Re: Prosím o kontrolu logu
Napsal: 28 říj 2012 11:40
ComboFix 12-10-26.05 - 007 28.10.2012 11:27:33.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1253 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\007\Plocha\Download\ComboFix.exe
/wow section - STAGE 3
/wow section - STAGE 4
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
/wow section - STAGE 48
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\007\LOCALS~1\Temp\nsa39.tmp\newadvsplash.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nsa39.tmp\System.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nst3.tmp\newadvsplash.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nst3.tmp\registry.dll
C:\Documents and Settings\007\Local Settings\Temp\nsa39.tmp\newadvsplash.dll
C:\Documents and Settings\007\Local Settings\Temp\nsa39.tmp\System.dll
C:\Documents and Settings\007\Local Settings\Temp\nst3.tmp\newadvsplash.dll
C:\Documents and Settings\007\Local Settings\Temp\nst3.tmp\registry.dll
C:\Documents and Settings\007\WINDOWS
C:\WINDOWS\msmqinst.log
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UNWISE.EXE
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-28 do 2012-10-28 )))))))))))))))))))))))))))))))
2012-10-28 09:29:23 . 2012-10-28 09:29:29 -------- d-----w- C:\rsit
2012-10-28 09:29:23 . 2012-10-28 09:29:27 -------- d-----w- C:\Program Files\trend micro
2012-10-28 09:11:35 . 2012-10-28 09:11:35 -------- d-----w- C:\_OTL
2012-10-27 08:57:08 . 2009-10-27 17:31:12 3982240 ----a-w- C:\WINDOWS\system32\Flash10d.ocx
2012-10-27 08:57:07 . 2012-10-27 08:57:08 -------- d-----w- C:\Program Files\StreamTransport
2012-10-26 18:30:04 . 2012-10-26 18:30:04 -------- d-----w- C:\Program Files\Common Files\Java
2012-10-26 18:29:58 . 2012-10-26 18:29:43 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-10-26 18:29:52 . 2012-10-26 18:29:44 93672 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-26 18:29:40 . 2012-10-26 18:29:40 -------- d-----w- C:\Program Files\Java
2012-10-22 19:29:20 . 2012-10-22 19:31:19 -------- d-----w- C:\Program Files\Euro Truck Simulator 2
2012-10-22 18:11:02 . 2012-10-22 18:11:02 -------- d-----w- C:\Documents and Settings\007\Local Settings\Data aplikací\Identities
2012-10-21 12:42:10 . 2012-10-21 14:33:52 -------- d-----w- C:\Documents and Settings\007\Data aplikací\PhotoFiltre 7
2012-10-21 12:42:06 . 2012-10-21 12:42:08 -------- d-----w- C:\Program Files\PhotoFiltre 7
2012-10-19 20:24:10 . 2012-10-21 11:28:01 -------- d-----w- C:\Documents and Settings\007\Local Settings\Data aplikací\WMTools Downloaded Files
2012-10-15 17:13:20 . 2012-10-15 17:13:20 -------- d-----w- C:\VW
2012-10-15 17:12:10 . 2012-10-15 17:53:27 -------- d-----w- C:\ElsaWin
2012-10-15 17:12:10 . 2012-10-15 17:12:10 -------- d-----w- C:\Program Files\Diagnose-BK
2012-10-15 17:10:13 . 2012-10-21 07:11:44 -------- d-----w- C:\Program Files\Common Files\Adobe
