Prosím o kontrolu logu

Zpráva

Gustavson · #1 Příspěvek od **Gustavson** » 03 srp 2010 22:56

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gustavson at 2010-08-03 23:50:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (60%) free of 15 GB
Total RAM: 510 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:50, on 3.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\Logitech\Vid\vid.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\RSIT.exe
C:\Program Files\trend micro\Gustavson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ceskenoviny.cz/ekologie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3093406941
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5024 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2010-01-26 577536]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 109488]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2010-05-07 238936]
"PCMService"=C:\Program Files\Aspire Arcade\PCMService.exe [2004-03-25 81920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HDDHealth"=C:\Program Files\HDD Health\HDDHealth.exe [2008-06-15 1692672]
"Logitech Vid"=C:\Program Files\Logitech\Vid\Vid.exe [2010-05-11 6135128]
"Logitech Vid HD"=C:\Program Files\Logitech\Vid\vid.exe [2010-05-11 6135128]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\games\RA2\GAME.EXE"="D:\games\RA2\GAME.EXE:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\WINDOWS\SOUNDMAN.EXE"="C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec"
"C:\Program Files\Logitech\Vid\Vid.exe"="C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 2 months======

2010-08-03 23:41:23 ----D---- C:\rsit
2010-08-03 23:41:23 ----D---- C:\Program Files\trend micro
2010-08-03 23:38:37 ----A---- C:\ComboFix.txt
2010-08-03 22:33:37 ----A---- C:\Boot.bak
2010-08-03 22:33:29 ----RASHD---- C:\cmdcons
2010-08-03 22:29:47 ----A---- C:\WINDOWS\zip.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\sed.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 22:29:47 ----A---- C:\WINDOWS\grep.exe
2010-08-03 22:28:07 ----D---- C:\WINDOWS\ERDNT
2010-08-03 22:25:28 ----D---- C:\Qoobox
2010-08-03 08:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 12:28:33 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-08-02 12:28:29 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-08-02 12:27:11 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-08-02 12:27:09 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-08-02 12:26:16 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-08-02 12:17:36 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-08-02 12:17:36 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-08-02 12:17:36 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-08-02 12:16:09 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-08-02 12:15:41 ----A---- C:\WINDOWS\system32\uniime.dll
2010-08-02 12:15:14 ----A---- C:\WINDOWS\system32\c_g18030.dll
2010-08-02 12:15:09 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2010-08-02 12:15:09 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2010-08-02 12:15:09 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2010-08-02 12:15:08 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2010-08-02 12:15:08 ----A---- C:\WINDOWS\system32\kbdax2.dll
2010-08-02 12:15:08 ----A---- C:\WINDOWS\system32\kbd106n.dll
2010-08-02 12:15:08 ----A---- C:\WINDOWS\system32\kbd101.dll
2010-08-02 12:15:07 ----A---- C:\WINDOWS\system32\imjp81k.dll
2010-08-02 12:12:14 ----A---- C:\WINDOWS\system32\kbdkor.dll
2010-08-02 12:12:14 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2010-08-02 12:12:14 ----A---- C:\WINDOWS\system32\kbd103.dll
2010-08-02 12:12:14 ----A---- C:\WINDOWS\system32\kbd101c.dll
2010-08-02 12:12:13 ----A---- C:\WINDOWS\system32\kbd101b.dll
2010-08-02 12:12:12 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-08-01 23:30:50 ----D---- C:\Program Files\Common Files\Java
2010-08-01 23:29:33 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-01 23:29:33 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-01 23:29:32 ----A---- C:\WINDOWS\system32\java.exe
2010-07-20 12:39:13 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\dvdcss
2010-07-19 13:44:14 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\vlc
2010-07-19 13:43:35 ----D---- C:\Program Files\VideoLAN
2010-07-15 00:52:44 ----A---- C:\WINDOWS\IsUn0405.exe
2010-07-14 13:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-07 04:48:31 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-07-07 04:48:30 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-07-07 04:48:28 ----D---- C:\Program Files\ffdshow
2010-07-04 12:15:25 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\CyberLink
2010-07-04 12:13:51 ----D---- C:\Program Files\CyberLink
2010-07-04 12:13:35 ----D---- C:\Program Files\Aspire Arcade
2010-06-17 16:27:04 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\Logitech
2010-06-17 16:11:13 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\Leadertech
2010-06-17 16:05:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogiShrd
2010-06-17 15:50:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Logitech
2010-06-17 15:50:41 ----D---- C:\Program Files\Common Files\LWS
2010-06-17 15:50:13 ----D---- C:\Program Files\Logitech
2010-06-17 15:50:13 ----D---- C:\Program Files\Common Files\LogiShrd
2010-06-17 15:32:47 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-06-13 12:48:08 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2010-06-10 09:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 09:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 09:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 09:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 09:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 09:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-09 10:04:50 ----D---- C:\Program Files\R

