VIRY.CZ

Ahoj, mám netbook Acer Aspire One (Atom 1,6 GHz, 1GB RAM, 120GB HDD) a mám Windows XP Home SP3. Mám všechny aktualizace (kromě MSIE

) ale zničehonic se mě ten systém začal šíleně sekat. Správce úloh ukazuje téměř nonstop velký vytížení procesoru, ale podle výpisu těch aplikací to většinou nesouhlasí. Měl jsem tam McAfee, ten sem odinstaloval a zdálo se, že to pomohlo, ale bohužel to dělá furt. Teď mám Kasperskyho, proskenoval sem celej systém a nic. Nejdivnější je, že to začlo dělat zničeho nic, nebylo to po nainstalování nějakýho novýho programu nebo tak, prostě sem to jednou zapl a od té doby se seká. Od "úvodní znělky" všechno. Systémový zvuky, hudba, videa, dokonce i kurzor. V MSConfigu sem vypl pár blbostí Po spuštění a tak, ale stejně to nepomohlo.. Prosím někoho o radu, předem díky moc..

Tady je log z Ultimate Process Manager:

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ovìøení souborù Microsoftu: Ano
Whitelist: Ano
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerován: 13/12/2010 17:18:21
================================================================

SmallARK
================================================================
[R]NtAdjustPrivilegesToken -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtClose -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtConnectPort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateEvent -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateFile -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateMutant -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateNamedPipeFile -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreatePort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateSection -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateSemaphore -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtCreateWaitablePort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtDebugActiveProcess -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtDeleteKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtDeviceIoControlFile -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtDuplicateObject -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtEnumerateKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtEnumerateValueKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtFsControlFile -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtLoadDriver -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtLoadKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtLoadKey2 -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtMapViewOfSection -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtNotifyChangeKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenEvent -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenFile -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenMutant -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenSection -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenSemaphore -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtOpenThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtQueryKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtQueryMultipleValueKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtQuerySection -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtQueryValueKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtQueueApcThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtRenameKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtReplaceKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtReplyPort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtReplyWaitReceivePort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtRequestWaitReplyPort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtRestoreKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtResumeThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSaveKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSecureConnectPort -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSetContextThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSetInformationToken -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSetSecurityObject -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSetSystemInformation -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSuspendProcess -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSuspendThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtSystemDebugControl -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtTerminateProcess -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtTerminateThread -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtUnmapViewOfSection -> C:\WINDOWS\system32\drivers\klif.sys
[R]NtWriteVirtualMemory -> C:\WINDOWS\system32\drivers\klif.sys

MBR ROOTKIT DETECTED!

Bìžící procesy
================================================================

C:\WINDOWS\RTHDCPL.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\ERAGENT.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\DOCUME~1\ASPIRE\LOCALS~1\TEMP\RTKBTMNT.EXE
C:\PROGRAM FILES\GIGATRIBE\GIGATRIBE.EXE
C:\PROGRAM FILES\MIRANDA IM\MIRANDA32.EXE

Scanner
================================================================
[R] avp.exe
Spouští se po startu HKLM Run [AVP]

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[R] igfxtray.exe
Spouští se po startu HKLM Run [IgfxTray]

[R] hkcmd.exe
Spouští se po startu HKLM Run [HotKeysCmds]

[R] igfxpers.exe
Spouští se po startu HKLM Run [Persistence]

[?] RTHDCPL.exe
Spouští se po startu HKLM Run [RTHDCPL]

[?] eRAgent.exe
Spouští se po startu HKLM Run [eRecoveryService]
Soubor 7%

[?] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]

[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[?] RtkBtMnt.exe
Nemá okno
Soubor 7%

[R] avp.exe
Spouští se po startu HKLM Run [AVP]

[S] ctfmon.exe
Spouští se po startu HKCU Run [ctfmon.exe]

[R] Skype.exe
Spouští se po startu HKCU Run [Skype]
Podvržená cesta modulu: (00400000) C:\Program Files\Skype\Phone\Skype.exe

[R] wcescomm.exe
Ovìøený Microsoft: Ne
Spouští se po startu HKCU Run [H/PC Connection Agent]

[R] rapimgr.exe
Ovìøený Microsoft: Ne

[R] skypePM.exe
EntryPoint v sekci: CODE
|_ Celkový poèet sekcí: 8

[?] gigatribe.exe
Bez výrobce
Spouští se po startu Po spuštìní [GigaTribe.lnk]
Soubor 12%

[?] miranda32.exe
Bez výrobce
Soubor 12%

Po spuštìní
================================================================

HKCU Run
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

HKLM Run
|_ [X][LaunchApp] Alaunch (Soubor nenalezen)
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
|_ [?][SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
|_ [S][IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
|_ [?][MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
|_ [S][PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
|_ [S][PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
|_ [?][M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
|_ [?][WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
|_ [?][eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
|_ [?][{8b15971b-5355-4c82-8c07-7e181ea07608}] C:\WINDOWS\INF\fxsocm.inf ,Fax.Install.PerUser