2012-10-15 17:09:34 . 2012-10-15 17:09:34 -------- d-----w- C:\WINDOWS\Cache
2012-10-14 05:53:44 . 2012-10-14 05:57:12 -------- d-----w- C:\Program Files\ChrisTV Online FREE Edition
2012-10-14 05:49:47 . 2012-10-14 05:49:47 -------- d-----w- C:\Program Files\Motordiag Komfort Manager Lite 1.20
2012-10-07 10:50:39 . 2012-10-11 14:37:33 -------- d-----w- C:\Program Files\Carsoft
2012-10-04 20:05:58 . 2012-08-14 12:43:10 851176 ----a-w- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2012-10-04 20:02:50 . 2012-10-04 20:02:50 -------- d-----w- C:\Program Files\Sony
2012-10-04 20:02:50 . 2012-10-04 20:02:50 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-10-01 20:58:09 . 2012-10-01 20:58:09 -------- d-----w- C:\databases
2012-10-01 20:53:49 . 2006-09-21 23:33:15 69632 ----a-w- C:\WINDOWS\system32\Crypserv.exe
2012-10-01 20:53:49 . 2006-01-10 02:47:27 31846 ----a-w- C:\WINDOWS\system32\Ckldrv.sys
2012-10-01 20:53:49 . 1999-06-18 21:49:32 165888 ----a-w- C:\WINDOWS\Ckconfig.exe
2012-10-01 20:53:49 . 1996-05-03 17:21:20 27648 ----a-r- C:\WINDOWS\Setup_ck.exe
2012-10-01 20:53:49 . 1996-05-03 15:36:50 18432 ----a-w- C:\WINDOWS\Setup_ck.dll
2012-10-01 20:53:49 . 1995-07-04 18:33:04 11776 ----a-w- C:\WINDOWS\Ckrfresh.exe
2012-10-01 20:53:48 . 2012-10-01 20:53:48 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\WorkshopData
2012-10-01 20:49:29 . 2012-10-01 21:03:07 -------- d-----w- C:\Program Files\eTECH
2012-10-01 20:49:29 . 2012-10-01 20:49:29 -------- d--h--w- C:\Program Files\Zero G Registry
2012-10-01 20:49:00 . 2012-10-01 20:49:00 -------- d--h--w- C:\Documents and Settings\007\InstallAnywhere
2012-10-01 19:16:33 . 2012-10-14 08:37:29 -------- d---a-w- C:\ADCDA2
2012-09-30 11:28:52 . 2011-12-07 17:32:24 216064 ----a-w- C:\WINDOWS\system32\lagarith.dll
2012-09-30 11:28:52 . 2011-06-24 14:44:30 243200 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2012-09-30 11:28:52 . 2011-06-24 14:28:22 650752 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2012-09-30 11:28:51 . 2011-12-21 17:14:02 151552 ----a-w- C:\WINDOWS\system32\ac3acm.acm
2012-09-30 11:28:49 . 2012-07-20 18:00:00 112640 ----a-w- C:\WINDOWS\system32\ff_vfw.dll
2012-09-30 11:28:46 . 2012-09-30 11:31:03 -------- d-----w- C:\Program Files\K-Lite Codec Pack
2012-09-30 09:29:50 . 2012-09-30 09:50:07 -------- d-----w- C:\Documents and Settings\007\Data aplikací\Broad Intelligence
2012-09-30 09:29:48 . 2012-09-30 09:50:08 -------- d-----w- C:\Program Files\MediaCoder
2012-09-30 06:21:56 . 2012-09-30 06:21:56 -------- d-----w- C:\Documents and Settings\007\Data aplikací\DivX
2012-09-30 05:36:11 . 2012-09-30 05:36:11 -------- d-----w- C:\Program Files\CodeStuff
2012-09-29 22:12:09 . 2012-09-30 08:27:53 -------- d-----w- C:\Program Files\Common Files\DivX Shared
2012-09-29 22:11:40 . 2012-09-30 08:27:54 -------- d-----w- C:\Program Files\DivX
2012-09-29 22:09:44 . 2012-09-30 08:28:38 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\DivX