======List of files/folders modified in the last 2 months======

2010-08-03 23:41:23 ----RD---- C:\Program Files
2010-08-03 23:38:40 ----D---- C:\WINDOWS\system32\drivers
2010-08-03 23:38:39 ----D---- C:\WINDOWS\Temp
2010-08-03 23:37:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-03 23:33:06 ----D---- C:\WINDOWS
2010-08-03 23:33:06 ----A---- C:\WINDOWS\system.ini
2010-08-03 23:16:45 ----D---- C:\WINDOWS\system32\config
2010-08-03 23:15:02 ----D---- C:\WINDOWS\system32
2010-08-03 23:15:02 ----D---- C:\WINDOWS\AppPatch
2010-08-03 23:14:59 ----D---- C:\Program Files\Common Files
2010-08-03 23:11:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 22:48:24 ----D---- C:\WINDOWS\repair
2010-08-03 22:33:37 ----RASH---- C:\boot.ini
2010-08-03 22:29:47 ----SHD---- C:\System Volume Information
2010-08-03 22:29:47 ----D---- C:\WINDOWS\system32\Restore
2010-08-03 22:29:30 ----D---- C:\WINDOWS\Prefetch
2010-08-03 20:45:01 ----A---- C:\WINDOWS\WINCMD.INI
2010-08-03 08:37:11 ----HD---- C:\WINDOWS\inf
2010-08-03 08:37:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 02:58:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-02 12:26:46 ----RSD---- C:\WINDOWS\Fonts
2010-08-02 12:26:30 ----D---- C:\WINDOWS\Help
2010-08-01 23:30:50 ----SHD---- C:\WINDOWS\Installer
2010-08-01 23:29:25 ----D---- C:\Program Files\Java
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 17:54:21 ----SHD---- C:\WINDOWS\CSC
2010-07-15 14:38:30 ----D---- C:\Documents and Settings\Gustavson\Data aplikací\Adobe
2010-07-15 00:54:27 ----D---- C:\Program Files\Common Files\Adobe
2010-07-15 00:54:26 ----D---- C:\Program Files\Adobe
2010-07-14 13:13:07 ----A---- C:\WINDOWS\imsins.BAK
2010-07-08 09:45:52 ----D---- C:\Program Files\Trillian
2010-07-04 12:13:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 21:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-17 16:11:12 ----SD---- C:\Documents and Settings\Gustavson\Data aplikací\Microsoft
2010-06-17 16:11:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-10 18:26:46 ----D---- C:\Program Files\Internet Explorer
2010-06-10 09:13:16 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-10 09:13:02 ----D---- C:\WINDOWS\ie7updates
2010-06-10 08:50:10 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SMBHC;Microsoft SM Bus Host Controller Driver; C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\pmngoo.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-15 745984]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-29 292352]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-29 274688]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMBBATT;Microsoft Smart Battery Driver; C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-14 16000]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-05-26 67584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-19 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2010-01-26 4017536]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVCFilterService; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2010-05-15 23904]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2010-05-15 114784]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2010-05-15 276448]
S3 LVUVC;Logitech Webcam 300(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2010-05-15 6842592]
S3 mbr;mbr; \??\C:\DOCUME~1\GUSTAV~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-15 376832]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

-----------------EOF-----------------

Gustavson · #2 Příspěvek od **Gustavson** » 04 srp 2010 00:35

teď jsem zjistil, že po provedení ComboFixu ještě před výpisem RSITu, se mi zakázal Správce_úloh - nejde spustit ani z lišty, ani přes CTRL+ALT+DEL (u obou neaktivní)

ComboFix jsem spouštěl kvůli vytíženému PC i bez práce - čtení z disku apod.

