Pomalé PC

[sapito]

Programy pracují jaksi zpomaleně a načítání stránek na netu také.
Prosím o kontrolu.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-11-04 21:39:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 86 GB (86%) free of 100 GB
Total RAM: 3061 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:11, on 4.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\O2\SMSender\SMSender.OE.183.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Plocha\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SMSender.E.ToolbarsHelper - {24BCDA96-8FCB-4D3B-0500-000000000004} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: O2 SMSender - {24BCDA96-8FCB-4D3B-0500-000000000003} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SMSender.OE] C:\Program Files\O2\SMSender\\SMSender.OE.183.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat jako MMS - res://C:\Program Files\O2\SMSender\SMSender.E.183.dll/1003
O8 - Extra context menu item: Poslat jako SMS - res://C:\Program Files\O2\SMSender\SMSender.E.183.dll/1001
O8 - Extra context menu item: Poslat MMS na - res://C:\Program Files\O2\SMSender\SMSender.E.183.dll/1002
O8 - Extra context menu item: Poslat SMS na - res://C:\Program Files\O2\SMSender\SMSender.E.183.dll/1000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5226095671
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8535 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24BCDA96-8FCB-4D3B-0500-000000000004}]
SMSender.E.ToolbarsHelper - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{24BCDA96-8FCB-4D3B-0500-000000000003} - O2 SMSender - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-07-28 19557480]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2006-08-16 503808]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-10 67488]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-10 2500552]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"SMSender.OE"=C:\Program Files\O2\SMSender\\SMSender.OE.183.exe [2010-04-01 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-08-24 247144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-31 19:29:39 ----HD---- C:\$AVG
2010-10-25 14:14:36 ----D---- C:\Documents and Settings\Owner\Data aplikací\O2
2010-10-25 14:13:45 ----D---- C:\Program Files\O2
2010-10-17 10:44:32 ----D---- C:\Program Files\DsNET Corp
2010-10-11 11:16:42 ----SHD---- C:\RECYCLER
2010-10-11 10:55:16 ----A---- C:\ComboFix.txt
2010-10-11 10:02:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-10-11 09:28:48 ----A---- C:\Boot.bak
2010-10-11 09:28:44 ----RASHD---- C:\cmdcons
2010-10-11 09:27:46 ----A---- C:\WINDOWS\zip.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\SWSC.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\SWREG.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\sed.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\PEV.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\MBR.exe
2010-10-11 09:27:46 ----A---- C:\WINDOWS\grep.exe
2010-10-11 09:27:33 ----D---- C:\WINDOWS\ERDNT
2010-10-11 09:24:14 ----D---- C:\Qoobox
2010-10-11 09:19:03 ----D---- C:\Documents and Settings\Owner\Data aplikací\AVG10
2010-10-11 09:18:04 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2010-10-11 09:17:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2010-10-11 09:17:24 ----D---- C:\Program Files\AVG
2010-10-11 09:11:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-10-11 07:59:31 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2010-10-11 06:08:03 ----D---- C:\rsit
2010-10-11 06:08:03 ----D---- C:\Program Files\trend micro
2010-10-08 21:41:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-10-08 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-10-08 21:40:55 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-10-08 20:07:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\TomTom
2010-10-08 20:07:12 ----D---- C:\Documents and Settings\Owner\Data aplikací\TomTom
2010-10-08 20:07:08 ----D---- C:\Program Files\TomTom International B.V
2010-10-08 20:06:57 ----D---- C:\Program Files\TomTom HOME 2
2010-10-08 14:18:12 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-10-08 14:17:58 ----D---- C:\Program Files\Windows Media Connect 2
2010-10-06 08:45:21 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-10-06 08:45:06 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-10-06 08:45:02 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-10-06 08:44:32 ----D---- C:\Documents and Settings\Owner\Data aplikací\Nokia
2010-10-06 08:44:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-10-06 08:44:08 ----D---- C:\Documents and Settings\Owner\Data aplikací\PC Suite
2010-10-06 08:42:58 ----D---- C:\Program Files\Common Files\Nokia
2010-10-06 08:42:31 ----D---- C:\Program Files\DIFX
2010-10-06 08:42:23 ----D---- C:\Program Files\PC Connectivity Solution
2010-10-06 08:42:13 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-10-06 08:42:13 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-10-06 08:40:22 ----D---- C:\WINDOWS\system32\LogFiles
2010-10-06 08:40:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-10-06 08:38:15 ----D---- C:\Program Files\Nokia
2010-10-06 08:38:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2010-10-06 08:21:18 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