2012-09-29 20:48:29 . 2012-09-29 20:48:29 -------- d-----w- C:\Program Files\Common Files\NacreWare
2012-09-29 20:48:28 . 2012-09-29 20:48:28 -------- d-----w- C:\Program Files\AMC2000
2012-09-29 20:42:23 . 2012-09-29 21:50:51 -------- d-----w- C:\Program Files\Virtual VCR
2012-09-29 20:23:48 . 2012-06-09 17:21:56 178688 ----a-w- C:\WINDOWS\system32\unrar.dll
2012-09-29 20:01:35 . 2012-09-29 20:01:38 -------- d-----w- C:\Program Files\AviSynth 2.5
2012-09-29 18:37:54 . 2012-09-30 19:25:05 -------- d-----w- C:\capture
2012-09-29 18:29:50 . 2003-10-10 10:06:40 4134 ----a-w- C:\WINDOWS\system32\drivers\FlyPCI.sys
2012-09-29 18:29:40 . 2012-09-29 18:29:40 -------- d-----w- C:\Program Files\FLY2000TV
2012-09-29 18:07:25 . 2012-09-29 18:21:41 -------- d-----w- C:\Program Files\TVR
2012-09-29 18:01:53 . 2008-04-14 06:52:58 91648 ----a-w- C:\WINDOWS\system32\kswdmcap.ax
2012-09-29 18:01:53 . 2008-04-14 06:52:58 61952 ----a-w- C:\WINDOWS\system32\kstvtune.ax
2012-09-29 18:01:53 . 2008-04-14 06:52:58 28672 ----a-w- C:\WINDOWS\system32\vidcap.ax
2012-09-29 18:01:53 . 2003-10-20 06:30:42 135168 ----a-w- C:\WINDOWS\system32\34api.dll
2012-09-29 18:01:53 . 2003-10-20 06:30:42 114688 ----a-w- C:\WINDOWS\system32\34com.dll
2012-09-29 18:01:53 . 2003-04-08 09:11:00 110592 ----a-w- C:\WINDOWS\system32\prop7134.dll
2012-09-29 18:01:52 . 2008-04-14 06:52:06 54272 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2012-09-29 18:01:52 . 2008-04-14 06:52:06 54272 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll
2012-09-29 18:01:49 . 2008-04-14 06:52:58 43008 ----a-w- C:\WINDOWS\system32\ksxbar.ax
2012-09-29 18:01:18 . 2004-11-05 02:17:52 334816 ----a-w- C:\WINDOWS\system32\drivers\Cap7134.sys
2012-09-29 18:01:18 . 2004-10-01 08:07:00 552960 ----a-w- C:\WINDOWS\system32\UNINSTAL.EXE
2012-09-29 18:01:18 . 2003-03-20 18:26:00 126976 ----a-w- C:\WINDOWS\system32\HMPV2_ENC_MMX.DLL
2012-09-28 16:10:14 . 2012-10-12 11:22:08 -------- d-----w- C:\Program Files\PokerStars
2012-09-28 15:06:10 . 2008-11-23 09:23:06 97792 ----a-w- C:\WINDOWS\system32\drivers\NSHE.SYS
2012-09-28 15:04:49 . 2006-11-22 08:01:48 693760 ----a-w- C:\WINDOWS\system32\drivers\hardlock.sys
2012-09-28 15:04:45 . 2012-09-28 15:04:45 191488 ----a-w- C:\WINDOWS\system32\hlvdd.dll
2012-09-28 15:04:36 . 2006-12-20 08:00:20 671112 ----a-w- C:\WINDOWS\system32\hdinst_windows.dll
2012-09-28 15:04:36 . 2006-12-20 08:00:16 2511360 ----a-w- C:\WINDOWS\system32\haspds_windows.dll
2012-09-28 15:04:36 . 2006-11-30 09:06:00 69632 ----a-w- C:\WINDOWS\system32\hasp_inst_help1.dll
2012-09-28 15:04:36 . 2005-09-06 15:06:20 28672 ----a-w- C:\WINDOWS\system32\hlduinst.exe
2012-09-28 15:04:35 . 2006-12-20 09:55:08 3066968 ----a-w- C:\WINDOWS\system32\hinstd.dll
