Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

rundll32.exe vytazuje CPU

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#76 Příspěvek od miraslam »

postupovala som podla navodu:

po nejakom case sa objavila modra obrazovka...

spravu o chybach posielam v prilohe.
Přílohy
chyba1.gif
chyba1.gif (4.05 KiB) Zobrazeno 1382 x
chyba.gif
chyba.gif (10.45 KiB) Zobrazeno 1382 x
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#77 Příspěvek od miraslam »

este foto obrazovky, kt nabehla
Přílohy
P1020128.JPG
P1020128.JPG (303.12 KiB) Zobrazeno 1379 x
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#78 Příspěvek od stell »

ok,nevadi,,restart do nudzoveho rezimu a sprav CFScript ,tam ok,moze to byt len nahodne BSOD,
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#79 Příspěvek od miraslam »

paci sa:

ComboFix 10-07-12.06 - Miroslava - Slamená 14.07.2010 20:06:04.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.697 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslava - Slamená\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miroslava - Slamená\Plocha\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
--------------- FCopy ---------------

c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 17:30 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-14 17:30 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-14 09:46 . 2008-04-13 18:40 96512 ------w- C:\atapi.sys
2010-07-10 21:11 . 2010-07-10 21:11 -------- d-sh--w- c:\documents and settings\Administrator.N-1A4A6D4869384\IETldCache
2010-07-08 21:16 . 2010-07-08 21:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-23 06:24 . 2010-06-23 06:24 -------- d-----w- c:\program files\Bonjour
2010-06-15 11:20 . 2010-06-15 11:20 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 19:08 . 2008-01-30 12:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-08 21:18 . 2007-08-07 17:25 -------- d-----w- c:\program files\DivX
2010-07-07 12:13 . 2010-06-07 18:06 -------- d-----w- c:\program files\trend micro
2010-06-23 09:48 . 2006-09-16 00:43 83320 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 09:48 . 2006-09-16 00:43 439206 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 09:04 . 2010-04-26 09:13 3532 ----a-w- C:\drmHeader.bin
2010-06-09 23:01 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 23:01 . 2008-02-20 16:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-05-28 20:29 . 2010-05-28 19:57 -------- d-----w- c:\program files\Olympus
2010-05-28 20:29 . 2006-09-15 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-03 09:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:35 . 2006-09-16 00:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-09-16 00:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 21:37 . 2010-04-24 21:37 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-24 21:37 . 2010-04-24 21:37 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-24 21:37 . 2010-04-24 21:37 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-20 05:32 . 2006-09-16 00:43 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47 . 2009-03-24 20:32 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2008-01-30 12:33 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 12:22 . 2007-03-18 13:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2010-07-14 17:30
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


--- c:\windows\system32\drivers\iaStor.sys ---
Company: Intel Corporation
File Description: Intel Matrix Storage Manager driver
File Version: 5.5.0.1035
Product Name: Intel Matrix Storage Manager driver
Copyright: Copyright(C) Intel Corporation 1994-2005
Original Filename: iaStor.sys
File size: 874240
Created time: 2006-09-16 00:44
Modified time: 2005-10-12 11:07
MD5: 309C4D86D989FB1FCF64BD30DC81C51B
SHA1: 38B6E9D3377719098B415BD1E34080C06A24D96E


(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\avenger\atapi.sys [x]
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP2\A0003845.sys

c:\combofix\atapi.sys [x]
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP1\A0000214.sys
[-] 1F0A0D2D75AC8CF2D823DDC358AF61FD 96512 \RP7\A0007362.sys

[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 c:\windows\system32\dllcache\atapi.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP1\A0000365.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP7\A0007485.sys

[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 c:\windows\system32\drivers\atapi.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP1\A0000150.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP7\A0007454.sys
.
------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-15 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"fscp"="c:\program files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 995328]
"FuncKey"="c:\program files\Hotkey Management\FuncKey.exe" [2006-09-05 139264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-5-28 118784]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-12-25 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-12-25 22:24 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [14.1.2007 17:11 156800]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [13.9.2007 11:31 9728]
R2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\fspadsvr.exe [16.9.2006 2:45 520704]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.7.2009 19:14 222968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [16.9.2006 2:45 22912]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [16.9.2006 2:45 217600]
S2 gupdate1c9860c8a847b7c;Google Update Service (gupdate1c9860c8a847b7c);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 16:34 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [14.12.2009 17:47 16512]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.12.2006 23:37 30192]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [13.9.2007 11:31 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [13.9.2007 11:31 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [13.9.2007 11:31 95440]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [26.10.2008 12:04 27904]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [14.1.2007 17:11 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 11:04]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]