======List of files/folders modified in the last 1 months======

2010-11-04 21:39:11 ----D---- C:\WINDOWS\Prefetch
2010-11-04 21:31:32 ----D---- C:\WINDOWS
2010-11-04 18:59:18 ----D---- C:\WINDOWS\Temp
2010-11-04 18:55:30 ----D---- C:\WINDOWS\system32
2010-11-04 18:55:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-04 18:26:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-04 12:42:59 ----D---- C:\Documents and Settings\Owner\Data aplikací\Adobe
2010-11-04 12:42:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-03 23:09:33 ----D---- C:\Documents and Settings\Owner\Data aplikací\Media Player Classic
2010-11-03 22:48:43 ----A---- C:\WINDOWS\WINCMD.INI
2010-11-01 00:51:25 ----D---- C:\Program Files\rajce
2010-10-28 17:31:50 ----D---- C:\Program Files\Mozilla Firefox
2010-10-28 07:26:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-28 07:26:03 ----SHD---- C:\WINDOWS\Installer
2010-10-25 14:13:57 ----SD---- C:\Documents and Settings\Owner\Data aplikací\Microsoft
2010-10-25 14:13:45 ----RD---- C:\Program Files
2010-10-22 08:43:36 ----D---- C:\WINDOWS\system32\drivers
2010-10-20 15:59:36 ----A---- C:\WINDOWS\win.ini
2010-10-18 05:52:36 ----HD---- C:\WINDOWS\inf
2010-10-15 00:03:09 ----D---- C:\Program Files\CCleaner
2010-10-13 22:15:25 ----D---- C:\WINDOWS\Debug
2010-10-13 06:17:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-13 06:17:28 ----D---- C:\WINDOWS\WinSxS
2010-10-13 06:17:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-10-13 06:16:20 ----D---- C:\Program Files\Internet Explorer
2010-10-13 06:16:13 ----D---- C:\WINDOWS\ie8updates
2010-10-13 06:12:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-11 11:18:15 ----SHD---- C:\System Volume Information
2010-10-11 11:10:56 ----D---- C:\WINDOWS\system32\Restore
2010-10-11 10:54:18 ----A---- C:\WINDOWS\system.ini
2010-10-11 10:52:53 ----D---- C:\WINDOWS\AppPatch
2010-10-11 10:52:51 ----D---- C:\Program Files\Common Files
2010-10-11 10:07:09 ----D---- C:\WINDOWS\system32\config
2010-10-11 09:30:03 ----A---- C:\WINDOWS\system32\services.exe
2010-10-11 09:28:48 ----RASH---- C:\boot.ini
2010-10-11 09:17:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-11 08:51:03 ----D---- C:\Documents and Settings
2010-10-10 22:28:17 ----D---- C:\Documents and Settings\Owner\Data aplikací\Spyware Terminator
2010-10-10 10:54:07 ----D---- C:\Documents and Settings\Owner\Data aplikací\Corel
2010-10-09 06:16:37 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-08 21:41:45 ----D---- C:\Program Files\Windows Media Player
2010-10-08 21:41:33 ----D---- C:\WINDOWS\Help
2010-10-08 08:20:32 ----D---- C:\Program Files\Common Files\Adobe
2010-10-08 08:20:26 ----D---- C:\Program Files\Adobe
2010-10-08 06:25:09 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 06:25:08 ----RSD---- C:\WINDOWS\assembly
2010-10-08 06:11:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-06 09:30:49 ----D---- C:\WINDOWS\security
2010-10-06 08:42:30 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-09-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-09-10 25240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 fdrawcmd;Low-level Floppy Driver; \??\C:\WINDOWS\system32\drivers\fdrawcmd.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-07-28 6108776]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\F:\Programy\EVEREST Ultimate Edition\kerneld.wnt []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-10 1901056]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-22 153376]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2008-11-07 26144]

-----------------EOF-----------------

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[sapito]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5009

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.11.2010 8:09:18
mbam-log-2010-11-05 (08-09-18).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|H:\|)
Skenované objekty: 342417
Uplynulý čas: 49 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Rudy]

Zkuste ještě ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[sapito]

Nedařilo se mi vytvořit log, nutno odinstalovat AVG a pak se Combofix vypánal pro nalezení rootkitu. Nedaří se mi ho nalézt, při použití RootkitRevealer se nedaří vytvořit log, zkusím jiný program.