2012-09-28 14:46:04 . 2012-09-28 14:46:36 -------- d-----w- C:\ETKA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-10-26 18:29:43 . 2012-08-02 20:20:59 746984 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-09-01 05:39:37 . 2012-08-28 05:25:13 73416 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-09-01 05:39:37 . 2012-08-28 05:25:13 696520 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-27 15:47:40 . 2012-08-27 15:47:40 223788 ----a-w- C:\Documents and Settings\All Users\Data aplikací\1346082440.bdinstall.bin
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-08-08 15:44:13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 15:42:46 53341]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:31:34 1289000]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 11:12:34 98304]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2010-10-29 02:14:44 618496]
"3200 Scan2PC"="C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 22:46:02 1989120]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "C:\WINDOWS\system32\Wshxt.dll" [2012-07-14 08:52:56 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44:58 1084840 ----a-w- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Audio Engine Licensing Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\ProgramFILE\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"E:\\GREYLINK\\greylink.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Rockstar Games\\Max Payne 3\\MaxPayne3.exe"=
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"C:\\ElsaWin\\bin\\ElsaWin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"135:TCP"= 135:TCP:ElsaWinRPC
R0 mv61xx;mv61xx;C:\WINDOWS\system32\drivers\mv61xx.sys [8.8.2008 17:06:27 143360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [29.7.2012 14:46:23 242240]
R1 Winhpfile;Winhpfile;C:\vlrqvdfn\HPFile.sys [14.7.2012 9:52:56 16601]
R2 LcSvrAdm;ELSA Administration Service;C:\ElsaWin\bin\LcSvrAdm.exe [6.12.2011 16:10:44 240640]
R2 LcSvrDba;ELSA DBA Server;C:\ElsaWin\bin\LcSvrDba.exe [6.12.2011 16:03:38 392704]
R2 LcSvrHis;ELSA Historie Server;C:\ElsaWin\bin\LcSvrHis.exe [6.12.2011 16:08:58 335360]
R2 LcSvrPAS;ELSA PASS Server;C:\ElsaWin\bin\LcSvrPas.exe [6.12.2011 16:04:48 477696]
R2 LcSvrSaz;ELSA APOSpro Server;C:\ElsaWin\bin\LcSvrSaz.exe [6.12.2011 16:08:16 373248]
R2 NSHE;Guardant Emulator Driver;C:\WINDOWS\system32\drivers\NSHE.SYS [28.9.2012 16:06:10 97792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\system32\drivers\AtihdXP3.sys [9.7.2012 21:28:58 100368]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.sys [18.3.2010 19:39:10 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.sys [18.3.2010 19:39:18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.sys [18.3.2010 19:39:28 566360]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;C:\ElsaWin\bin\LcSvrAuf.exe [6.12.2011 16:07:28 1321472]
R3 PhTVTune;Philips TDA8275 Silicon TV Tuner;C:\WINDOWS\system32\drivers\phtvtune.sys [29.9.2012 19:02:09 19904]
S2 OMSCAN;OMSCAN;\SysŐ --> \SysŐ [?]