2010-07-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 20:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86AF39E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7337cb8
\Driver\atapi -> 0x86af39e8
\Driver\iaStor -> iaStor.sys @ 0xf7225b58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1928)
c:\windows\system32\odyEvent.dll

- - - - - - - > 'explorer.exe'(2008)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-07-14 20:21:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-14 18:21
ComboFix2.txt 2010-07-13 18:11
ComboFix3.txt 2010-07-11 12:04
ComboFix4.txt 2010-07-11 10:08
ComboFix5.txt 2010-07-14 17:26

Před spuštěním: Volných bajtů: 34 335 932 416
Po spuštění: Volných bajtů: 34 459 279 360

- - End Of File - - 956E28918A56D30F25DFF3D47C4037D4
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#80 Příspěvek od stell »

:arrow: este raz v nudzovom rezime:
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\atapi.sys | c:\windows\system32\drivers\atapi.sys
C:\atapi.sys | \RP7\A0007362.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=-
"Windows Defender"=-
File::
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Device Detector 3.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO -viewer-.lnk
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

:arrow: Stiahnite si prosím Rootkit Unhooker uložiť na plochu.
http://www.rootkit.com/vault/DiabloNova ... okerLE.EXE
* Teraz dvoj kliknite na RKUnhookerLE.exe.
* Kliknite na kartu správa, kliknite na tlačidlo Skenovať.
* Skontrolujte, či je(zafajknute) Drivers,Stealth.Ostatne Zrusit [vybrat fajku]. kliknite na tlačidlo OK.
* Počkajte, až skener má hotové a potom kliknite na tlačidlo Súbor, Uložiť Report.
* Save the report niekam, kde ju nájdete. Kliknite na tlačidlo Zavrieť.

Skopírujte celý obsah správy a vložiť ho tu.
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#81 Příspěvek od miraslam »

log combo

ComboFix 10-07-12.06 - Miroslava - Slamená 14.07.2010 20:57:58.13.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.683 [GMT 2:00]
Spuštěný z: c:\documents and settings\Miroslava - Slamená\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Miroslava - Slamená\Plocha\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Device Detector 3.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO -viewer-.lnk"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Device Detector 3.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO -viewer-.lnk

.
--------------- FCopy ---------------

c:\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-14 do 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 15:30 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2010-07-14 15:30 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-14 09:46 . 2008-04-13 18:40 96512 ------w- C:\atapi.sys
2010-07-10 21:11 . 2010-07-10 21:11 -------- d-sh--w- c:\documents and settings\Administrator.N-1A4A6D4869384\IETldCache
2010-07-08 21:16 . 2010-07-08 21:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-23 06:24 . 2010-06-23 06:24 -------- d-----w- c:\program files\Bonjour
2010-06-15 11:20 . 2010-06-15 11:20 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 19:08 . 2008-01-30 12:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-08 21:18 . 2007-08-07 17:25 -------- d-----w- c:\program files\DivX
2010-07-07 12:13 . 2010-06-07 18:06 -------- d-----w- c:\program files\trend micro
2010-06-23 09:48 . 2006-09-16 00:43 83320 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 09:48 . 2006-09-16 00:43 439206 ----a-w- c:\windows\system32\perfh005.dat
2010-06-20 09:04 . 2010-04-26 09:13 3532 ----a-w- C:\drmHeader.bin
2010-06-09 23:01 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 23:01 . 2008-02-20 16:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2008-02-20 16:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-05-28 20:29 . 2010-05-28 19:57 -------- d-----w- c:\program files\Olympus
2010-05-28 20:29 . 2006-09-15 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 12:14 . 2009-10-03 09:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:35 . 2006-09-16 00:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-09-16 00:43 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-24 21:37 . 2010-04-24 21:37 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-24 21:37 . 2010-04-24 21:37 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-24 21:37 . 2010-04-24 21:37 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-20 05:32 . 2006-09-16 00:43 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47 . 2009-03-24 20:32 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2008-01-30 12:33 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-07-07 12:22 . 2007-03-18 13:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-15 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"fscp"="c:\program files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-08-31 995328]
"FuncKey"="c:\program files\Hotkey Management\FuncKey.exe" [2006-09-05 139264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-12-25 22:24 106496 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [14.1.2007 17:11 156800]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [13.9.2007 11:31 9728]
R2 FspadSvc;FspadSvc;c:\program files\AVC Finger-sensing Pad Driver\fspadsvr.exe [16.9.2006 2:45 520704]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.7.2009 19:14 222968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [16.9.2006 2:45 22912]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [16.9.2006 2:45 217600]
S2 gupdate1c9860c8a847b7c;Google Update Service (gupdate1c9860c8a847b7c);c:\program files\Google\Update\GoogleUpdate.exe [3.2.2009 16:34 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [14.12.2009 17:47 16512]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.12.2006 23:37 30192]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [13.9.2007 11:31 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [13.9.2007 11:31 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [13.9.2007 11:31 95440]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [26.10.2008 12:04 27904]
S4 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [14.1.2007 17:11 5248]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34]