ComboFix 10-11-05.01 - Owner 05.11.2010 23:37:20.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3061.2688 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-05 do 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 21:44 . 2010-11-05 21:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Help
2010-11-05 21:19 . 2010-11-05 21:19 -------- d-----w- c:\windows\XSxS
2010-11-05 21:19 . 2010-11-05 21:19 -------- d-----w- c:\program files\Xenocode
2010-11-05 21:15 . 2010-11-05 21:15 -------- d-----w- C:\$AVG
2010-11-05 21:08 . 2010-11-05 21:08 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-05 20:47 . 2010-11-05 21:44 -------- d-----w- C:\SOPHTEMP
2010-11-05 18:30 . 2010-11-05 22:33 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-11-04 22:34 . 2010-11-04 22:34 -------- d--h--w- c:\windows\PIF
2010-10-25 20:41 . 2010-10-25 20:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\assembly
2010-10-25 13:14 . 2010-10-25 13:14 -------- d-----w- c:\documents and settings\Owner\Data aplikací\O2
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Identities
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\program files\O2
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Downloaded Installations
2010-10-17 09:44 . 2010-10-17 09:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\QuickStores
2010-10-17 09:44 . 2010-10-17 09:44 -------- d-----w- c:\program files\DsNET Corp
2010-10-11 10:56 . 2010-11-05 22:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-10-11 08:19 . 2010-10-11 08:19 -------- d-----w- c:\documents and settings\Owner\Data aplikací\AVG10
2010-10-11 08:18 . 2010-10-11 08:18 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-10-11 08:17 . 2010-11-05 22:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-10-11 08:17 . 2010-11-05 18:30 -------- d-----w- c:\program files\AVG
2010-10-11 08:11 . 2010-10-11 08:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-10-11 07:51 . 2010-10-11 07:51 -------- d-----w- c:\documents and settings\Administrator
2010-10-11 05:08 . 2010-11-04 20:39 -------- d-----w- c:\program files\trend micro
2010-10-11 05:08 . 2010-10-11 05:08 -------- d-----w- C:\rsit
2010-10-08 20:43 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\Owner\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\program files\TomTom International B.V
2010-10-08 19:06 . 2010-10-08 19:07 -------- d-----w- c:\program files\TomTom HOME 2
2010-10-08 13:17 . 2010-10-08 20:41 -------- d-----w- c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-11 08:30 . 2008-04-14 12:00 111104 ----a-w- c:\windows\system32\services.exe
2010-09-26 12:09 . 2010-09-26 12:09 52306 ----a-w- c:\windows\FdUninstall.exe
2010-09-23 13:31 . 2010-09-23 13:31 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-23 13:31 . 2010-09-23 13:31 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-23 13:31 . 2010-09-23 13:31 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-23 13:31 . 2010-09-23 13:31 129784 ------w- c:\windows\system32\pxafs.dll
2010-09-23 13:31 . 2010-09-23 13:31 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 13:31 . 2010-09-23 13:31 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-22 12:03 . 2010-09-22 12:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-22 12:03 . 2010-09-22 12:03 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 08:00 . 2010-09-22 12:04 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-11_08.41.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-05 22:35 . 2010-11-05 22:35 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2010-10-08 20:41 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
- 2008-04-14 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 02:31 . 2010-09-10 05:52 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 02:31 . 2010-06-24 12:27 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 25600 c:\windows\system32\jsproxy.dll
+ 2008-08-19 00:18 . 2008-08-19 00:18 77824 c:\windows\system32\fmcodec.DLL
- 2010-09-23 19:57 . 2010-04-29 13:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-09-23 19:57 . 2010-04-29 14:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-09-23 19:57 . 2010-04-29 14:39 20952 c:\windows\system32\drivers\mbam.sys
- 2010-09-23 19:57 . 2010-04-29 13:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-07-12 03:33 . 2010-07-12 03:33 30432 c:\windows\system32\drivers\avgfwdx.sys
- 2010-09-22 13:06 . 2010-06-24 12:27 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2010-08-27 05:54 99840 c:\windows\system32\dllcache\srvsvc.dll
- 2008-04-14 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-09-22 13:06 . 2010-06-24 12:27 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-07-12 03:33 . 2010-07-12 03:33 51040 c:\windows\system32\avgfwdx.dll
+ 2009-02-11 17:14 . 2009-02-11 17:14 17408 c:\windows\OEInject.dll
+ 2010-09-23 11:57 . 2010-10-13 05:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-11 13:09 . 2010-10-11 13:09 10134 c:\windows\Installer\{749A1EDD-16C2-4C63-B013-D38F0F953973}\ARPPRODUCTICON.exe
- 2010-10-06 07:43 . 2010-10-06 07:43 10134 c:\windows\Installer\{749A1EDD-16C2-4C63-B013-D38F0F953973}\ARPPRODUCTICON.exe
+ 2010-10-25 13:14 . 2010-10-25 13:14 45056 c:\windows\Installer\{24BCDA96-8FCB-4D3B-0000-000001530000}\SMSender.US.exe_9A23F54ECC4E4C8F9324648350A8FE5A.exe
+ 2010-10-25 13:14 . 2010-10-25 13:14 45056 c:\windows\Installer\{24BCDA96-8FCB-4D3B-0000-000001530000}\NewShortcut3_645BC72ACE774D698AE604CB27E448FF.exe
+ 2010-10-25 13:14 . 2010-10-25 13:14 45056 c:\windows\Installer\{24BCDA96-8FCB-4D3B-0000-000001530000}\NewShortcut2_91916B040A7B41F39AA1A94A6725B254.exe
+ 2010-10-25 13:14 . 2010-10-25 13:14 45056 c:\windows\Installer\{24BCDA96-8FCB-4D3B-0000-000001530000}\NewShortcut2_22D431EFB9FC4A8B93AF69212B86D275.exe
+ 2010-10-13 05:16 . 2010-06-24 12:27 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-13 05:16 . 2009-03-08 02:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-13 05:16 . 2009-03-08 02:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2009-02-11 17:19 . 2009-02-11 17:19 7168 c:\windows\OeHook.dll
+ 2010-10-25 13:14 . 2010-10-25 13:14 3638 c:\windows\Installer\{24BCDA96-8FCB-4D3B-0000-000001530000}\ARPPRODUCTICON.exe