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys --> C:\WINDOWS\system32\Drivers\SSPORT.sys [?]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.sys [18.3.2010 19:39:10 99416]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.sys [18.3.2010 19:39:18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.sys [18.3.2010 19:39:36 100952]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.sys [18.3.2010 19:39:36 100952]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.sys [18.3.2010 19:39:28 566360]
S3 FlyPCI;FlyPCI;C:\WINDOWS\system32\drivers\FlyPCI.sys [29.9.2012 19:29:50 4134]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files\Sony\Sony PC Companion\PCCService.exe [4.10.2012 21:02:50 155320]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9.7.2012 21:54:55 79360]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - WS2IFSL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1253 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\007\Plocha\Download\ComboFix.exe
/wow section - STAGE 3
/wow section - STAGE 4
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
/wow section - STAGE 48
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\007\LOCALS~1\Temp\nsa39.tmp\newadvsplash.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nsa39.tmp\System.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nst3.tmp\newadvsplash.dll
C:\DOCUME~1\007\LOCALS~1\Temp\nst3.tmp\registry.dll
C:\Documents and Settings\007\Local Settings\Temp\nsa39.tmp\newadvsplash.dll
C:\Documents and Settings\007\Local Settings\Temp\nsa39.tmp\System.dll
C:\Documents and Settings\007\Local Settings\Temp\nst3.tmp\newadvsplash.dll
C:\Documents and Settings\007\Local Settings\Temp\nst3.tmp\registry.dll
C:\Documents and Settings\007\WINDOWS
C:\WINDOWS\msmqinst.log
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UNWISE.EXE
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-28 do 2012-10-28 )))))))))))))))))))))))))))))))
2012-10-28 09:29:23 . 2012-10-28 09:29:29 -------- d-----w- C:\rsit
2012-10-28 09:29:23 . 2012-10-28 09:29:27 -------- d-----w- C:\Program Files\trend micro
2012-10-28 09:11:35 . 2012-10-28 09:11:35 -------- d-----w- C:\_OTL
2012-10-27 08:57:08 . 2009-10-27 17:31:12 3982240 ----a-w- C:\WINDOWS\system32\Flash10d.ocx
2012-10-27 08:57:07 . 2012-10-27 08:57:08 -------- d-----w- C:\Program Files\StreamTransport
2012-10-26 18:30:04 . 2012-10-26 18:30:04 -------- d-----w- C:\Program Files\Common Files\Java
2012-10-26 18:29:58 . 2012-10-26 18:29:43 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-10-26 18:29:52 . 2012-10-26 18:29:44 93672 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-10-26 18:29:40 . 2012-10-26 18:29:40 -------- d-----w- C:\Program Files\Java
2012-10-22 19:29:20 . 2012-10-22 19:31:19 -------- d-----w- C:\Program Files\Euro Truck Simulator 2
2012-10-22 18:11:02 . 2012-10-22 18:11:02 -------- d-----w- C:\Documents and Settings\007\Local Settings\Data aplikací\Identities
2012-10-21 12:42:10 . 2012-10-21 14:33:52 -------- d-----w- C:\Documents and Settings\007\Data aplikací\PhotoFiltre 7
2012-10-21 12:42:06 . 2012-10-21 12:42:08 -------- d-----w- C:\Program Files\PhotoFiltre 7
2012-10-19 20:24:10 . 2012-10-21 11:28:01 -------- d-----w- C:\Documents and Settings\007\Local Settings\Data aplikací\WMTools Downloaded Files