HKLM Winlogon Notify
|_ [?][igfxcui] C:\WINDOWS\system32\igfxdev.dll

Po spuštìní
|_ [?][GigaTribe.lnk] C:\Program Files\GigaTribe\gigatribe.exe

HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
|_ [?][{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

HKLM IE Toolbar
|_ [X][{0BF43445-2F28-4351-9252-17FE6E806AA0}] (Soubor nenalezen)

Služby (Zobraz bìžící: True, Zobraz zastavené: False, Zobraz i bezpeèné služby: False)
================================================================
[X] Kaspersky Anti-Virus Service
|_ Cesta: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -r
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: AVP
|_ StartName: LocalSystem
|_ Typ spouštìní: Auto Start
|_ Status: Spuštìno
|_ Typ: Win32 Own Process
|_ Dependency:

Ovladaèe (Zobraz bìžící: True, Zobraz zastavené: False, Zobraz i bezpeèné služby: False)
================================================================
[?] abp480n5
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
| |_ Výrobce: Microsoft Corporation
| |_ Popis: AdvanSys SCSI Controller Driver
| |_ MD5: 6ABB91494FE6C59089B9336452AB2EA3
|
|_ Jméno: abp480n5
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] adpu160m
|_ Cesta: C:\WINDOWS\system32\DRIVERS\adpu160m.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Adaptec Ultra160 SCSI miniport
| |_ MD5: 9A11864873DA202C996558B2106B0BBC
|
|_ Jméno: adpu160m
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Aha154x
|_ Cesta: C:\WINDOWS\system32\DRIVERS\aha154x.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Adaptec AHA-154x series SCSI miniport
| |_ MD5: C23EA9B5F46C7F7910DB3EAB648FF013
|
|_ Jméno: Aha154x
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] aic78u2
|_ Cesta: C:\WINDOWS\system32\DRIVERS\aic78u2.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Adaptec Ultra2 SCSI miniport
| |_ MD5: 19DD0FB48B0C18892F70E2E7D61A1529
|
|_ Jméno: aic78u2
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] aic78xx
|_ Cesta: C:\WINDOWS\system32\DRIVERS\aic78xx.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Adaptec Ultra SCSI miniport
| |_ MD5: B7FE594A7468AA0132DEB03FB8E34326
|
|_ Jméno: aic78xx
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] AMD AGP Bus Filter Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\amdagp.sys
| |_ Výrobce: Advanced Micro Devices, Inc.
| |_ Popis: AMD Win2000 AGP Filter
| |_ MD5: 95B4FB835E28AA1336CEEB07FD5B9398
|
|_ Jméno: amdagp
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Atheros AR5008 Wireless Network Adapter Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\athw.sys
| |_ Výrobce: Atheros Communications, Inc.
| |_ Popis: Driver for Atheros Wireless Network Adapter
| |_ MD5: DDE307D6C228960DF411B55765A4AF90
|
|_ Jméno: AR5416
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] asc
|_ Cesta: C:\WINDOWS\system32\DRIVERS\asc.sys
| |_ Výrobce: Advanced System Products, Inc.
| |_ Popis: AdvanSys SCSI Controller Driver
| |_ MD5: 62D318E9A0C8FC9B780008E724283707
|
|_ Jméno: asc
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] asc3350p
|_ Cesta: C:\WINDOWS\system32\DRIVERS\asc3350p.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: AdvanSys SCSI Card Driver
| |_ MD5: 69EB0CC7714B32896CCBFD5EDCBEA447
|
|_ Jméno: asc3350p
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] asc3550
|_ Cesta: C:\WINDOWS\system32\DRIVERS\asc3550.sys
| |_ Výrobce: Advanced System Products, Inc.
| |_ Popis: AdvanSys Ultra-Wide PCI SCSI Driver
| |_ MD5: 5D8DE112AA0254B907861E9E9C31D597
|
|_ Jméno: asc3550
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] cd20xrnt
|_ Cesta: C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: IBM Portable CD-ROM Drive Miniport
| |_ MD5: F3EC03299634490E97BBCE94CD2954C7
|
|_ Jméno: cd20xrnt
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] CmdIde
|_ Cesta: C:\WINDOWS\system32\DRIVERS\cmdide.sys
| |_ Výrobce: CMD Technology, Inc.
| |_ Popis: CMD PCI IDE Bus Driver
| |_ MD5: E5DCB56C533014ECBC556A8357C929D5
|
|_ Jméno: CmdIde
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] dac2w2k
|_ Cesta: C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
| |_ Výrobce: Mylex Corporation
| |_ Popis: Mylex Disk Array Controller Driver
| |_ MD5: E550E7418984B65A78299D248F0A7F36
|
|_ Jméno: dac2w2k
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Dritek Keyboard Filter Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