+ 2008-04-14 12:00 . 2010-09-10 05:52 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 02:32 . 2010-09-10 05:52 602112 c:\windows\system32\msfeeds.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2010-09-22 12:51 . 2010-09-23 15:13 303624 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-22 12:51 . 2010-10-13 05:50 303624 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-22 10:57 . 2010-07-16 11:58 219136 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 12:00 . 2010-09-10 05:52 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2010-08-27 08:03 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2008-04-14 12:00 . 2010-07-22 15:46 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-14 12:00 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-14 12:00 . 2010-09-18 10:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-14 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
- 2010-09-22 13:06 . 2010-06-24 12:27 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-09-22 13:06 . 2010-06-24 12:27 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-04-14 12:00 . 2010-06-24 12:27 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 12:00 . 2010-09-01 11:52 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2010-09-23 11:57 . 2010-10-13 05:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-10-13 05:16 . 2010-06-24 12:27 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-13 05:16 . 2010-07-05 13:13 391032 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-13 05:16 . 2010-02-22 14:20 233848 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-13 05:16 . 2010-06-24 12:27 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-13 05:16 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-13 05:10 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 1210880 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-07-16 12:00 1287680 c:\windows\system32\ole32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 5957120 c:\windows\system32\mshtml.dll
- 2009-03-08 02:32 . 2010-06-24 12:27 1986560 c:\windows\system32\iertutil.dll
+ 2009-03-08 02:32 . 2010-09-10 05:52 1986560 c:\windows\system32\iertutil.dll
+ 2008-04-14 12:00 . 2010-09-01 07:57 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2010-09-10 05:52 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-07-16 12:00 1287680 c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 12:00 . 2010-09-10 05:52 5957120 c:\windows\system32\dllcache\mshtml.dll
- 2010-09-22 13:06 . 2010-06-24 12:27 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-08-13 16:01 . 2010-08-13 16:01 8993280 c:\windows\Installer\c7767.msp
+ 2010-08-13 15:59 . 2010-08-13 15:59 8182272 c:\windows\Installer\c774e.msp
+ 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\c7735.msp
+ 2010-08-13 16:00 . 2010-08-13 16:00 9404928 c:\windows\Installer\c771c.msp
+ 2010-09-17 04:06 . 2010-09-17 04:06 3355648 c:\windows\Installer\c7702.msp
+ 2010-11-05 20:36 . 2010-11-05 20:36 3019264 c:\windows\Installer\8e1a5.msi
+ 2010-11-05 20:35 . 2010-11-05 20:35 1543680 c:\windows\Installer\8e1a1.msi
+ 2010-10-25 15:27 . 2010-10-25 15:27 1543680 c:\windows\Installer\26569b9.msi
+ 2010-10-28 06:25 . 2010-10-28 06:25 3019264 c:\windows\Installer\1ff4f5.msi
- 2010-09-23 11:57 . 2010-09-24 07:07 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-09-23 11:57 . 2010-09-24 07:07 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-23 11:57 . 2010-10-13 05:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-13 05:16 . 2010-06-24 12:27 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-13 05:16 . 2010-06-24 12:27 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
- 2008-04-14 12:00 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll
+ 2008-04-14 12:00 . 2010-08-25 21:36 10841088 c:\windows\system32\wmp.dll
+ 2010-09-22 13:02 . 2010-10-13 05:12 35385288 c:\windows\system32\MRT.exe
+ 2009-03-08 02:39 . 2010-09-10 05:52 11080192 c:\windows\system32\ieframe.dll
- 2008-04-14 12:00 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-04-14 12:00 . 2010-08-25 21:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-09-22 13:06 . 2010-09-10 05:52 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-25 13:14 . 2010-10-25 13:14 11379200 c:\windows\Installer\1eaa4b0.msi
+ 2010-10-13 05:16 . 2010-06-24 15:57 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SMSender.OE"="c:\program files\O2\SMSender\\SMSender.OE.183.exe" [2010-04-01 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-23 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 22:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 22:40 25240]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 10:38 92008]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [28.9.2008 4:09 27544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.9.2010 13:10 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\f:\programy\EVEREST Ultimate Edition\kerneld.wnt --> f:\programy\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
S3 RMKAFG;RMKAFG;c:\docume~1\Owner\LOCALS~1\Temp\RMKAFG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\RMKAFG.exe [?]
S3 ZRLLKEPMMCYB;ZRLLKEPMMCYB;c:\docume~1\Owner\LOCALS~1\Temp\ZRLLKEPMMCYB.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ZRLLKEPMMCYB.exe [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Poslat jako MMS - c:\program files\O2\SMSender\SMSender.E.183.dll/1003
IE: Poslat jako SMS - c:\program files\O2\SMSender\SMSender.E.183.dll/1001
IE: Poslat MMS na - c:\program files\O2\SMSender\SMSender.E.183.dll/1002
IE: Poslat SMS na - c:\program files\O2\SMSender\SMSender.E.183.dll/1000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\t9360ehl.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\O2\SMSender\SMSender.FF\components\ssff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 23:40
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\f:\programy\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-11-05 23:42:02
ComboFix-quarantined-files.txt 2010-11-05 22:42
ComboFix2.txt 2010-10-11 09:55
ComboFix3.txt 2010-10-11 09:13
ComboFix4.txt 2010-10-11 08:42