2010-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-26 11:04]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:34]

2010-07-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Miroslava - Slamená\Data aplikací\Mozilla\Firefox\Profiles\jp5kr9xn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 21:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B9B8E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7337cb8
\Driver\atapi -> 0x86b9b8e0
\Driver\iaStor -> iaStor.sys @ 0xf7225b58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1952)
c:\windows\system32\odyEvent.dll

- - - - - - - > 'explorer.exe'(1088)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-07-14 21:13:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-14 19:13
ComboFix2.txt 2010-07-14 18:21
ComboFix3.txt 2010-07-13 18:11
ComboFix4.txt 2010-07-11 12:04
ComboFix5.txt 2010-07-14 18:51

Před spuštěním: Volných bajtů: 34 462 052 352
Po spuštění: Volných bajtů: 34 451 562 496

- - End Of File - - 042C9468340E61B3C071C3EBB9510907


report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF323B000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4513792 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3989504 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 86.17 )
0xF661C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3690496 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 86.17 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF30F2000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7213000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF303F000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF70E4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2E58000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF643E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF2F63000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9804000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF654E000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9056000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6517000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF2D82000 C:\WINDOWS\system32\DRIVERS\sis163u.sys 221184 bytes (Silicon Integrated Systems Corp., SiS163 USB Wireless LAN Adapter Driver)
0xF31E3000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF7331000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB99C3000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF70B7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB84E3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF649C000 C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 176128 bytes (Funk Software, Inc., Odyssey Network Driver (EAPOL Only))
0xF2EC8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6599000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2F15000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF735F000 d346bus.sys 159744 bytes ( , PnP BIOS Extension)
0xF2F3D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF3217000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF65E4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF65C1000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2EF3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF719A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7301000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF709D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72E9000 98304 bytes
0xF2D42000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF71D1000 C:\WINDOWS\system32\drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7171000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6500000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF71FC000 nvatabus.sys 94208 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) IDE Performance Driver)
0xF71BA000 viamraid.sys 94208 bytes (VIA Technologies inc,.ltd, VIA AHCI RAID DRIVER FOR WIN 2000/XP)
0xB9407000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6608000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2FBC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF71E9000 nvraid.sys 77824 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7188000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7320000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF64C7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7657000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF7567000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7677000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7497000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF69D1000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7507000 Combo-Fix.sys 61440 bytes
0xF6A01000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7687000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB9484000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6A21000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF74A7000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF74D7000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF69A1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7667000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7697000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6A31000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF74F7000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7517000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74E7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7527000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF69C1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9784000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF6A11000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF69E1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77E7000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF7757000 C:\ComboFix\catchme.sys 32768 bytes
0xF775F000 C:\WINDOWS\system32\DRIVERS\ethpdrv.sys 32768 bytes (Gemfor s.r.o., Ethernet Packet Driver)
0xF782F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF785F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7717000 SiSRaid2.sys 32768 bytes (Silicon Integrated Systems Corp, SiS RAID Miniport Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF786F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7867000 C:\WINDOWS\system32\WinIo.sys 28672 bytes (http://www.internals.com, WinIo)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\fspad.sys 24576 bytes (Asia Vital Components Co.,Ltd., AVC Finger-sensing Pad Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7797000 C:\DOCUME~1\MIROSL~1\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF7807000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF784F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7857000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7817000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF781F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF780F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF787F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF796B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB999F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xF797B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA4EC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7967000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF3037000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF64E0000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF64DC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF795F000 C:\WINDOWS\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0xF64F8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79A9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79BF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A0B000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF79AD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A3000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A7F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AC7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7AEA000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x86A1E250 unknown_irp_handler 3504 bytes
0x86A505E0 unknown_irp_handler 2592 bytes
0x86A83668 unknown_irp_handler 2456 bytes
0x86096848 unknown_irp_handler 1976 bytes
0x86B9B8E0 unknown_irp_handler 1824 bytes
0x867C78E0 unknown_irp_handler 1824 bytes
0x86B5FA58 unknown_irp_handler 1448 bytes
0x86A70BD0 unknown_irp_handler 1072 bytes
0x86C38C80 unknown_irp_handler 896 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\atapi.sys]
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#82 Příspěvek od stell »

no nevyzera to dobre,,nieco infikuje atapi a ihned uzamkne,,vyzera to na komplet format,,odstranit aj particie a nova instalacia ,ak na nieco nepridem, :)
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#83 Příspěvek od miraslam »

ok, tak dufam, ze to nejak pojde...ufff...
inac neviem, ci toto ti nieco hovori...ale asi urcite.
pre istotu posielam
http://www.lupa.cz/zpravicky/za-problem ... e-rootkit/
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#84 Příspěvek od stell »

:) Ano poznam tuto infekciu:
mas system look na ploche ak,ano vloz script:

Kód: Vybrat vše

:filefind
Combo-Fix.sys
:regfind
Combo-Fix.sys
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#85 Příspěvek od miraslam »

hm a co je system look? asi to nemam :(
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#86 Příspěvek od stell »

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#87 Příspěvek od miraslam »

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:02 on 14/07/2010 by Miroslava - Slamená (Administrator - Elevation successful)

========== filefind ==========

Searching for "Combo-Fix.sys"
No files found.

========== regfind ==========

Searching for "Combo-Fix.sys"
No data found.

-=End Of File=-
Nahoru
Uživatelský avatar
stell
VIP in memoriam
VIP in memoriam
Příspěvky: 5175
Registrován: 09 pro 2007 09:27
Bydliště: SK-REVUCA
Kontaktovat uživatele:
Kontaktovat uživatele stell

Re: rundll32.exe vytazuje CPU

#88 Příspěvek od stell »

:arrow: Teraz sprav toto:
http://www.viry.cz/forum/viewtopic.php?f=29&t=101984
:arrow: ak sa ti chce tak mozes este dnes aj G-mer,,ale staci zajtra,dnes uz staci :)
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
Dôležité informácie.
NEŠLAPE Vám počítač?
Je zavirovaný? Šlape pomalu? Nefunguje program? Problém s instalací?
Využíjte služby vzdálené pomoci!
Obrázek
e-mail: stell(zavináč)forum.viry.cz
Thanks! Vďaka!
Obrázek
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#89 Příspěvek od miraslam »

jj, k tomu prvemu odkazu

ide mi stiahnut iba prvy subor, druhy a treti nejde...napise mi len text...:(
Nahoru
miraslam
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 25 dub 2010 13:11

Re: rundll32.exe vytazuje CPU

#90 Příspěvek od miraslam »

a este nieco...scan GMERom sa mi nikdy nepodaril...
len upozornujem ...:)
bud prestal fungovat program or pc zamrzol alebo sa program otvoril ale nebola tak ikona save


a chcem sa spytat, mam istalovat nejaky antivir program, ci to nechat tak?

dikes
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“