#3 Příspěvek od **motji** » 04 srp 2010 19:20

Dobrý večer

Poprosím Vás o tento log
- C:\ComboFix.txt

A přečtěte si varování v mém podpise.

Gustavson · #4 Příspěvek od **Gustavson** » 04 srp 2010 19:32

Děkuji za odpověď. Už jsem mezitím stačil tohle téma odhlásit a založit nové, tentokrát podle mě správně. Takže jsem v tom nadělal trošku bordelu. Nicméně, log je zde:

V mém druhém příspěvku je asi toto:
"
Nejprve se několikrát sám vypnul FireWall, poté jsem spustil ComboFix a počítač se začal zpomalovat, číst z disku apod.
Také se deaktivovala možnost spustit Správce úloh, nejde menu ve Wordu.
Total CMD napsal hlášku "WARNING: The TOTALCMD executable file is corrupted, possible VIRUS!..."
Soubor ComboFixu je možná také napadený.
"

ComboFix 10-08-03.01 - Gustavson 03.08.2010 23:11:47.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.250 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gustavson\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gustavson\Plocha\CFScript.txt.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-03 do 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-03 21:33 . 2010-08-03 21:33 5669 ----a-w- c:\windows\system32\drivers\pmngoo.sys
2010-08-02 10:28 . 2001-10-25 11:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-08-02 10:28 . 2001-10-25 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2010-08-02 10:28 . 2001-10-25 11:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-08-02 10:28 . 2001-10-25 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2010-08-02 10:27 . 2001-10-25 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-08-02 10:27 . 2001-10-25 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2010-08-02 10:27 . 2001-10-25 11:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-08-02 10:27 . 2001-10-25 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2010-08-02 10:26 . 2001-10-25 11:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-08-02 10:26 . 2001-10-25 11:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll
2010-08-02 10:26 . 2001-10-25 11:00 6144 ----a-w- c:\windows\system32\kbd101a.dll
2010-08-02 10:26 . 2001-10-25 11:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2010-08-02 10:26 . 2001-10-25 11:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2010-08-02 10:26 . 2001-10-25 11:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-08-02 10:20 . 2001-10-25 11:00 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2010-08-02 10:17 . 2001-10-25 11:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll
2010-08-02 10:17 . 2001-10-25 11:00 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2010-08-02 10:17 . 2001-10-25 11:00 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2010-08-02 10:17 . 2001-10-25 11:00 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll
2010-08-02 10:17 . 2001-10-25 11:00 9216 ----a-w- c:\windows\system32\kbdnecAT.dll
2010-08-02 10:17 . 2001-10-25 11:00 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll
2010-08-02 10:17 . 2001-10-25 11:00 7680 ----a-w- c:\windows\system32\kbdnecNT.dll
2010-08-02 10:17 . 2001-10-25 11:00 7168 -c--a-w- c:\windows\system32\dllcache\kbdnec95.dll
2010-08-02 10:17 . 2001-10-25 11:00 7168 ----a-w- c:\windows\system32\kbdnec95.dll
2010-08-02 10:17 . 2001-10-25 11:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-08-02 10:17 . 2001-10-25 11:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2010-08-02 10:17 . 2001-10-25 11:00 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2010-08-02 10:16 . 2001-10-25 11:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2010-08-02 10:16 . 2001-10-25 11:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-08-02 10:16 . 2001-10-25 11:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-08-02 10:16 . 2001-10-25 11:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-08-02 10:14 . 2008-04-14 06:46 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-08-02 10:14 . 2008-04-13 20:13 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe
2010-08-02 10:14 . 2008-04-13 20:13 155705 -c--a-w- c:\windows\system32\dllcache\imjpdsvr.exe
2010-08-02 10:14 . 2008-04-14 06:47 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll
2010-08-02 10:14 . 2008-04-13 20:14 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe
2010-08-02 10:14 . 2008-04-13 20:13 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe
2010-08-02 10:14 . 2008-04-14 06:47 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
2010-08-02 10:14 . 2008-04-14 06:47 716856 -c--a-w- c:\windows\system32\dllcache\imjpcus.dll
2010-08-02 10:14 . 2008-04-13 20:14 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe
2010-08-02 10:14 . 2008-04-13 20:13 307257 -c--a-w- c:\windows\system32\dllcache\imjpdct.exe
2010-08-02 10:14 . 2008-04-14 06:47 368696 -c--a-w- c:\windows\system32\dllcache\imjpcic.dll
2010-08-02 10:14 . 2008-04-13 20:13 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2010-08-02 10:12 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-08-02 10:12 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-08-02 10:12 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-02 10:12 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-08-02 10:12 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-08-02 10:12 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-08-02 10:12 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-08-02 10:12 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-08-02 10:12 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-08-02 10:12 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-08-02 10:12 . 2008-04-14 06:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-08-02 10:12 . 2008-04-14 06:48 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-08-01 21:30 . 2010-08-01 21:30 -------- d-----w- c:\program files\Common Files\Java
2010-07-19 11:43 . 2010-07-19 11:43 -------- d-----w- c:\program files\VideoLAN
2010-07-14 22:52 . 1998-11-13 10:58 307200 ----a-w- c:\windows\IsUn0405.exe
2010-07-07 02:48 . 2010-05-12 14:09 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-07 02:48 . 2010-07-07 02:48 -------- d-----w- c:\program files\ffdshow