Před spuštěním: Volných bajtů: 89 753 341 952
Po spuštění: Volných bajtů: 89 738 813 440

- - End Of File - - 22EA2D3A599F0CFA9171DE520F400BA6

[sapito]

date/time : 2010-11-06, 02:13:37, 515ms
computer name : U-2AAB5481E0CC4
user name : Owner <admin>
registered owner : Uživatel
operating system : Windows XP Service Pack 3 build 2600
system language : Czech
system up time : 2 hours 13 minutes
program up time : 1 second
processors : 2x Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
physical memory : 2119/3061 MB (free/total)
free disk space : (C:) 83,13 GB
display mode : 1280x1024, 32 bit
process id : $102c
allocated memory : 16,28 MB
command line : "C:\Program Files\AVG\AVG PC Tuneup 2011\taskmanager.exe" -processes
executable : taskmanager.exe
current module : madExcept_.bpl
exec. date/time : 2010-10-08 10:22
version : 10.0.0.22
compiled with : Delphi 2009
madExcept version : 3.0l
callstack crc : will be calculated soon
exception number : 1
exception class : EAccessViolation
exception message : Access violation at address 5001F49E in module 'rtl120.bpl'. Read of address 02D07000.

main thread ($1030):
5001f49e +0e2 rtl120.bpl Sysutils WideFormatBuf
5001e97c +010 rtl120.bpl Sysutils FormatBuf
5001f106 +142 rtl120.bpl Sysutils FmtStr
5001efa2 +00a rtl120.bpl Sysutils Format
00404e9e +026 taskmanager.exe uRegisterRoutines2 119 +4 CheckExpiration
0041b38d +06d taskmanager.exe TaskManager 49 +12 initialization

thread $104c:
7c90df48 +a ntdll.dll NtWaitForMultipleObjects

thread $1078:
7c90d218 +0a ntdll.dll NtDelayExecution
7c8023eb +4b kernel32.dll SleepEx
7c802450 +0a kernel32.dll Sleep

modules:
00390000 mpr.dll 5.1.2600.5512 C:\WINDOWS\system32
00400000 taskmanager.exe 10.0.0.22 C:\Program Files\AVG\AVG PC Tuneup 2011
00450000 AxComponents20.bpl 3.0.0.22 C:\Program Files\AVG\AVG PC Tuneup 2011
00e80000 OEHook.dll C:\WINDOWS
02120000 Localizer.dll 10.0.0.22 C:\Program Files\AVG\AVG PC Tuneup 2011
021d0000 xpsp2res.dll 5.1.2600.5512 C:\WINDOWS\system32
024a0000 helper.dll 10.0.0.22 C:\Program Files\AVG\AVG PC Tuneup 2011
024c0000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
02b40000 commonforms.dll 10.0.0.0 C:\Program Files\AVG\AVG PC Tuneup 2011
02d10000 aushelper.dll 5.0.1.50 C:\Program Files\AVG\AVG PC Tuneup 2011
10000000 guard32.dll 5.0.31556.1134 C:\WINDOWS\system32
20000000 xpsp3res.dll 5.1.2600.5512 C:\WINDOWS\system32
40c00000 wininet.dll 8.0.6001.18968 C:\WINDOWS\system32
412a0000 iertutil.dll 8.0.6001.18968 C:\WINDOWS\system32
45630000 URLMON.DLL 8.0.6001.18968 C:\WINDOWS\system32
4dd60000 fltlib.dll 5.1.2600.5512 C:\WINDOWS\system32
50000000 rtl120.bpl 12.0.3420.21218 C:\Program Files\AVG\AVG PC Tuneup 2011
50120000 vcl120.bpl 12.0.3420.21218 C:\Program Files\AVG\AVG PC Tuneup 2011
57000000 madBasic_.bpl C:\Program Files\AVG\AVG PC Tuneup 2011
57800000 madDisAsm_.bpl C:\Program Files\AVG\AVG PC Tuneup 2011
59800000 madExcept_.bpl C:\Program Files\AVG\AVG PC Tuneup 2011
5b250000 uxtheme.dll 6.0.2900.5512 C:\WINDOWS\system32
66c30000 inetmib1.dll 5.1.2600.5512 C:\WINDOWS\system32
67270000 NETAPI32.dll 5.1.2600.5694 C:\WINDOWS\system32
71a80000 WS2HELP.dll 5.1.2600.5512 C:\WINDOWS\system32
71a90000 WS2_32.dll 5.1.2600.5512 C:\WINDOWS\system32
71ab0000 wsock32.dll 5.1.2600.5512 C:\WINDOWS\system32
71bd0000 SAMLIB.dll 5.1.2600.5512 C:\WINDOWS\system32
71f40000 snmpapi.dll 5.1.2600.5512 C:\WINDOWS\system32
72fc0000 winspool.drv 5.1.2600.5512 C:\WINDOWS\system32
746f0000 MSCTF.dll 5.1.2600.5512 C:\WINDOWS\system32
74c50000 oleacc.dll 4.2.5406.0 C:\WINDOWS\system32
751a0000 msctfime.ime 5.1.2600.5512 C:\WINDOWS\system32
76060000 MSVCP60.dll 6.2.3104.0 C:\WINDOWS\system32
76360000 msimg32.dll 5.1.2600.5512 C:\WINDOWS\system32
76370000 IMM32.DLL 5.1.2600.5512 C:\WINDOWS\system32
76390000 comdlg32.dll 6.0.2900.5512 C:\WINDOWS\system32
76770000 SHFolder.dll 6.0.2900.5512 C:\WINDOWS\system32
76b10000 ATL.DLL 3.5.2284.2 C:\WINDOWS\system32
76b30000 winmm.dll 5.1.2600.5512 C:\WINDOWS\system32
76c80000 IMAGEHLP.DLL 5.1.2600.5512 C:\WINDOWS\system32
76d30000 MPRAPI.dll 5.1.2600.5512 C:\WINDOWS\system32
76d50000 iphlpapi.dll 5.1.2600.5512 C:\WINDOWS\system32
76e00000 adsldpc.dll 5.1.2600.5512 C:\WINDOWS\system32
76e70000 rtutils.dll 5.1.2600.5512 C:\WINDOWS\system32
76f50000 WLDAP32.dll 5.1.2600.5512 C:\WINDOWS\system32
77110000 oleaut32.dll 5.1.2600.5512 C:\WINDOWS\system32
773c0000 comctl32.dll 6.0.2900.6028 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
774d0000 ole32.dll 5.1.2600.6010 C:\WINDOWS\system32
77910000 SETUPAPI.dll 5.1.2600.5512 C:\WINDOWS\system32
77bf0000 version.dll 5.1.2600.5512 C:\WINDOWS\system32
77c00000 msvcrt.dll 7.0.2600.5512 C:\WINDOWS\system32
77cb0000 ACTIVEDS.dll 5.1.2600.5512 C:\WINDOWS\system32
77dc0000 ADVAPI32.dll 5.1.2600.5755 C:\WINDOWS\system32
77e70000 RPCRT4.dll 5.1.2600.6022 C:\WINDOWS\system32
77f10000 GDI32.dll 5.1.2600.5698 C:\WINDOWS\system32
77f60000 SHLWAPI.dll 6.0.2900.5912 C:\WINDOWS\system32
77fe0000 Secur32.dll 5.1.2600.5834 C:\WINDOWS\system32
78130000 MSVCR80.dll 8.0.50727.4053 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
7c800000 kernel32.dll 5.1.2600.5781 C:\WINDOWS\system32
7c900000 ntdll.dll 5.1.2600.5755 C:\WINDOWS\system32
7c9c0000 shell32.dll 6.0.2900.6018 C:\WINDOWS\system32
7dfc0000 oledlg.dll 5.1.2600.5512 C:\WINDOWS\system32
7e360000 USER32.dll 5.1.2600.5512 C:\WINDOWS\system32