2012-10-15 17:13:20 . 2012-10-15 17:13:20 -------- d-----w- C:\VW
2012-10-15 17:12:10 . 2012-10-15 17:53:27 -------- d-----w- C:\ElsaWin
2012-10-15 17:12:10 . 2012-10-15 17:12:10 -------- d-----w- C:\Program Files\Diagnose-BK
2012-10-15 17:10:13 . 2012-10-21 07:11:44 -------- d-----w- C:\Program Files\Common Files\Adobe
2012-10-15 17:09:34 . 2012-10-15 17:09:34 -------- d-----w- C:\WINDOWS\Cache
2012-10-14 05:53:44 . 2012-10-14 05:57:12 -------- d-----w- C:\Program Files\ChrisTV Online FREE Edition
2012-10-14 05:49:47 . 2012-10-14 05:49:47 -------- d-----w- C:\Program Files\Motordiag Komfort Manager Lite 1.20
2012-10-07 10:50:39 . 2012-10-11 14:37:33 -------- d-----w- C:\Program Files\Carsoft
2012-10-04 20:05:58 . 2012-08-14 12:43:10 851176 ----a-w- C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2012-10-04 20:02:50 . 2012-10-04 20:02:50 -------- d-----w- C:\Program Files\Sony
2012-10-04 20:02:50 . 2012-10-04 20:02:50 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-10-01 20:58:09 . 2012-10-01 20:58:09 -------- d-----w- C:\databases
2012-10-01 20:53:49 . 2006-09-21 23:33:15 69632 ----a-w- C:\WINDOWS\system32\Crypserv.exe
2012-10-01 20:53:49 . 2006-01-10 02:47:27 31846 ----a-w- C:\WINDOWS\system32\Ckldrv.sys
2012-10-01 20:53:49 . 1999-06-18 21:49:32 165888 ----a-w- C:\WINDOWS\Ckconfig.exe
2012-10-01 20:53:49 . 1996-05-03 17:21:20 27648 ----a-r- C:\WINDOWS\Setup_ck.exe
2012-10-01 20:53:49 . 1996-05-03 15:36:50 18432 ----a-w- C:\WINDOWS\Setup_ck.dll
2012-10-01 20:53:49 . 1995-07-04 18:33:04 11776 ----a-w- C:\WINDOWS\Ckrfresh.exe
2012-10-01 20:53:48 . 2012-10-01 20:53:48 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\WorkshopData
2012-10-01 20:49:29 . 2012-10-01 21:03:07 -------- d-----w- C:\Program Files\eTECH
2012-10-01 20:49:29 . 2012-10-01 20:49:29 -------- d--h--w- C:\Program Files\Zero G Registry
2012-10-01 20:49:00 . 2012-10-01 20:49:00 -------- d--h--w- C:\Documents and Settings\007\InstallAnywhere
2012-10-01 19:16:33 . 2012-10-14 08:37:29 -------- d---a-w- C:\ADCDA2
2012-09-30 11:28:52 . 2011-12-07 17:32:24 216064 ----a-w- C:\WINDOWS\system32\lagarith.dll
2012-09-30 11:28:52 . 2011-06-24 14:44:30 243200 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2012-09-30 11:28:52 . 2011-06-24 14:28:22 650752 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2012-09-30 11:28:51 . 2011-12-21 17:14:02 151552 ----a-w- C:\WINDOWS\system32\ac3acm.acm
2012-09-30 11:28:49 . 2012-07-20 18:00:00 112640 ----a-w- C:\WINDOWS\system32\ff_vfw.dll
2012-09-30 11:28:46 . 2012-09-30 11:31:03 -------- d-----w- C:\Program Files\K-Lite Codec Pack
2012-09-30 09:29:50 . 2012-09-30 09:50:07 -------- d-----w- C:\Documents and Settings\007\Data aplikací\Broad Intelligence
2012-09-30 09:29:48 . 2012-09-30 09:50:08 -------- d-----w- C:\Program Files\MediaCoder
2012-09-30 06:21:56 . 2012-09-30 06:21:56 -------- d-----w- C:\Documents and Settings\007\Data aplikací\DivX
2012-09-30 05:36:11 . 2012-09-30 05:36:11 -------- d-----w- C:\Program Files\CodeStuff
2012-09-29 22:12:09 . 2012-09-30 08:27:53 -------- d-----w- C:\Program Files\Common Files\DivX Shared
2012-09-29 22:11:40 . 2012-09-30 08:27:54 -------- d-----w- C:\Program Files\DivX
2012-09-29 22:09:44 . 2012-09-30 08:28:38 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\DivX
2012-09-29 20:48:29 . 2012-09-29 20:48:29 -------- d-----w- C:\Program Files\Common Files\NacreWare
