42 . 2010-02-07 16:00 1968640 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-02-02 23:19 . 2010-02-03 10:51 1926656 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-24 16:17 . 2010-01-25 06:20 36864 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-22 12:45 . 2010-01-23 09:14 111616 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-17 20:30 . 2010-01-17 20:30 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-17 20:30 . 2010-01-17 20:30 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-17 20:30 . 2010-01-17 20:30 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2002-09-20 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . FD237626C1CF8950B3DA805491C8528B . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2002-09-20 . 018875C2BB77F304A7CF7153E088DAAA . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2010-02-25 . F6B19C3520F8F33ED4E86B97E5FED45A . 5944832 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\mshtml.dll
[-] 2010-02-25 . 0487DEFC8059F4E996533DB264C2DC8A . 6169600 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-02-25 . AC93856CC1D10E74986EA4E70D90748F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . 4045EC195F5456FC803D9DDD22B83562 . 6167552 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . BD424F12E808F3AA345C4816F7124F7C . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FCB06A625ED7A348C4CE48716995937A . 3091968 . . [6.00.2900.5897] . . c:\windows\ie8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . 00EC3DE6B7C581CC2675CCD549B692D7 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . FC883BC594F028EF5D77B645AE91C914 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\mshtml.dll
[7] 2009-10-29 . 620A3A8FEAF5A007236013A3AC109905 . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 581480DE9C65D6BD0552E35BF17379B2 . 587776 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2002-09-20 . 8A4AC21E2A55ECA66FBC5EDD40231845 . 560128 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2010-02-25 . 4A4C190879347A0064731F39610F1F72 . 916480 . . [8.00.6001.18904] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\wininet.dll
[-] 2010-02-25 . AF206AC5D30E9360C815ADB4148CCD7B . 1017856 . . [8.00.6001.18904] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-02-25 . 2E6504E28C7E0F753F68731861A94214 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . B3698A70E869D9AD36A88EDB7602E864 . 1017856 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 . 9256DA4AEE5E2C20FC6C126BDBC11997 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . F651D2A69B7037D6063BC697CF296D8C . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3GDR\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 4941ADD731725AF468342E42B71F776C . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\2bf25c1ca989169e2bb8c182b7dc42d2\SP3QFE\wininet.dll
[7] 2009-10-29 . 6A0AC16511C25008628F632963F24475 . 668160 . . [6.00.2900.5897] . . c:\windows\ie8\wininet.dll
[7] 2009-10-29 . 7443D3D3D1025FEA4BF7BC35EA1F93BD . 669696 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . D29624A9F744E5AD33A49EB29A5A6395 . 1559040 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2002-09-20 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 25088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-12-27 23:25 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-07-05 14:37 491008 ----a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 25088 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 13:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 13:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-18 22:49 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-14 11:31 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58502:TCP"= 58502:TCP:Pando Media Booster
"58502:UDP"= 58502:UDP:Pando Media Booster

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12.10.2009 22:24 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:07 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.2.2010 14:24 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17.1.2010 22:30 13224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 12872]
S3 XDva324;XDva324;\??\c:\windows\system32\XDva324.sys --> c:\windows\system32\XDva324.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 12:24]
.
.
------- Doplňkový sken -------
.
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 15:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2010-04-16 15:21:59
ComboFix-quarantined-files.txt 2010-04-16 13:21

Před spuštěním: Volných bajtů: 12 043 849 728
Po spuštění: Volných bajtů: 12 028 219 392

- - End Of File - - 14E1C527EBA87D06A5F99637553828A6

#14 Příspěvek od **Caroprd111** » 16 dub 2010 14:30

Jak to vypadá s PC

Thor · #15 Příspěvek od **Thor** » 16 dub 2010 14:33

Ok. Hry se nesekají, tlačítka fungují, neseká se pc. Takže řekl bych v pořádku. Otázkou je, zda žádný škodlivý program nezůstal skryt v systému. Od toho jste tady Vy a vaše zázračné programy.

VIRY.CZ

RSIT - kontrola, podezření na rootkit

RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit

Re: RSIT - kontrola, podezření na rootkit