processes:
0000 Idle 0 0
0004 System 0 0 normal
039c smss.exe 0 0 normal C:\WINDOWS\system32
03bc avgchsvx.exe 0 0 normal C:\PROGRA~1\AVG\AVG10
046c csrss.exe 66 68 normal C:\WINDOWS\system32
0488 winlogon.exe 46 14 high C:\WINDOWS\system32
04b4 services.exe 4 2 normal C:\WINDOWS\system32
04c8 lsass.exe 6 4 normal C:\WINDOWS\system32
0580 svchost.exe 4 1 normal C:\WINDOWS\system32
0608 svchost.exe 4 1 normal C:\WINDOWS\system32
0684 cmdagent.exe 8 5 normal C:\Program Files\COMODO\COMODO Internet Security
06ac svchost.exe 11 36 normal C:\WINDOWS\system32
0730 svchost.exe 4 1 normal C:\WINDOWS\system32
07c0 svchost.exe 4 1 normal C:\WINDOWS\system32
0108 svchost.exe 4 1 normal C:\WINDOWS\system32
01d0 spoolsv.exe 4 5 normal C:\WINDOWS\system32
01d8 Explorer.EXE 309 150 normal C:\WINDOWS
0330 igfxtray.exe 13 6 normal C:\WINDOWS\system32
0304 igfxsrvc.exe 8 3 normal C:\WINDOWS\system32
0388 hkcmd.exe 11 18 normal C:\WINDOWS\system32
03b8 igfxpers.exe 11 4 normal C:\WINDOWS\system32
0448 jusched.exe 8 2 normal C:\Program Files\Common Files\Java\Java Update
0464 RTHDCPL.EXE 775 162 normal C:\WINDOWS
0514 GrooveMonitor.exe 11 4 normal C:\Program Files\Microsoft Office\Office12
0594 ssmmgr.exe 32 13 normal C:\WINDOWS\Samsung\PanelMgr
05a0 apdproxy.exe 25 31 normal C:\Program Files\Adobe\Photoshop Elements 6.0
0634 NokiaMServer.exe 11 6 normal C:\Program Files\Common Files\Nokia\MPlatform
0654 SMSender.OE.183.exe 62 51 normal C:\Program Files\O2\SMSender
066c avgtray.exe 134 30 normal C:\Program Files\AVG\AVG10
06e8 TomTomHOMERunner.exe 40 10 normal C:\Program Files\TomTom HOME 2
0700 ctfmon.exe 28 11 normal C:\WINDOWS\system32
00ec svchost.exe 4 1 normal C:\WINDOWS\system32
0650 PhotoshopElementsFileAgent.exe 4 1 normal C:\Program Files\Adobe\Photoshop Elements 6.0
07e8 avgfws.exe 4 2 normal C:\Program Files\AVG\AVG10
0848 avgwdsvc.exe 4 4 normal C:\Program Files\AVG\AVG10
0864 jqs.exe 4 2 idle C:\Program Files\Java\jre6\bin
08f4 avgidsmonitor.exe 4 2 normal C:\Program Files\AVG\AVG10\Identity Protection\agent\bin
0990 svchost.exe 4 2 normal C:\WINDOWS\system32
0a10 TomTomHOMEService.exe 4 1 normal C:\Program Files\TomTom HOME 2
0c98 AVGIDSAgent.exe 4 6 normal C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin
0d14 avgam.exe 4 1 normal C:\Program Files\AVG\AVG10
0de0 avgnsx.exe 4 2 normal C:\Program Files\AVG\AVG10
088c ServiceLayer.exe 11 9 normal C:\Program Files\PC Connectivity Solution
09a0 wmiapsrv.exe 4 2 normal C:\WINDOWS\system32\wbem
0c4c alg.exe 4 2 normal C:\WINDOWS\System32
0c6c avgemcx.exe 4 1 normal C:\Program Files\AVG\AVG10
0c0c NclUSBSrv.exe 11 4 high C:\Program Files\PC Connectivity Solution\Transports
0ef8 NclRSSrv.exe 11 3 high C:\Program Files\PC Connectivity Solution\Transports
0d34 avgcsrvx.exe 0 0 normal C:\Program Files\AVG\AVG10
0a18 gmer.exe 94 118 normal C:\Documents and Settings\Owner\Plocha\gmer
0da4 gmer.exe 124 123 normal C:\Documents and Settings\Owner\Plocha\gmer
0ab4 avgrsx.exe 0 0 normal C:\PROGRA~1\AVG\AVG10
0320 avgcsrvx.exe 0 0 normal C:\Program Files\AVG\AVG10
041c firefox.exe 497 77 normal C:\Program Files\Mozilla Firefox
05f4 plugin-container.exe 19 21 normal C:\Program Files\Mozilla Firefox
021c BoostSpeed.exe 394 237 normal C:\Program Files\AVG\AVG PC Tuneup 2011
0624 wmiprvse.exe 7 7 normal C:\WINDOWS\system32\wbem
0b54 wmiprvse.exe 7 6 normal C:\WINDOWS\system32\wbem
102c taskmanager.exe 111 27 normal C:\Program Files\AVG\AVG PC Tuneup 2011

hardware:
>> will be calculated soon

cpu registers:
>> will be calculated soon

stack dump:
>> will be calculated soon

disassembling:
>> will be calculated soon

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\docume~1\Owner\LOCALS~1\Temp\RMKAFG.exe
c:\docume~1\Owner\LOCALS~1\Temp\ZRLLKEPMMCYB.exe

Driver::
RMKAFG
ZRLLKEPMMCYB

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[sapito]

Proces combofix se nedaří dokončit pro přítomnost rootkitu. Dochází k restartu příp. přerušení akce

Jediné, kdy se mi to podařilo je zde

ComboFix 10-11-05.01 - Owner 06.11.2010 13:36:26.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3061.2686 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RMKAFG
-------\Legacy_ZRLLKEPMMCYB
-------\Service_RMKAFG
-------\Service_ZRLLKEPMMCYB


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-06 do 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-05 21:44 . 2010-11-05 21:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Help
2010-11-05 21:19 . 2010-11-05 21:19 -------- d-----w- c:\windows\XSxS
2010-11-05 21:19 . 2010-11-05 21:19 -------- d-----w- c:\program files\Xenocode
2010-11-05 21:15 . 2010-11-05 21:15 -------- d-----w- C:\$AVG
2010-11-05 21:08 . 2010-11-05 21:08 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-05 20:47 . 2010-11-05 21:44 -------- d-----w- C:\SOPHTEMP
2010-11-05 18:30 . 2010-11-06 12:05 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2010-11-04 22:34 . 2010-11-04 22:34 -------- d--h--w- c:\windows\PIF
2010-10-25 20:41 . 2010-10-25 20:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\assembly
2010-10-25 13:14 . 2010-10-25 13:14 -------- d-----w- c:\documents and settings\Owner\Data aplikací\O2
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Identities
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\program files\O2
2010-10-25 13:13 . 2010-10-25 13:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Downloaded Installations
2010-10-17 09:44 . 2010-10-17 09:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\QuickStores
2010-10-17 09:44 . 2010-10-17 09:44 -------- d-----w- c:\program files\DsNET Corp
2010-10-11 10:56 . 2010-11-05 22:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-10-11 08:19 . 2010-10-11 08:19 -------- d-----w- c:\documents and settings\Owner\Data aplikací\AVG10
2010-10-11 08:18 . 2010-10-11 08:18 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-10-11 08:17 . 2010-11-06 12:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-10-11 08:17 . 2010-11-05 18:30 -------- d-----w- c:\program files\AVG
2010-10-11 08:11 . 2010-10-11 08:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-10-11 07:51 . 2010-10-11 07:51 -------- d-----w- c:\documents and settings\Administrator
2010-10-11 05:08 . 2010-11-04 20:39 -------- d-----w- c:\program files\trend micro
2010-10-11 05:08 . 2010-10-11 05:08 -------- d-----w- C:\rsit
2010-10-08 20:43 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\documents and settings\Owner\Data aplikací\TomTom
2010-10-08 19:07 . 2010-10-08 19:07 -------- d-----w- c:\program files\TomTom International B.V
2010-10-08 19:06 . 2010-10-08 19:07 -------- d-----w- c:\program files\TomTom HOME 2
2010-10-08 13:17 . 2010-10-08 20:41 -------- d-----w- c:\program files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-11 08:30 . 2008-04-14 12:00 111104 ----a-w- c:\windows\system32\services.exe
2010-09-26 12:09 . 2010-09-26 12:09 52306 ----a-w- c:\windows\FdUninstall.exe
2010-09-23 13:31 . 2010-09-23 13:31 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-23 13:31 . 2010-09-23 13:31 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-23 13:31 . 2010-09-23 13:31 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-23 13:31 . 2010-09-23 13:31 129784 ------w- c:\windows\system32\pxafs.dll
2010-09-23 13:31 . 2010-09-23 13:31 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 13:31 . 2010-09-23 13:31 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-22 12:03 . 2010-09-22 12:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-22 12:03 . 2010-09-22 12:03 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:52 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 08:00 . 2010-09-22 12:04 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-11-05_22.40.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-06 12:34 . 2010-11-06 12:34 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