2012-09-29 20:48:28 . 2012-09-29 20:48:28 -------- d-----w- C:\Program Files\AMC2000
2012-09-29 20:42:23 . 2012-09-29 21:50:51 -------- d-----w- C:\Program Files\Virtual VCR
2012-09-29 20:23:48 . 2012-06-09 17:21:56 178688 ----a-w- C:\WINDOWS\system32\unrar.dll
2012-09-29 20:01:35 . 2012-09-29 20:01:38 -------- d-----w- C:\Program Files\AviSynth 2.5
2012-09-29 18:37:54 . 2012-09-30 19:25:05 -------- d-----w- C:\capture
2012-09-29 18:29:50 . 2003-10-10 10:06:40 4134 ----a-w- C:\WINDOWS\system32\drivers\FlyPCI.sys
2012-09-29 18:29:40 . 2012-09-29 18:29:40 -------- d-----w- C:\Program Files\FLY2000TV
2012-09-29 18:07:25 . 2012-09-29 18:21:41 -------- d-----w- C:\Program Files\TVR
2012-09-29 18:01:53 . 2008-04-14 06:52:58 91648 ----a-w- C:\WINDOWS\system32\kswdmcap.ax
2012-09-29 18:01:53 . 2008-04-14 06:52:58 61952 ----a-w- C:\WINDOWS\system32\kstvtune.ax
2012-09-29 18:01:53 . 2008-04-14 06:52:58 28672 ----a-w- C:\WINDOWS\system32\vidcap.ax
2012-09-29 18:01:53 . 2003-10-20 06:30:42 135168 ----a-w- C:\WINDOWS\system32\34api.dll
2012-09-29 18:01:53 . 2003-10-20 06:30:42 114688 ----a-w- C:\WINDOWS\system32\34com.dll
2012-09-29 18:01:53 . 2003-04-08 09:11:00 110592 ----a-w- C:\WINDOWS\system32\prop7134.dll
2012-09-29 18:01:52 . 2008-04-14 06:52:06 54272 -c--a-w- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2012-09-29 18:01:52 . 2008-04-14 06:52:06 54272 ----a-w- C:\WINDOWS\system32\vfwwdm32.dll
2012-09-29 18:01:49 . 2008-04-14 06:52:58 43008 ----a-w- C:\WINDOWS\system32\ksxbar.ax
2012-09-29 18:01:18 . 2004-11-05 02:17:52 334816 ----a-w- C:\WINDOWS\system32\drivers\Cap7134.sys
2012-09-29 18:01:18 . 2004-10-01 08:07:00 552960 ----a-w- C:\WINDOWS\system32\UNINSTAL.EXE
2012-09-29 18:01:18 . 2003-03-20 18:26:00 126976 ----a-w- C:\WINDOWS\system32\HMPV2_ENC_MMX.DLL
2012-09-28 16:10:14 . 2012-10-12 11:22:08 -------- d-----w- C:\Program Files\PokerStars
2012-09-28 15:06:10 . 2008-11-23 09:23:06 97792 ----a-w- C:\WINDOWS\system32\drivers\NSHE.SYS
2012-09-28 15:04:49 . 2006-11-22 08:01:48 693760 ----a-w- C:\WINDOWS\system32\drivers\hardlock.sys
2012-09-28 15:04:45 . 2012-09-28 15:04:45 191488 ----a-w- C:\WINDOWS\system32\hlvdd.dll
2012-09-28 15:04:36 . 2006-12-20 08:00:20 671112 ----a-w- C:\WINDOWS\system32\hdinst_windows.dll
2012-09-28 15:04:36 . 2006-12-20 08:00:16 2511360 ----a-w- C:\WINDOWS\system32\haspds_windows.dll
2012-09-28 15:04:36 . 2006-11-30 09:06:00 69632 ----a-w- C:\WINDOWS\system32\hasp_inst_help1.dll
2012-09-28 15:04:36 . 2005-09-06 15:06:20 28672 ----a-w- C:\WINDOWS\system32\hlduinst.exe
2012-09-28 15:04:35 . 2006-12-20 09:55:08 3066968 ----a-w- C:\WINDOWS\system32\hinstd.dll
2012-09-28 14:46:04 . 2012-09-28 14:46:36 -------- d-----w- C:\ETKA
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-10-26 18:29:43 . 2012-08-02 20:20:59 746984 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-09-01 05:39:37 . 2012-08-28 05:25:13 73416 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-09-01 05:39:37 . 2012-08-28 05:25:13 696520 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-27 15:47:40 . 2012-08-27 15:47:40 223788 ----a-w- C:\Documents and Settings\All Users\Data aplikací\1346082440.bdinstall.bin
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-08-08 15:44:13 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 15:42:46 53341]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:31:34 1289000]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 11:12:34 98304]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2010-10-29 02:14:44 618496]
"3200 Scan2PC"="C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2010-05-18 22:46:02 1989120]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "C:\WINDOWS\system32\Wshxt.dll" [2012-07-14 08:52:56 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44:58 1084840 ----a-w- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Audio Engine Licensing Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\ProgramFILE\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"E:\\GREYLINK\\greylink.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Scan2Pc.exe"=
"C:\\WINDOWS\\twain_32\\Samsung\\SCX3200\\Sscan2io.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Rockstar Games\\Max Payne 3\\MaxPayne3.exe"=
"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"C:\\ElsaWin\\bin\\ElsaWin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"135:TCP"= 135:TCP:ElsaWinRPC
R0 mv61xx;mv61xx;C:\WINDOWS\system32\drivers\mv61xx.sys [8.8.2008 17:06:27 143360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [29.7.2012 14:46:23 242240]
R1 Winhpfile;Winhpfile;C:\vlrqvdfn\HPFile.sys [14.7.2012 9:52:56 16601]
R2 LcSvrAdm;ELSA Administration Service;C:\ElsaWin\bin\LcSvrAdm.exe [6.12.2011 16:10:44 240640]
R2 LcSvrDba;ELSA DBA Server;C:\ElsaWin\bin\LcSvrDba.exe [6.12.2011 16:03:38 392704]
R2 LcSvrHis;ELSA Historie Server;C:\ElsaWin\bin\LcSvrHis.exe [6.12.2011 16:08:58 335360]
R2 LcSvrPAS;ELSA PASS Server;C:\ElsaWin\bin\LcSvrPas.exe [6.12.2011 16:04:48 477696]
R2 LcSvrSaz;ELSA APOSpro Server;C:\ElsaWin\bin\LcSvrSaz.exe [6.12.2011 16:08:16 373248]
R2 NSHE;Guardant Emulator Driver;C:\WINDOWS\system32\drivers\NSHE.SYS [28.9.2012 16:06:10 97792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\system32\drivers\AtihdXP3.sys [9.7.2012 21:28:58 100368]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.sys [18.3.2010 19:39:10 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.sys [18.3.2010 19:39:18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.sys [18.3.2010 19:39:28 566360]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;C:\ElsaWin\bin\LcSvrAuf.exe [6.12.2011 16:07:28 1321472]
R3 PhTVTune;Philips TDA8275 Silicon TV Tuner;C:\WINDOWS\system32\drivers\phtvtune.sys [29.9.2012 19:02:09 19904]
S2 OMSCAN;OMSCAN;\SysŐ --> \SysŐ [?]
S2 SSPORT;SSPORT;\??\C:\WINDOWS\system32\Drivers\SSPORT.sys --> C:\WINDOWS\system32\Drivers\SSPORT.sys [?]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.sys [18.3.2010 19:39:10 99416]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.sys [18.3.2010 19:39:18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.sys [18.3.2010 19:39:36 100952]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.sys [18.3.2010 19:39:36 100952]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.sys [18.3.2010 19:39:28 566360]
S3 FlyPCI;FlyPCI;C:\WINDOWS\system32\drivers\FlyPCI.sys [29.9.2012 19:29:50 4134]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files\Sony\Sony PC Companion\PCCService.exe [4.10.2012 21:02:50 155320]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9.7.2012 21:54:55 79360]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - WS2IFSL