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 21:29 . 2010-05-05 22:35 -------- d-----w- c:\program files\Java
2010-07-30 09:55 . 2010-06-17 13:52 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-30 09:55 . 2010-06-17 13:52 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-25 17:45 . 2010-05-13 08:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-17 03:00 . 2010-05-05 22:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 22:54 . 2010-05-05 22:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 07:45 . 2010-05-06 01:35 -------- d-----w- c:\program files\Trillian
2010-07-04 10:13 . 2010-07-04 10:13 -------- d-----w- c:\program files\Aspire Arcade
2010-07-04 10:13 . 2010-07-04 10:13 -------- d-----w- c:\program files\CyberLink
2010-07-04 10:13 . 2010-05-05 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 14:12 . 2010-06-17 13:50 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-06-17 14:12 . 2010-06-17 13:50 -------- d-----w- c:\program files\Logitech
2010-06-17 13:50 . 2010-06-17 13:50 -------- d-----w- c:\program files\Common Files\LWS
2010-06-15 06:53 . 2010-06-09 08:04 -------- d-----w- c:\program files\R
2010-06-14 14:31 . 2010-05-05 20:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-19 12:00 . 2010-05-19 11:51 79737 ----a-w- c:\windows\hpfins05.dat
2010-05-16 16:32 . 2010-05-16 16:33 737280 ----a-w- c:\windows\iun6002.exe
2010-05-14 22:04 . 2010-05-14 22:04 23904 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-05-14 22:04 . 2010-05-14 22:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-14 22:03 . 2010-05-14 22:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-14 22:03 . 2010-05-14 22:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-14 22:02 . 2010-05-14 22:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-14 22:02 . 2010-05-14 22:02 114784 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-05-14 21:59 . 2010-05-14 21:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-14 21:59 . 2010-05-14 21:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-14 21:56 . 2010-05-14 21:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-14 21:56 . 2010-05-14 21:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-14 21:55 . 2010-05-14 21:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-14 21:46 . 2010-05-14 21:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-05 22:13 . 2010-05-05 20:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-05 22:13 . 2010-05-05 20:04 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-05-05 22:12 . 2010-05-05 20:04 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-05 21:56 . 2001-10-25 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-05-05 21:56 . 2001-10-25 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
.