- 2010-11-05 22:35 . 2010-11-05 22:35 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
+ 2010-11-05 22:48 . 2010-11-05 22:48 3019264 c:\windows\Installer\af6ba.msi
+ 2010-11-05 22:47 . 2010-11-05 22:47 1543680 c:\windows\Installer\af6b6.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SMSender.OE"="c:\program files\O2\SMSender\\SMSender.OE.183.exe" [2010-04-01 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-23 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 22:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 22:40 25240]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 10:38 92008]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [28.9.2008 4:09 27544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.9.2010 13:10 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\f:\programy\EVEREST Ultimate Edition\kerneld.wnt --> f:\programy\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Poslat jako MMS - c:\program files\O2\SMSender\SMSender.E.183.dll/1003
IE: Poslat jako SMS - c:\program files\O2\SMSender\SMSender.E.183.dll/1001
IE: Poslat MMS na - c:\program files\O2\SMSender\SMSender.E.183.dll/1002
IE: Poslat SMS na - c:\program files\O2\SMSender\SMSender.E.183.dll/1000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\t9360ehl.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\O2\SMSender\SMSender.FF\components\ssff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 13:39
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\f:\programy\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-11-06 13:40:51
ComboFix-quarantined-files.txt 2010-11-06 12:40
ComboFix2.txt 2010-11-05 22:42
ComboFix3.txt 2010-10-11 09:55
ComboFix4.txt 2010-10-11 09:13
ComboFix5.txt 2010-11-06 12:06

Před spuštěním: Volných bajtů: 89 479 581 696
Po spuštění: Volných bajtů: 89 474 883 584

- - End Of File - - B651F7736B98869AADA0AA90B0A6AE98

[sapito]

Jelikož se mi rootkit nedaří najít, AVG anti-rootkit, Gmer - zkusil jsem ještě
MBR rootkit detector
Userland rootkit detector

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 14:47:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000035
"TracesSuccessful"=dword:00000021
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"RequireSignedAppInit_DLLs"=dword:00000001

scanning hidden files ...


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD10EADS-00L5B1 rev.01.01A01 -> \Device\Ide\IdeDeviceP2T0L0-e

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Rudy]

2 rootkity jste právě odstřelil ComboFixem, další nikde nevidím. Zkuste ještě sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.

[sapito]

Když to chci spoustit, tak mi to hlásí Trojan Backdoor, to asi není ok?
Při restartu jsem byl nucen zvolit Poslední funkční nastavení, neboť jinak PC nechtělo naběhnout.

[sapito]

Process:

System Idle Process
System
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\O2\SMSender\SMSender.OE.183.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Owner\LOCALS~1\temp\Rar$EX00.000\IceSword122en\IceSword.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
Mup.sys
avgrkx86.sys
AVGIDSEH.Sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\WINDOWS\system32\drivers\fdrawcmd.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
\??\C:\WINDOWS\system32\Drivers\DgiVecp.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
\SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll

[Rudy]

Lituji, ale ani zde nevidím nic, co by se podobalo rootkitu.

[sapito]

No tak to bude asi ok. Jen s tím Combofix je to zajímavé...

Dále, mám AVG Anti-rootkit, ale ten nezanamenal po celé naše dopisování vůbec nic, respektive ani celý AVG systém nic nezachitil. Mám se na něj tedy spoléhat? Momentálně využívám i AVG firewall, ovšem mám tu v záloze i COMODO, jaký je lepší?

S díky za pomoc Jiří Mrňávek

[sapito]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5061

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6.11.2010 18:32:21
mbam-log-2010-11-06 (18-32-21).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|)
Skenované objekty: 301551
Uplynulý čas: 38 minuta(y), 6 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{8798C517-6EBC-479C-9B4F-0B9DD9A4732D}\RP3\A0006411.exe (Trojan.Agent) -> Quarantined and deleted successfully.