| |_ Výrobce: Dritek System Inc.
| |_ Popis: Dritek PS2 Keyboard Filter Driver
| |_ MD5: 08D30AF92C270F2E76787C81589DBAD6
|
|_ Jméno: DKbFltr
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] dpti2o
|_ Cesta: C:\WINDOWS\system32\DRIVERS\dpti2o.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: DPT SmartRAID miniport
| |_ MD5: 40F3B93B4E5B0126F2F5C0A7A5E22660
|
|_ Jméno: dpti2o
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ialm
|_ Cesta: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel Graphics Miniport Driver
| |_ MD5: 48846B31BE5A4FA662CCFDE7A1BA86B9
|
|_ Jméno: ialm
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ini910u
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ini910u.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: INITIO ini910u SCSI miniport
| |_ MD5: 4A40E045FAEE58631FD8D91AFC620719
|
|_ Jméno: ini910u
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] int15.sys
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\int15.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 4D8D5B1C895EA0F2A721B98A7CE198F1
|
|_ Jméno: int15.sys
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: 19AFBB8427CE65042599555E578170DF
|
|_ Jméno: IntcAzAudAddService
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Acer Crystal Eye webcam Driver
|_ Cesta: C:\WINDOWS\System32\Drivers\M3000KNT.sys
| |_ Výrobce:
| |_ Popis: Universal Serial Bus Camera Driver
| |_ MD5: 8DA3AC548C6EF91B284DCFF1A84BE3DB
|
|_ Jméno: M3000Srv
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] mraid35x
|_ Cesta: C:\WINDOWS\system32\DRIVERS\mraid35x.sys
| |_ Výrobce: American Megatrends Inc.
| |_ Popis: MegaRAID RAID Controller Driver for Windows Whistler 32
| |_ MD5: 3F4BB95E5A44F3BE34824E8E7CAF0737
|
|_ Jméno: mraid35x
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ql1080
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ql1080.sys
| |_ Výrobce: QLogic Corporation
| |_ Popis: Miniport Driver for QLogic ISP PCI Adapters
| |_ MD5: 0A63FB54039EB5662433CABA3B26DBA7
|
|_ Jméno: ql1080
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Ql10wnt
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Miniport Driver for QLogic ISP PCI Adapters
| |_ MD5: 6503449E1D43A0FF0201AD5CB1B8C706
|
|_ Jméno: Ql10wnt
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ql12160
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ql12160.sys
| |_ Výrobce: QLogic Corporation
| |_ Popis: Miniport Driver for QLogic ISP PCI Adapters
| |_ MD5: 156ED0EF20C15114CA097A34A30D8A01
|
|_ Jméno: ql12160
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ql1280
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ql1280.sys
| |_ Výrobce: QLogic Corporation
| |_ Popis: Miniport Driver for QLogic ISP PCI Adapters
| |_ MD5: 907F0AEEA6BC451011611E732BD31FCF
|
|_ Jméno: ql1280
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Sparrow
|_ Cesta: C:\WINDOWS\system32\DRIVERS\sparrow.sys
| |_ Výrobce: Adaptec, Inc.
| |_ Popis: Adaptec AIC-6x60 series SCSI miniport
| |_ MD5: 83C0F71F86D3BDAF915685F3D568B20E
|
|_ Jméno: Sparrow
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] symc810
|_ Cesta: C:\WINDOWS\system32\DRIVERS\symc810.sys
| |_ Výrobce: Symbios Logic Inc.
| |_ Popis: Symbios Logic Inc. SCSI Miniport Driver
| |_ MD5: 1FF3217614018630D0A6758630FC698C
|
|_ Jméno: symc810
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] symc8xx
|_ Cesta: C:\WINDOWS\system32\DRIVERS\symc8xx.sys
| |_ Výrobce: LSI Logic
| |_ Popis: Symbios 8XX SCSI Miniport Driver
| |_ MD5: 070E001D95CF725186EF8B20335F933C
|
|_ Jméno: symc8xx
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] sym_hi
|_ Cesta: C:\WINDOWS\system32\DRIVERS\sym_hi.sys
| |_ Výrobce: LSI Logic
| |_ Popis: Symbios Hi-Perf SCSI Miniport Driver
| |_ MD5: 80AC1C4ABBE2DF3B738BF15517A51F2C
|
|_ Jméno: sym_hi
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Synaptics TouchPad Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\SynTP.sys
| |_ Výrobce: Synaptics, Inc.
| |_ Popis: Synaptics Touchpad Driver
| |_ MD5: 409F7EEB079D6154CCB26A02E6E27844
|
|_ Jméno: SynTP
|_ StartName:
|_ Typ spouštìní: Ruèní spuštìní
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] TosIde
|_ Cesta: C:\WINDOWS\system32\DRIVERS\toside.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Toshiba PCI IDE Controller
| |_ MD5: F2790F6AF01321B172AA62F8E1E187D9
|
|_ Jméno: TosIde
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

[?] ultra
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ultra.sys
| |_ Výrobce: Promise Technology, Inc.
| |_ Popis: Promise Ultra66 Miniport Driver
| |_ MD5: 1B698A51CD528D8DA4FFAED66DFC51B9
|
|_ Jméno: ultra
|_ StartName:
|_ Typ spouštìní: Boot Start
|_ Status: Spuštìno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (2940) Skype.exe 0.0.0.0:80 LISTENING
TCP (1496) svchost.exe 0.0.0.0:135 LISTENING
TCP (2940) Skype.exe 0.0.0.0:443 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (3880) rapimgr.exe 0.0.0.0:990 LISTENING
TCP (224) avp.exe 0.0.0.0:1110 LISTENING
TCP (504) miranda32.exe 0.0.0.0:2692 LISTENING
TCP (3592) gigatribe.exe 0.0.0.0:3728 LISTENING
TCP (2940) Skype.exe 0.0.0.0:39165 LISTENING
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:1842 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:2655 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:2659 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:2661 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:2695 ESTABLISHED
TCP (0) 127.0.0.1:1110 TIME_WAIT
TCP (224) avp.exe 127.0.0.1:1110 FIN_WAIT2
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4189 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4191 ESTABLISHED
TCP (0) 127.0.0.1:1110 TIME_WAIT
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4205 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4211 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4213 ESTABLISHED
TCP (224) avp.exe 127.0.0.1:1110 <-> 127.0.0.1:4215 ESTABLISHED
TCP (3592) gigatribe.exe 127.0.0.1:1842 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:2655 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:2659 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:2661 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:2695 <-> 127.0.0.1:1110 ESTABLISHED
TCP (0) 127.0.0.1:4164 TIME_WAIT
TCP (0) 127.0.0.1:4167 TIME_WAIT
TCP (0) 127.0.0.1:4169 TIME_WAIT
TCP (0) 127.0.0.1:4173 TIME_WAIT
TCP (0) 127.0.0.1:4182 TIME_WAIT
TCP (0) 127.0.0.1:4184 TIME_WAIT
TCP (504) miranda32.exe 127.0.0.1:4186 CLOSE_WAIT
TCP (3176) opera.exe 127.0.0.1:4189 <-> 127.0.0.1:1110 ESTABLISHED
TCP (3176) opera.exe 127.0.0.1:4191 <-> 127.0.0.1:1110 ESTABLISHED
TCP (0) 127.0.0.1:4193 TIME_WAIT
TCP (0) 127.0.0.1:4195 TIME_WAIT
TCP (0) 127.0.0.1:4201 TIME_WAIT
TCP (0) 127.0.0.1:4203 TIME_WAIT
TCP (504) miranda32.exe 127.0.0.1:4205 <-> 127.0.0.1:1110 ESTABLISHED
TCP (0) 127.0.0.1:4209 TIME_WAIT
TCP (504) miranda32.exe 127.0.0.1:4211 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:4213 <-> 127.0.0.1:1110 ESTABLISHED
TCP (504) miranda32.exe 127.0.0.1:4215 <-> 127.0.0.1:1110 ESTABLISHED
TCP (3736) wcescomm.exe 127.0.0.1:5679 LISTENING
TCP (3736) wcescomm.exe 127.0.0.1:7438 LISTENING
TCP (4) Systém 192.168.1.102:139 LISTENING
TCP (224) avp.exe 192.168.1.102:1843 <-> 91.121.15.35:80 ESTABLISHED
TCP (3592) gigatribe.exe 192.168.1.102:1847 <-> 90.22.70.99:3728 ESTABLISHED
TCP (3592) gigatribe.exe 192.168.1.102:1848 <-> 114.74.154.203:3728 ESTABLISHED
TCP (2940) Skype.exe 192.168.1.102:2098 <-> 92.8.237.110:30615 ESTABLISHED
TCP (2940) Skype.exe 192.168.1.102:2179 <-> 213.146.188.12:12350 ESTABLISHED
TCP (3592) gigatribe.exe 192.168.1.102:2318 <-> 77.198.116.248:3728 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:2656 <-> 88.86.102.50:5222 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:2660 <-> 64.4.44.43:1863 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:2662 <-> 207.46.125.41:1863 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:2696 <-> 64.12.25.237:5190 ESTABLISHED
TCP (3592) gigatribe.exe 192.168.1.102:3229 <-> 82.249.228.71:3728 ESTABLISHED
TCP (0) 192.168.1.102:4165 TIME_WAIT
TCP (0) 192.168.1.102:4168 TIME_WAIT
TCP (0) 192.168.1.102:4170 TIME_WAIT
TCP (0) 192.168.1.102:4172 TIME_WAIT
TCP (0) 192.168.1.102:4174 TIME_WAIT
TCP (0) 192.168.1.102:4181 TIME_WAIT
TCP (0) 192.168.1.102:4183 TIME_WAIT
TCP (0) 192.168.1.102:4185 TIME_WAIT
TCP (224) avp.exe 192.168.1.102:4187 CLOSE_WAIT
TCP (224) avp.exe 192.168.1.102:4190 <-> 192.168.1.105:2869 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:4192 <-> 192.168.1.100:2869 ESTABLISHED
TCP (0) 192.168.1.102:4194 TIME_WAIT
TCP (0) 192.168.1.102:4196 TIME_WAIT
TCP (3592) gigatribe.exe 192.168.1.102:4198 SYN_SENT
TCP (0) 192.168.1.102:4202 TIME_WAIT
TCP (0) 192.168.1.102:4204 TIME_WAIT
TCP (224) avp.exe 192.168.1.102:4206 <-> 66.220.145.35:80 ESTABLISHED
TCP (3592) gigatribe.exe 192.168.1.102:4208 SYN_SENT
TCP (0) 192.168.1.102:4210 TIME_WAIT
TCP (224) avp.exe 192.168.1.102:4212 <-> 66.220.153.25:80 ESTABLISHED
TCP (224) avp.exe 192.168.1.102:4214 <-> 66.220.153.25:80 ESTABLISHED
UDP (2940) Skype.exe 0.0.0.0:443 <-> 66.220.158.25:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445
UDP (1220) lsass.exe 0.0.0.0:500
UDP (224) avp.exe 0.0.0.0:4090
UDP (1220) lsass.exe 0.0.0.0:4500
UDP (2940) Skype.exe 0.0.0.0:39165
UDP (1552) svchost.exe 127.0.0.1:123
UDP (2940) Skype.exe 127.0.0.1:1053
UDP (2940) Skype.exe 127.0.0.1:1098
UDP (1760) svchost.exe 127.0.0.1:1900
UDP (1552) svchost.exe 192.168.1.102:123
UDP (4) Systém 192.168.1.102:137
UDP (4) Systém 192.168.1.102:138
UDP (3176) opera.exe 192.168.1.102:1170
UDP (1760) svchost.exe 192.168.1.102:1900
UDP (3176) opera.exe 192.168.1.102:1900

Moduly (Zobraz i bezpeèné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] pdm.kdl.1bd33ed9403c75ff4568442422fbd9ce
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\pdm.kdl.1bd33ed9403c75ff4568442422fbd9ce
|_ MD5: 1BD33ED9403C75FF4568442422FBD9CE
|_ Výrobce: Kaspersky Lab
|_ Procesy
|_ avp.exe (224)

[?] vlns.kdl.002d59a92d55ccbddcca8fba8ea8340d
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\vlns.kdl.002d59a92d55ccbddcca8fba8ea8340d
|_ MD5: 002D59A92D55CCBDDCCA8FBA8EA8340D
|_ Výrobce: Kaspersky Lab
|_ Procesy
|_ avp.exe (224)

[!] mark.kdl.c2989f944586a5bc6449f33e1bc27c85
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\mark.kdl.c2989f944586a5bc6449f33e1bc27c85
|_ MD5: C2989F944586A5BC6449F33E1BC27C85
|_ Výrobce: Kaspersky Lab ZAO
|_ Procesy
|_ avp.exe (224)

[!] klavemu.kdl.cc98e87a0ffba1b472f0044aaf26cf68
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\klavemu.kdl.cc98e87a0ffba1b472f0044aaf26cf68
|_ MD5: CC98E87A0FFBA1B472F0044AAF26CF68
|_ Výrobce: Kaspersky Lab ZAO
|_ Procesy
|_ avp.exe (224)

[!] kjim.kdl.1623f7ed626723af0bec66199f1490fa
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\kjim.kdl.1623f7ed626723af0bec66199f1490fa
|_ MD5: 1623F7ED626723AF0BEC66199F1490FA
|_ Výrobce: Kaspersky Lab ZAO
|_ Procesy
|_ avp.exe (224)

[!] kavsys.kdl.fb4631d4b2031bae535a0ba87415b214
|_ Cesta: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\Cache\kavsys.kdl.fb4631d4b2031bae535a0ba87415b214
|_ MD5: FB4631D4B2031BAE535A0BA87415B214
|_ Výrobce: Kaspersky Lab ZAO
|_ Procesy
|_ avp.exe (224)

[?] mkzlib.dll
|_ Cesta: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
|_ MD5: FFD03D703B8173461EBC75C3A574D46C
|_ Výrobce:
|_ Procesy
|_ explorer.exe (892)

[?] mkunicode.dll
|_ Cesta: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
|_ MD5: 80C4CCC7038DEA1F627CBD3F9893E0A1
|_ Výrobce:
|_ Procesy
|_ explorer.exe (892)

[?] splitter.ax
|_ Cesta: C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax
|_ MD5: 3B533A961F296FF6128C2FB727CDC8B1
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (892)

[?] mkx.dll
|_ Cesta: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkx.dll
|_ MD5: C806A99A9A42A5F95A6F29D18EC9190E
|_ Výrobce:
|_ Procesy
|_ explorer.exe (892)

[?] mp4.dll
|_ Cesta: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mp4.dll
|_ MD5: 2718BA2BDCF51BD4B3D3344817591607
|_ Výrobce:
|_ Procesy
|_ explorer.exe (892)

[?] ffdshow.ax
|_ Cesta: C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
|_ MD5: 2DEF39AB840A2ADB637C6CB258FC62D7
|_ Výrobce: ?
|_ Procesy
|_ explorer.exe (892)

[?] pdfshell.dll
|_ Cesta: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
|_ MD5: 69C15016E0894A627F191C7DA0047DFA
|_ Výrobce: Adobe Systems, Inc.
|_ Procesy
|_ explorer.exe (892)

[?] imagefile.dll
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\imagefile.dll
|_ MD5: 1EE99ABDCFD51F0B72C8CC57EDC99B46
|_ Výrobce: Copyright (C) 2005
|_ Procesy
|_ eRAgent.exe (964)

[?] it41.dll
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\it41.dll
|_ MD5: 483FE6D804DF407A1B9E12ACEC79AD2C
|_ Výrobce: ?
|_ Procesy
|_ eRAgent.exe (964)

[?] rlvirdev.ocx
|_ Cesta: C:\WINDOWS\system32\RLVirDev.ocx
|_ MD5: 0ED13E76B5D53DF61626BCA9C7E7E242
|_ Výrobce: reallusion
|_ Procesy
|_ Skype.exe (2940)

[?] unrar.dll
|_ Cesta: C:\Program Files\GigaTribe\unrar.dll
|_ MD5: 0087F6F680BEFDA997B357BD55BE991C
|_ Výrobce: ?
|_ Procesy
|_ gigatribe.exe (3592)

[?] qgif4.dll
|_ Cesta: C:\Program Files\GigaTribe\imageformats\qgif4.dll
|_ MD5: 9DE5CDDDF5EFC5587DDA1D4B2C70498E
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qico4.dll
|_ Cesta: C:\Program Files\GigaTribe\imageformats\qico4.dll
|_ MD5: 23523CC8B7271412D287310F7AA57242
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qjpeg4.dll
|_ Cesta: C:\Program Files\GigaTribe\imageformats\qjpeg4.dll
|_ MD5: A6F9400097142649806F5BFBE05A69B6
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qmng4.dll
|_ Cesta: C:\Program Files\GigaTribe\imageformats\qmng4.dll
|_ MD5: 5A3333544097EF6882E2ECE10C441FC0
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtiff4.dll
|_ Cesta: C:\Program Files\GigaTribe\imageformats\qtiff4.dll
|_ MD5: E96915ABFBEE80333301E3279C4D7610
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtwebkit4.dll
|_ Cesta: C:\Program Files\GigaTribe\qtwebkit4.dll
|_ MD5: 3F3BFD320295E0C1B7B2BD0A1E504FD0
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtxml4.dll
|_ Cesta: C:\Program Files\GigaTribe\qtxml4.dll
|_ MD5: 06E74EEA59D0AD6EF74F8C11E7F64D6F
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtnetwork4.dll
|_ Cesta: C:\Program Files\GigaTribe\qtnetwork4.dll
|_ MD5: F3701EEE801C2EE7CFC4DC4743ABAA2D
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtgui4.dll
|_ Cesta: C:\Program Files\GigaTribe\qtgui4.dll
|_ MD5: 14EB5FDBD22D406F606030F2446F100A
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] qtcore4.dll
|_ Cesta: C:\Program Files\GigaTribe\qtcore4.dll
|_ MD5: 0AE0FECB1A4C41A5EE1F978FFB523E23
|_ Výrobce:
|_ Procesy
|_ gigatribe.exe (3592)

[?] aim.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\Aim.dll
|_ MD5: C551D7912B4CDB3EE373C6DDB8C355EE
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] avs.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\avs.dll
|_ MD5: 1BE8B749226DB8E6900F148F10150BBA
|_ Výrobce: Written by Nightwish and Pescuma for Miranda IM project
|_ Procesy
|_ miranda32.exe (504)

[?] facebook.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\facebook.dll
|_ MD5: F995AEAE7F039FF9BA31CAF69079248D
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] fingerprint.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\fingerprint.dll
|_ MD5: 4CF1D61DDCFD291DDD516169D3FDF038
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] irc.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\IRC.dll
|_ MD5: BFB107FF57D2AEA855794BAE070EC537
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] megahal.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\MegaHAL.dll
|_ MD5: E584C1F903A0D2AC5FFB3838D1251215
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] messagenotify.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\MessageNotify.dll
|_ MD5: 8AA3FDA1D63E2490194AE86911C56F45
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[X] pngimg.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\PNGImg.dll
|_ MD5: 40515FDC41523ABEC45D6EBB9FFDA983
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] newxstatusnotify.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\newxstatusnotify.dll
|_ MD5: 677CE5383F531EEA6C4AA9313CC44B31
|_ Výrobce: yaho
|_ Procesy
|_ miranda32.exe (504)

[?] smileyaddw.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\smileyaddw.dll
|_ MD5: 999FF9CF503ABB7E9EFBB6191BA4A024
|_ Výrobce: Boris Krasnovskiy
|_ Procesy
|_ miranda32.exe (504)

[?] spamotron.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\spamotron.dll
|_ MD5: A90E65BB0C6C635EFC052B4E89BCCAB5
|_ Výrobce: vu1tur.eu.org
|_ Procesy
|_ miranda32.exe (504)

[?] typingnotify.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\TypingNotify.dll
|_ MD5: E60FF33B40B2597FCCB72871BB2F7446
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[!] historypp.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\historypp.dll
|_ MD5: 41CF4C93B02C6533AA6CA178BBE164AC
|_ Výrobce: Miranda Open Source Project
|_ Procesy
|_ miranda32.exe (504)

[?] zlib.dll
|_ Cesta: C:\Program Files\Miranda IM\zlib.dll
|_ MD5: 3C24D97A7360C6ABBF727CAD075879A2
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] statuschange.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\StatusChange.dll
|_ MD5: E3410A1D9C48871F20E90302F6B09B84
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[X] mtooltip.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\mToolTip.dll
|_ MD5: 0319D84A9F3409B6A6F6AE2F009F3235
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] advaimg.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\advaimg.dll
|_ MD5: D43A59B4E42E847F02CB627902D8C2AF
|_ Výrobce: Miranda IM and FreeImage
|_ Procesy
|_ miranda32.exe (504)

[?] chat.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\chat.dll
|_ MD5: FB5D3A97D04870576C26A357CE931FE1
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] clist_modern.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\clist_modern.dll
|_ MD5: F2966E517D8FF081C3E0F66104830031
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] dbx_mmap.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\dbx_mmap.dll
|_ MD5: 3FC20B36B051125F30E75591B45308F2
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] icq.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\ICQ.dll
|_ MD5: 0A60C5B13D1BC482702254B107AEF70D
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] import.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\import.dll
|_ MD5: 047A792D70D952F36F4099006D4BB794
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] gg.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\GG.dll
|_ MD5: D4D18BC013AC6E06BBB810CC6FCECFFC
|_ Výrobce: Bartosz Bia³ek, Adam Strzelecki
|_ Procesy
|_ miranda32.exe (504)

[?] jabber.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\jabber.dll
|_ MD5: 23E1FFF480A73884D6C539B1D23A9EB5
|_ Výrobce: Miranda
|_ Procesy
|_ miranda32.exe (504)

[?] msn.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\msn.dll
|_ MD5: 7F3671A20D407B152B49B22775046C62
|_ Výrobce: Boris Krasnovskiy, George Hazan, Richard Hughes
|_ Procesy
|_ miranda32.exe (504)

[?] scriver.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\scriver.dll
|_ MD5: B713AB32B3AFDE6948AA5AB2A5979832
|_ Výrobce: Miranda IM Development Team
|_ Procesy
|_ miranda32.exe (504)

[?] yahoo.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\Yahoo.dll
|_ MD5: 3215F54490A535B8ECC607206F8A8B0F
|_ Výrobce: Gennady Feldman
|_ Procesy
|_ miranda32.exe (504)

[?] metacontacts.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\MetaContacts.dll
|_ MD5: CA6AE0F35B928AC4DEC36FFAC1BB8A2B
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] mtextcontrolw.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\mtextcontrolW.dll
|_ MD5: EE01CD12C8C8B19DD2C291337902FFF9
|_ Výrobce: Miranda IM
|_ Procesy
|_ miranda32.exe (504)

[?] historystats.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\historystats.dll
|_ MD5: ED271CBC8C8822C589CACDA12426FF88
|_ Výrobce:
|_ Procesy
|_ miranda32.exe (504)

[?] whenwasit.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\WhenWasIt.dll
|_ MD5: CDA80D8D4E14A2A5492E08437326FE1D
|_ Výrobce: ?
|_ Procesy
|_ miranda32.exe (504)

[?] xstatusnotify.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\XStatusNotify.dll
|_ MD5: B3F9CC93C0EDB3F22D8142511DB70FEE
|_ Výrobce: Deathdemon
|_ Procesy
|_ miranda32.exe (504)

[?] popupw.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\PopUpW.dll
|_ MD5: 40D1D88F040EE121E6D3D68A63D264B6
|_ Výrobce: MPK
|_ Procesy
|_ miranda32.exe (504)

[?] ieview.dll
|_ Cesta: C:\Program Files\Miranda IM\Plugins\ieview.dll
|_ MD5: 9B147DD58939F838CED37F8520D70FB5
|_ Výrobce: http://developer.berlios.de/projects/mgoodies
|_ Procesy
|_ miranda32.exe (504)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

tady je:

ComboFix 10-12-13.02 - Aspire 13/12/2010 22:00:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.475 [GMT 0:00]
Running from: c:\documents and settings\Aspire\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-13 17:17 . 2010-12-13 17:18 -------- d-----w- c:\program files\Ultimate Process Manager
2010-12-13 01:56 . 2010-12-13 02:16 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-13 01:56 . 2010-12-13 02:16 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-13 01:51 . 2010-12-13 01:51 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-13 01:51 . 2010-12-13 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-12-13 01:43 . 2010-12-13 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-12-07 12:52 . 2010-12-07 12:52 -------- d-----w- C:\?ez
2010-12-06 16:11 . 2010-12-07 12:49 -------- d-----w- c:\documents and settings\Aspire\Application Data\GHISLER
2010-12-06 16:11 . 2010-12-07 12:48 -------- d-----w- C:\totalcmd
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\UC.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\RAR.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\PKZIP.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\LHA.PIF
2010-12-06 16:11 . 2010-11-29 07:56 545 ----a-w- c:\windows\ARJ.PIF
2010-12-01 21:35 . 2010-12-01 21:35 -------- d-----w- c:\documents and settings\Aspire\Application Data\BOXEE
2010-12-01 21:34 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-12-01 21:31 . 2010-12-01 21:33 -------- d-----w- c:\program files\Boxee
2010-11-29 18:48 . 2010-11-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-11-29 18:46 . 2010-12-07 16:57 -------- d-----w- c:\documents and settings\Aspire\Local Settings\Application Data\Last.fm
2010-11-29 18:46 . 2010-11-29 18:46 -------- d-----w- c:\program files\Last.fm
2010-11-29 15:29 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-11-29 15:29 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-11-29 15:29 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-11-29 15:28 . 2010-11-29 15:28 -------- d-----w- c:\windows\Logs
2010-11-29 15:28 . 2010-11-29 15:34 -------- d-----w- c:\program files\Winamp Detect
2010-11-29 15:28 . 2005-01-28 13:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2010-11-29 15:28 . 2005-01-28 13:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2010-11-29 14:08 . 2010-11-29 14:08 -------- d-----w- C:\TVicPortPersonal
2010-11-28 21:00 . 2010-11-28 22:40 -------- d-----w- c:\documents and settings\Aspire\.android
2010-11-23 17:01 . 2010-11-23 17:01 -------- d-----w- c:\documents and settings\Aspire\Application Data\InterVideo
2010-11-16 21:52 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-16 21:52 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-16 21:35 . 2008-04-15 03:00 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2010-11-16 21:35 . 2008-04-15 03:00 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2010-11-16 21:35 . 2008-04-15 03:00 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2010-11-16 21:35 . 2008-04-15 03:00 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2010-11-16 21:22 . 2010-11-25 20:41 -------- d-----w- c:\program files\Microsoft ActiveSync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 17:21 . 2010-11-08 17:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 17:21 . 2010-11-08 17:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-09 20:25 . 2008-07-08 18:17 125 ----a-w- c:\windows\xUninstall.bat
2010-10-09 20:12 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat
2010-10-09 20:12 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat
2010-09-18 11:23 . 2008-04-15 03:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-15 03:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-15 03:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-15 03:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-12-13 352976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Aspire\Start Menu\Programs\Startup\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2010-10-25 4425728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-05-14 03:14 821768 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 07:01 254976]
S3 esihdrv;esihdrv;\??\c:\docume~1\Aspire\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Aspire\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://en.uk.acer.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 22:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\docume~1\Aspire\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-13 22:29:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-13 22:29

Pre-Run: 13,416,837,120 bytes free
Post-Run: 13,647,532,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C45FE393B01853D1E17DB24B04A3825E

V systému skutečně není vidět nic nebezpečného. Na zkoušku vypněte aut. aktualizace.

Sorry za pozdní odpověď. Nakonec mě to přestalo bavit a přeinstaloval sem to a je klid.. Přesto díky za radu

Nemáte zač!

VIRY.CZ

Kompletně zasekaný

Kompletně zasekaný

Re: Kompletně zasekaný

Re: Kompletně zasekaný

Re: Kompletně zasekaný

Re: Kompletně zasekaný

Re: Kompletně zasekaný