------- Sigcheck -------

[-] 2010-01-26 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-03_20.43.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-03 21:33 . 2010-08-03 21:33 16384 c:\windows\Temp\Perflib_Perfdata_948.dat
+ 2010-08-03 21:32 . 2010-08-03 21:32 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6135128]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6135128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2010-01-26 577536]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 109488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 238936]
"PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-15 187392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\RA2\\GAME.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [6.5.2010 0:55 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [6.5.2010 0:55 5248]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [5.5.2010 21:01 6784]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\pmngoo.sys --> c:\windows\system32\drivers\pmngoo.sys [?]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [5.5.2010 21:01 16000]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ABP470N5
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ceskenoviny.cz/ekologie/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 23:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x820104F0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf859bf28
\Driver\ACPI -> ACPI.sys @ 0xf84cbcb8
\Driver\atapi -> 0x820104f0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8333bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8340a21
SendHandler -> NDIS.sys @ 0xf831e87b
Warning: possible MBR rootkit infection !

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-08-03 23:38:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-03 21:38
ComboFix2.txt 2010-08-03 20:48

Před spuštěním: 9 425 784 832
Po spuštění: 9 342 885 888

- - End Of File - - B670FBB6757A448160C7FF401F4FEE02

#5 Příspěvek od **motji** » 04 srp 2010 20:20

Dobře, pokračujte zde
http://www.viry.cz/forum/viewtopic.php?f=13&t=103380

Gustavson · #6 Příspěvek od **Gustavson** » 04 srp 2010 21:26

Dobře, děkuji. Již jsem tam v pokročilém stádiu.

#7 Příspěvek od **motji** » 04 srp 2010 21:53

NO hlavně aby jste na to ještě viděl

Gustavson · #8 Příspěvek od **Gustavson** » 04 srp 2010 21:59

No právě, asi jsem se přepil, nebo co, protože mi chodí příspěvky, i já sám nějaké píšu, ale nevidím je. Délka vlákna by neměla být omezená, nebo ano? Může to být chyba v systému způsobená třeba virem?
Když kliknu na druhou stránku, vlákno se neukončí lištou s tlačítkem odpověď, ale jen zprávou, za kterou by ale měly být ještě další dvě.
Nevíte, co s tím?

#9 Příspěvek od **motji** » 04 srp 2010 22:00

Ted Vám ale moc nerozumím

Délka vlákna omezená není, délka příspěvku je omezená 60000 znaky.

Gustavson · #10 Příspěvek od **Gustavson** » 04 srp 2010 22:06

No, jak řeším to druhé vlákno s riffmanem, tak on mi poslal příspěvek, ale už ho nevidím - stránka se pořád načítá a není "Hotovo". Ani své další příspěvky už v tom vláknu nevidím -prostě to jedním příspěvkem končí a není tam ani ta spodní lišta s nabídkou na odpověď atd. Tohle vlákno je ale v pořádku... taky je o dost kratší.

#11 Příspěvek od **motji** » 04 srp 2010 22:14

Tím by to být ale nemělo.
Zkuste restartovat prohlížeč.

Gustavson · #12 Příspěvek od **Gustavson** » 04 srp 2010 22:52

Ten Virus blokuje jak příspěvky z tohoto vlákna (všechny s adresou virus_total), tak i tu vlastní adresu. Nejde spustit ani přes proxynu, tak zkusím přes FF Portable, ale moc šancí nevidím. Tohle bude pěkný hajzlík.

Ověřeno s jiným PC. Restart tohoto nepomohl.

#13 Příspěvek od **motji** » 05 srp 2010 08:20

Je ale dost zlváštní, pokud Vám jde odpovídat do tohoto vlákna atam toho ne.
Když tak se domluvte s kolegou Riffmanem, že budete pokračovat zde.

Gustavson · #14 Příspěvek od **Gustavson** » 05 srp 2010 20:07

Mně šlo odpovídat i do tamtoho vlákna, ale nezobrazovaly se mi komentáře od toho s odkazem na Virustotal dále. A ani ty mé, které jsem napsal. Ale teď už je to v pořádku, takže mohu pokračovat tam. Každopádně velice děkuji za pomoc!

#15 Příspěvek od **motji** » 05 srp 2010 22:35

Není zač

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu