Prosim o kontrolu logu

Zpráva

Pan.Klobouk · #1 Příspěvek od **Pan.Klobouk** » 24 led 2011 19:02

Prosim o kontrolu logu, inet je zpomaleny, IE pry casto pada, stejne jako GOM a nektere dalsi programy. Sedim u toho chvili, ale musim jen potvrdit... NOD navic zacina vyhazovat infiltrace nejakym trojanem.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Deadmarsh at 2011-01-24 16:04:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (6%) free of 38 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:28, on 24.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\system32\UAService7.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\Deadmarsh\Data aplikací\dwm.exe
C:\DOCUME~1\DEADMA~1\LOCALS~1\Temp\csrss.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\Total Commander XP\TOTALCMD.EXE
D:\RSIT - HiJackThis.exe
C:\Program Files\trend micro\Deadmarsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aktualne.cz/?ms=ae
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aktualne.cz/?ms=ae
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Windows Internet Explorer: Aktuálně.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:63939
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=C:\DOCUME~1\DEADMA~1\LOCALS~1\Temp\csrss.exe
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,rr64_b.exe
O1 - Hosts: entry DnsMap
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\GOZILLA\GoIEHlp.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "C:\PROGRA~1\GOZILLA\Go.exe" /FIXRAS
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avp] C:\windows\avp.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\windows\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [timeNoticeSL001] c:\sysiqqa.exe net
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartUp] C:\windows\trayicons.exe /optimize speed
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Slovníky - {07E4407F-F95E-45FB-B609-070BFC4BFE98} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {2D94F908-2038-4003-828B-80E8BD73DDB6} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {82F38E73-F1E9-45C1-997C-414B4696EE75} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {8501AB34-3C75-483E-BE08-15312C2865A5} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {952A92C3-EE0D-4E22-9D88-2B5C21622FB3} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Stahuj.cz - {9AEA18AD-CF3A-47B2-B63F-DAD15562E13A} - http://www.stahuj.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {9D7ED7B6-6415-4BE6-ACB0-F6D98D635B9F} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {C911096F-4B11-4A28-8068-F877193E75C4} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {E5BEC468-1FF3-4AD5-8659-818D15E8E26B} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Centrum.cz - {EFEC77F3-818A-4B7F-B841-57887117121C} - http://www.centrum.cz (file missing) (HKCU)
O16 - DPF: JSyn Audio - http://www.softsynth.com/jsyn/plugins/a ... ynv142.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - http://fifa-online.easports.com/fo3-the ... uncher.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} (WirelessContactHandler Class) - http://xtraz.icq.com/xtraz/products/wir ... ontact.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - Unknown owner - C:\windows\system32\libusbd-nt.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Security Service (PRLT) - Unknown owner - C:\windows\system32\svcd\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\windows\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\windows\system32\UAService7.exe

--
End of file - 14126 bytes

======Scheduled tasks folder======

C:\windows\tasks\At1.job
C:\windows\tasks\At2.job
C:\windows\tasks\At3.job
C:\windows\tasks\At4.job
C:\windows\tasks\At5.job
C:\windows\tasks\At6.job
C:\windows\tasks\At7.job
C:\windows\tasks\At8.job
C:\windows\tasks\At9.job
C:\windows\tasks\At10.job
C:\windows\tasks\At11.job
C:\windows\tasks\At12.job
C:\windows\tasks\At13.job
C:\windows\tasks\At14.job
C:\windows\tasks\At15.job
C:\windows\tasks\At16.job
C:\windows\tasks\At17.job
C:\windows\tasks\At18.job
C:\windows\tasks\At19.job
C:\windows\tasks\At20.job
C:\windows\tasks\At21.job
C:\windows\tasks\At22.job
C:\windows\tasks\At23.job
C:\windows\tasks\At24.job
C:\windows\tasks\At25.job
C:\windows\tasks\At26.job
C:\windows\tasks\At27.job
C:\windows\tasks\At28.job
C:\windows\tasks\At29.job
C:\windows\tasks\At30.job
C:\windows\tasks\At31.job
C:\windows\tasks\At32.job
C:\windows\tasks\At33.job
C:\windows\tasks\At34.job
C:\windows\tasks\At35.job
C:\windows\tasks\At36.job
C:\windows\tasks\At37.job
C:\windows\tasks\At38.job
C:\windows\tasks\At39.job
C:\windows\tasks\At40.job
C:\windows\tasks\At41.job
C:\windows\tasks\At42.job
C:\windows\tasks\At43.job
C:\windows\tasks\At44.job
C:\windows\tasks\At45.job
C:\windows\tasks\At46.job
C:\windows\tasks\At47.job
C:\windows\tasks\At48.job
C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}]
IEHlprObj Class - C:\PROGRA~1\GOZILLA\GoIEHlp.dll [2000-11-29 159744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-04-03 839680]
"Go!Zilla dial-up fix"=C:\PROGRA~1\GOZILLA\Go.exe [2000-12-13 1908736]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-05-16 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-05-16 86960]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"Logitech Utility"=C:\windows\Logi_MwX.Exe [2003-12-11 20992]
"avp"=C:\windows\avp.exe []
"wcmdmgr"=C:\windows\wt\updater\wcmdmgrl.exe [2003-09-23 20480]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2006-04-12 1279032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"Launch LgDevAgt"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2007-12-13 346648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"MyWebSearch Plugin"= []
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-02-24 949376]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-11-03 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"userinit"=C:\WINDOWS\system32\ntos.exe []
"timeNoticeSL001"=c:\sysiqqa.exe net []
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"StartUp"=C:\windows\trayicons.exe /optimize speed []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xFF000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\TrackMania Nations ESWC W98SE_03\TmNationsESWC.exe"="D:\TrackMania Nations ESWC W98SE_03\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\Documents and Settings\Deadmarsh\Data aplikací\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Deadmarsh\Data aplikací\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Colin DiRT Demo\DiRTDemo.exe"="C:\Colin DiRT Demo\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"C:\TrackMania United CZ\TmUnited.exe"="C:\TrackMania United CZ\TmUnited.exe:*:Enabled:TmUnited"
"C:\Doom 3 - MINT\DOOM3Ded.exe"="C:\Doom 3 - MINT\DOOM3Ded.exe:*:Disabled:DOOM 3"
"C:\MotoGP 2007\motogp.exe"="C:\MotoGP 2007\motogp.exe:*:Enabled:motogp"
"C:\motorky - MotoGP 2007 - test\motogp.exe"="C:\motorky - MotoGP 2007 - test\motogp.exe:*:Disabled:motogp"
"D:\MAX120_SYS disk - pred novym PC\FlashFXP.v2.1.924.WinAll.WORKING.Read.NFO.REPACK-PH\FlashFXP.exe"="D:\MAX120_SYS disk - pred novym PC\FlashFXP.v2.1.924.WinAll.WORKING.Read.NFO.REPACK-PH\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Total Commander XP\TOTALCMD.EXE"="C:\Total Commander XP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"H:\OutRun2006 Coast 2 Coast - MINT\OR2006C2C.EXE"="H:\OutRun2006 Coast 2 Coast - MINT\OR2006C2C.EXE:*:Enabled:OR2006C2C"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\windows\System32\dpvsetup.exe"="C:\windows\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\windows\System32\rundll32.exe"="C:\windows\System32\rundll32.exe:*:Disabled:Run a DLL as an App"
"H:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="H:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"H:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="H:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"G:\Street Racing Syndicate - MINT\Bin\SRS.exe"="G:\Street Racing Syndicate - MINT\Bin\SRS.exe:*:Disabled:SRS"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\Deadmarsh\Local Settings\Temp\heat.bin"="C:\Documents and Settings\Deadmarsh\Local Settings\Temp\heat.bin:*:Enabled:heat"
"H:\NHL08\nhl2008.exe"="H:\NHL08\nhl2008.exe:*:Enabled:nhl2008"
"G:\Grand Prix 3 Expansion Pack 2000 - MINT\GP3_2000.exe"="G:\Grand Prix 3 Expansion Pack 2000 - MINT\GP3_2000.exe:*:Disabled:GP3_2000"
"C:\TrackMania Nations ESWC - patched by Goblin\TmNationsESWC.exe"="C:\TrackMania Nations ESWC - patched by Goblin\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\F1 Challenge KRC 2007\F1 Challange KRC 2007.exe"="D:\F1 Challenge KRC 2007\F1 Challange KRC 2007.exe:*:Enabled:F1 Challenge 99-02"
"D:\MAX120_SYS disk - pred novym PC\F1 Challenge 99-02 - for RH2005\F1 Challenge 99-02.exe"="D:\MAX120_SYS disk - pred novym PC\F1 Challenge 99-02 - for RH2005\F1 Challenge 99-02.exe:*:Enabled:F1 Challenge 99-02"
"G:\Medal of Honor Pacific Assault - MINT\mohpa.exe"="G:\Medal of Honor Pacific Assault - MINT\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
"G:\Medal of Honor PA - MINT2\mohpa.exe"="G:\Medal of Honor PA - MINT2\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\Starship Troopers\STGame.exe"="C:\Program Files\Starship Troopers\STGame.exe:*:Disabled:Starship Troopers Euro1"
"G:\GRID\GRID.exe"="G:\GRID\GRID.exe:*:Enabled:GRID"
"G:\GRID\GRID_orig.exe"="G:\GRID\GRID_orig.exe:*:Disabled:GRID Executable"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"H:\SBK08\Launcher.exe"="H:\SBK08\Launcher.exe:*:Disabled:Launcher"
"H:\Evolva - MINT\Evolva.exe"="H:\Evolva - MINT\Evolva.exe:*:Disabled:Evolva"
"H:\TmUnitedForever\TmForever.exe"="H:\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"G:\GRID\GRID-crackly.exe"="G:\GRID\GRID-crackly.exe:*:Disabled:GRID Executable"
"G:\Battlefield Vietnam - MINT\BfVietnam.exe"="G:\Battlefield Vietnam - MINT\BfVietnam.exe:*:Disabled:BfVietnam"
"D:\MAX120_SYS disk - pred novym PC\FlatOut2 CZ XP\FlatOut2.exe"="D:\MAX120_SYS disk - pred novym PC\FlatOut2 CZ XP\FlatOut2.exe:*:Enabled:FlatOut2"
"H:\FlatOut2 - MINT\FlatOut2.exe"="H:\FlatOut2 - MINT\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component"
"H:\NHL 09 US\nhl2009.exe"="H:\NHL 09 US\nhl2009.exe:*:Enabled:nhl2009"
"H:\DiRT - test\DiRT.exe"="H:\DiRT - test\DiRT.exe:*:Enabled:DiRT Executable"
"H:\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="H:\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"H:\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="H:\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"H:\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="H:\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\windows\System32\java.exe"="C:\windows\System32\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"H:\Worms Armageddon\WA.exe"="H:\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon"
"I:\Baja 1000 - MINT\Baja.exe"="I:\Baja 1000 - MINT\Baja.exe:*:Enabled:Baja"
"H:\Screamer 4x4 - MINT\Screamer4x4_d3d.exe"="H:\Screamer 4x4 - MINT\Screamer4x4_d3d.exe:*:Disabled:Screamer4x4_gl"
"H:\NHL 09 CZ\nhl2009.exe"="H:\NHL 09 CZ\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player"
"H:\NHL 2004\nhl2004.exe"="H:\NHL 2004\nhl2004.exe:*:Enabled:nhl2004"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\FileZilla FTP Client_09\filezilla.exe"="C:\Program Files\FileZilla FTP Client_09\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Documents and Settings\Deadmarsh\Local Settings\Data aplikací\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\Deadmarsh\Local Settings\Data aplikací\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Disabled:Chat Republic Games Player"
"H:\Painkiller Overdose - MINT\Bin\Overdose.exe"="H:\Painkiller Overdose - MINT\Bin\Overdose.exe:*:Enabled:Painkiller Overdose"
"H:\Painkiller Overdose - MINT\Bin\OverdoseEditor.exe"="H:\Painkiller Overdose - MINT\Bin\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor"
"H:\Painkiller Overdose - MINT\Bin\OverdoseServer.exe"="H:\Painkiller Overdose - MINT\Bin\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server"
"I:\FUEL\FUEL.exe"="I:\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\ToCA Race Driver 3\rd3.exe"="H:\ToCA Race Driver 3\rd3.exe:*:Disabled:RaceDriver 3 Application"
"H:\GearGrinder - MINT\GearGrinder.exe"="H:\GearGrinder - MINT\GearGrinder.exe:*:Enabled:GearGrinder"
"H:\DIRT MINTAL - UPLNE POSLEDNI A VYCHYATANA\DiRT.exe"="H:\DIRT MINTAL - UPLNE POSLEDNI A VYCHYATANA\DiRT.exe:*:Disabled:DiRT Executable"
"H:\GM Rally - MINT\GM Rally.exe"="H:\GM Rally - MINT\GM Rally.exe:*:Disabled:GM Rally"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Steam\steamapps\common\zero gear\ZeroGear.bat"="D:\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"I:\SuperstarsV8NC\Launcher.exe"="I:\SuperstarsV8NC\Launcher.exe:*:Enabled:Launcher"
"C:\windows\System32\PnkBstrA.exe"="C:\windows\System32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\windows\System32\PnkBstrB.exe"="C:\windows\System32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"I:\FIFA Online\NFE.exe"="I:\FIFA Online\NFE.exe:*:Disabled:EA SPORTS(TM) FIFA Online"
"I:\The Misadventures Of P.B. Winterbottom - MINT\Winterbottom.exe"="I:\The Misadventures Of P.B. Winterbottom - MINT\Winterbottom.exe:*:Disabled:Winterbottom"
"C:\Program Files\Electronic Arts\NFS World\Data\nfswo.exe"="C:\Program Files\Electronic Arts\NFS World\Data\nfswo.exe:*:Enabled:Need for Speed World"
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfswo.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfswo.exe:*:Enabled:Need for Speed World"
"H:\Shadow Warrior-SWF\Swp.exe"="H:\Shadow Warrior-SWF\Swp.exe:*:Enabled:Swp"
"H:\SBKX\Launcher.exe"="H:\SBKX\Launcher.exe:*:Enabled:Launcher Application"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\F1 2010\F1_2010_game.exe"="H:\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"I:\FIFA 11\Game\fifa.exe"="I:\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"H:\WRC2010\Launcher.exe"="H:\WRC2010\Launcher.exe:*:Enabled:Launcher"
"H:\TDU2Downloader.exe"="H:\TDU2Downloader.exe:*:Enabled:TDU2Downloader"
"I:\TDU2 Demo\TestDrive2.exe"="I:\TDU2 Demo\TestDrive2.exe:*:Enabled:Test Drive Unlimited 2"
"I:\TDU2 Demo\_UpLauncher.exe"="I:\TDU2 Demo\_UpLauncher.exe:*:Enabled:UpLauncher"
"I:\TDU2 Demo\UpLauncher.exe"="I:\TDU2 Demo\UpLauncher.exe:*:Enabled:UpLauncher"
"H:\Need for Speed(TM) Hot Pursuit\Launcher.exe"="H:\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"D:\Steam\steamapps\common\dark forces\DosBox\dosbox.exe"="D:\Steam\steamapps\common\dark forces\DosBox\dosbox.exe:*:Enabled:Star Wars: Dark Forces"
"I:\Need for Speed(TM) Hot Pursuit\Launcher.exe"="I:\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"D:\Need for Speed(TM) Hot Pursuit\Launcher.exe"="D:\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"D:\Naild\Naild_x86.exe"="D:\Naild\Naild_x86.exe:*:Disabled:Nail'd"
"D:\Steam\steamapps\common\mafia ii\pc\Mafia2.exe"="D:\Steam\steamapps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"H:\Soldier of Fortune Payback\sof3.exe"="H:\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2011-01-24 01:12:32 ----A---- C:\~.exe
2011-01-23 14:13:39 ----N---- C:\Documents and Settings\Deadmarsh\Data aplikací\dwm.exe
2011-01-21 17:56:48 ----D---- C:\Program Files\Activision Value
2011-01-04 23:28:07 ----D---- C:\Documents and Settings\Deadmarsh\Data aplikací\Nordic Games
2011-01-04 19:49:38 ----A---- C:\windows\PROTOCOL.INI
2011-01-04 19:30:48 ----D---- C:\Program Files\Extreme Sprint 3010
2011-01-02 19:04:24 ----SHD---- C:\FOUND.031
2010-12-31 16:27:59 ----A---- C:\windows\EAREMOVE.INI
2010-12-31 13:45:25 ----D---- C:\Documents and Settings\Deadmarsh\Data aplikací\Microsoft Corporation
2010-12-31 13:19:10 ----A---- C:\windows\system32\ealtest.exe
2010-12-31 13:19:10 ----A---- C:\windows\system32\eaexec.exe
2010-12-31 13:16:33 ----A---- C:\windows\SETUP.INI
2010-12-31 13:16:09 ----A---- C:\windows\system32\EAREMOVE.EXE
2010-12-25 02:26:04 ----D---- C:\Documents and Settings\Deadmarsh\Data aplikací\Runiter
2010-12-25 02:25:56 ----D---- C:\Program Files\Graphing Calculator 3D
2010-12-16 16:22:45 ----D---- C:\Program Files\BatMan
2010-12-13 13:07:30 ----D---- C:\rsit
2010-12-13 13:07:30 ----D---- C:\Program Files\trend micro
2010-12-05 20:43:14 ----D---- C:\Program Files\Ginipic
2010-12-04 22:06:09 ----HD---- C:\windows\$NtUninstallKB938759$
2010-12-02 12:39:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Solidshield
2010-11-26 18:24:01 ----D---- C:\Program Files\BreakPoint Software
2010-11-20 01:39:55 ----D---- C:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
2010-11-18 16:58:56 ----A---- C:\windows\unvise32.exe
2010-11-13 16:42:01 ----D---- C:\DOSBOXC
2010-11-10 23:14:58 ----D---- C:\Studnice - Jivka
2010-10-26 22:36:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\EA Core

======List of files/folders modified in the last 3 months======

2011-01-24 16:04:12 ----A---- C:\windows\WINCMD.INI
2011-01-24 14:11:20 ----A---- C:\windows\SchedLgU.Txt
2011-01-08 19:39:42 ----A---- C:\windows\DesktopOK.ini
2010-12-31 16:27:44 ----A---- C:\windows\wininit.ini
2010-12-21 19:26:06 ----A---- C:\windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\windows\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 snapman;Acronis Snapshots Manager; C:\windows\system32\DRIVERS\snapman.sys [2007-12-25 99776]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-07-02 721904]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\windows\system32\drivers\nod32drv.sys [2010-02-24 15424]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\windows\System32\DRIVERS\NVTcp.sys [2006-09-11 110592]
R1 oreans32;oreans32; \??\C:\windows\system32\drivers\oreans32.sys []
R1 PVR101Disk;PVR101Disk; C:\windows\system32\drivers\PVR101Disk.sys [2006-10-04 8576]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\windows\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R2 AMON;AMON; C:\windows\system32\drivers\amon.sys [2010-02-24 512096]
R2 Aspi32;Aspi32; C:\windows\System32\drivers\aspi32.sys [2002-05-06 16512]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 hwpsgt;hwpsgt; C:\windows\system32\DRIVERS\hwpsgt.sys [2008-05-12 137344]
R2 lemsgt;lemsgt; C:\windows\system32\DRIVERS\lemsgt.sys [2008-05-12 9472]
R2 SVKP;SVKP; \??\C:\windows\system32\SVKP.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\windows\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AmdLLD;AMD Low Level Device Driver; C:\windows\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\windows\system32\DRIVERS\L8042pr2.Sys [2003-12-11 51582]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\windows\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\pcouffin.sys [2008-05-02 47360]
R3 SenFiltService;SenFilt Service; C:\windows\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 vaxscsi;vaxscsi; C:\windows\System32\Drivers\vaxscsi.sys [2007-09-18 223128]
R3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\windows\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S1 AmdK8;Ovladač procesoru AMD; C:\windows\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\windows\system32\drivers\asusgsb32.sys []
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\windows\system32\drivers\atkkbnt.sys [2006-10-31 11008]
S2 ithsgt;ithsgt; C:\windows\system32\DRIVERS\ithsgt.sys []
S2 lilsgt;lilsgt; C:\windows\system32\DRIVERS\lilsgt.sys []
S3 av9kgozr;av9kgozr; C:\windows\system32\drivers\av9kgozr.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\windows\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-04-14 272896]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cglptnt;cglptnt; \??\C:\Total Commander XP\cglptnt.sys []
S3 cpnmouse;cpnmouse; C:\windows\system32\DRIVERS\cpnmouse.sys [2003-11-28 5162]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\DEADMA~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2007-12-30 25280]
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\DEADMA~1\LOCALS~1\Temp\krdpdre.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RTCore32;RTCore32; \??\C:\rmclock_235_bin\RTCore32.sys []
S3 sermouse;Ovladač sériové myši; C:\windows\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\DEADMA~1\LOCALS~1\Temp\sony_ssm.sys []
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Video3D;ASUS Video3D Service; C:\windows\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-07-12 54784]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-02-24 552064]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2010-03-09 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-01 217600]
R2 UserAccess7;SecuROM User Access Service (V7); C:\windows\system32\UAService7.exe [2008-04-10 217088]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-21 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\windows\system32\libusbd-nt.exe []
S2 PRLT;Security Service; C:\windows\system32\svcd\svchost.exe []
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-07-05 358008]
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\windows\system32\sfrem02.exe [2007-05-16 480888]
S2 vvdsvc;VJVodClientServices; C:\windows\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 24 led 2011 19:40

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Pan.Klobouk · #3 Příspěvek od **Pan.Klobouk** » 24 led 2011 22:17

Takze s ComboFix byla nakonec vetsi legrace, nez bych cekal:

- nejprve hlaska Incompatible OS. ComboFix only works for W2000 and XP OS incompatible.
- tudiz nouzovy rezim, vypnuty rezidentni stit NODu a uspesny start ComboFix
- ten ovsem okamzite zahlasil cosi o rootkitu a podezrelem souboru windows\system32\Drivers\sptd.sys
- po restartu uz ComboFix sken probehl, neco se i smazalo (neni konzole pro zotaveni) a vypis nasleduje

ComboFix 11-01-23.07 - Deadmarsh 24.01.2011 21:44:24.2.2 - FAT32x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1803 [GMT 1:00]
Spuštěný z: c:\documents and settings\Deadmarsh\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
C:\~.exe
c:\documents and settings\Deadmarsh\Local Settings\Temporary Internet Files\dxva_sig.txt
c:\progra~1\GOZILLA\GoIEhlp.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\readme.txt
C:\setup.exe
c:\windows\system32\CID
c:\windows\system32\drivers\oreans32.sys
c:\windows\system32\SvcNm
c:\windows\system32\url1
c:\windows\system32\url2
c:\windows\system32\url3
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\audio.dll.cla
c:\windows\system32\wsnpoem\video.dll
H:\install.exe

Nakažená kopie c:\windows\system32\Drivers\sptd.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_oreans32
-------\Service_oreans32

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-24 do 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 19:11 . 2010-12-14 00:13 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-01-23 13:13 . 2011-01-23 13:13 183296 ------w- c:\documents and settings\Deadmarsh\Data aplikací\dwm.exe
2011-01-21 16:56 . 2011-01-21 16:56 -------- d-----w- c:\program files\Activision Value
2011-01-04 22:28 . 2011-01-04 22:28 -------- d-----w- c:\documents and settings\Deadmarsh\Data aplikací\Nordic Games
2011-01-04 18:30 . 2011-01-04 18:30 -------- d-----w- c:\program files\Extreme Sprint 3010
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- C:\FOUND.031
2010-12-31 12:45 . 2010-12-31 12:45 -------- d-----w- c:\documents and settings\Deadmarsh\Local Settings\Data aplikací\Microsoft_Corporation
2010-12-31 12:45 . 2010-12-31 12:45 -------- d-----w- c:\documents and settings\Deadmarsh\Data aplikací\Microsoft Corporation
2010-12-31 12:19 . 1998-06-02 09:25 24576 ----a-w- c:\windows\system32\ealtest.exe
2010-12-31 12:19 . 1998-06-02 09:25 132096 ----a-w- c:\windows\system32\eaexec.exe
2010-12-31 12:16 . 2010-12-31 12:16 325632 ----a-w- c:\windows\system32\EAREMOVE.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-24 19:54 . 2007-04-24 17:07 721904 ------w- c:\windows\system32\drivers\sptd.sys
2010-11-26 17:16 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-26 17:16 . 2009-08-18 10:24 17816 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Go!Zilla dial-up fix"="c:\progra~1\GOZILLA\Go.exe" [2000-12-13 1908736]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-23 20480]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1279032]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-24 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\TrackMania Nations ESWC W98SE_03\\TmNationsESWC.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Deadmarsh\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\FlashFXP.v2.1.924.WinAll.WORKING.Read.NFO.REPACK-PH\\FlashFXP.exe"=
"c:\\Total Commander XP\\TOTALCMD.EXE"=
"h:\\OutRun2006 Coast 2 Coast - MINT\\OR2006C2C.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\windows\\System32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"h:\\NHL08\\nhl2008.exe"=
"c:\\TrackMania Nations ESWC - patched by Goblin\\TmNationsESWC.exe"=
"d:\\F1 Challenge KRC 2007\\F1 Challange KRC 2007.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\F1 Challenge 99-02 - for RH2005\\F1 Challenge 99-02.exe"=
"g:\\GRID\\GRID.exe"=
"g:\\GRID\\GRID_orig.exe"=
"h:\\TmUnitedForever\\TmForever.exe"=
"g:\\GRID\\GRID-crackly.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\FlatOut2 CZ XP\\FlatOut2.exe"=
"h:\\FlatOut2 - MINT\\FlatOut2.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\windows\\System32\\java.exe"=
"h:\\Worms Armageddon\\WA.exe"=
"i:\\Baja 1000 - MINT\\Baja.exe"=
"h:\\NHL 09 CZ\\nhl2009.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"h:\\NHL 2004\\nhl2004.exe"=
"c:\\Program Files\\FileZilla FTP Client_09\\filezilla.exe"=
"c:\\Documents and Settings\\Deadmarsh\\Local Settings\\Data aplikací\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"=
"i:\\FUEL\\FUEL.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\ToCA Race Driver 3\\rd3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"c:\\windows\\System32\\PnkBstrA.exe"=
"c:\\windows\\System32\\PnkBstrB.exe"=
"i:\\The Misadventures Of P.B. Winterbottom - MINT\\Winterbottom.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\F1 2010\\F1_2010_game.exe"=
"i:\\FIFA 11\\Game\\fifa.exe"=
"h:\\WRC2010\\Launcher.exe"=
"h:\\TDU2Downloader.exe"=
"d:\\Steam\\steamapps\\common\\dark forces\\DosBox\\dosbox.exe"=
"d:\\Naild\\Naild_x86.exe"=
"d:\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"h:\\Soldier of Fortune Payback\\sof3.exe"=

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [24.7.2007 13:56 33792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.4.2007 18:07 721904]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.2.2010 4:16 15424]
S1 PVR101Disk;PVR101Disk;c:\windows\system32\drivers\pvr101disk.sys [4.10.2006 22:00 8576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2010 19:19 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 PRLT;Security Service;c:\windows\system32\svcd\svchost.exe --> c:\windows\system32\svcd\svchost.exe [?]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [19.10.2007 15:54 2368]
S3 cglptnt;cglptnt;c:\total commander xp\CGLPTNT.SYS [24.4.2007 1:12 7888]
S3 cpnmouse;cpnmouse;c:\windows\system32\drivers\cpnmouse.sys [2.4.2009 13:32 5162]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [8.12.2007 23:18 20856]
S3 krdpdre;krdpdre;\??\c:\docume~1\DEADMA~1\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\DEADMA~1\LOCALS~1\Temp\krdpdre.sys [?]
S3 RTCore32;RTCore32;c:\rmclock_235_bin\RTCore32.sys [27.6.2010 12:24 4608]
S3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk.sys [3.9.2010 0:42 10240]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [18.9.2007 1:52 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 18:19]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 18:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.aktualne.cz/?ms=ae
uInternet Settings,ProxyServer = http=127.0.0.1:51455
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: JSyn Audio - hxxp://www.softsynth.com/jsyn/plugins/archives/jsynv142.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\Deadmarsh\Data aplikací\Mozilla\Firefox\Profiles\lv273bwd.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51455
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-timeNoticeSL001 - c:\sysiqqa.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-MyWebSearch Plugin - (no file)
AddRemove-Condemned: Criminal Origins CZ - h:\condemned - criminal origins - mint 2 with dx\Uninstall Condemned_cz.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Evolva Bumpmap Patch - h:\evolva - mint\Uninst.isu
AddRemove-iN Episodes: Emergence SK - c:\sin_sk\Uninstall Sin_emergence.exe
AddRemove- - h:\deadly dozen 2 pacific theater - mint\uninstall.exe
AddRemove-My Application - c:\evolva\Resources\Level\Uninstal.exe
AddRemove-Radiate Advertising - c:\windows\system32\msipcsv.exe
AddRemove-The Godfather SK 1.0 - c:\the god sk us\Uninstall godfather_sk.exe
AddRemove-wcmdmgr.exe - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-wtdmmp - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-wtwebdriver - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-Ď¸°ű·ÖÁŃ4Ë«ÖŘĽäµýNETSHOW D5ÍęŐű°ć_is1 - h:\tom clancy's splinter cell double agent - test\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 21:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A694ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8500e879; SUB DWORD [EBP-0x4], 0x8500e135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x8A67E4A8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000087[0x8A690A98]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E1397] -> [0x8A754210]
[0x8A6C9340] -> IRP_MJ_CREATE -> 0x8A694ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y120P0__________________________YAR41BW0#33593635574a4553202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A694AF1
user & kernel MBR OK
sectors 240121726 (+165): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(328)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\ieframe.dll
.
Celkový čas: 2011-01-24 21:57:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-24 20:57

Před spuštěním: 3 514 990 592
Po spuštění: 3 472 916 480

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - F7EA60C1C69A03E40872B141607B3DDA

#4 Příspěvek od **Rudy** » 24 led 2011 22:44

Takze s ComboFix byla nakonec vetsi legrace, nez bych cekal...

Také máte PC velmi slušně zaplevelený. Ještě dočistíme. otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\Deadmarsh\Data aplikací\dwm.exe
c:\docume~1\DEADMA~1\LOCALS~1\Temp\krdpdre.sys

Driver::
krdpdre

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Pan.Klobouk · #5 Příspěvek od **Pan.Klobouk** » 24 led 2011 23:24

Bratrovo PC, system je v provozu dobre tri roky... a je to znat.

Takze po skriptu to vypada takhle:

ComboFix 11-01-23.07 - Deadmarsh 24.01.2011 23:01:07.3.2 - FAT32x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1804 [GMT 1:00]
Spuštěný z: c:\documents and settings\Deadmarsh\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Deadmarsh\Plocha\CFScript.txt.txt
AV: Eset NOD32 Antivirus 2.70 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\documents and settings\Deadmarsh\Data aplikací\dwm.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\Drivers\sptd.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KRDPDRE
-------\Service_krdpdre

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-24 do 2011-01-24 )))))))))))))))))))))))))))))))
.

2011-01-24 19:11 . 2010-12-14 00:13 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-01-23 13:13 . 2011-01-23 13:13 183296 ------w- c:\documents and settings\Deadmarsh\Data aplikací\dwm.exe
2011-01-21 16:56 . 2011-01-21 16:56 -------- d-----w- c:\program files\Activision Value
2011-01-04 22:28 . 2011-01-04 22:28 -------- d-----w- c:\documents and settings\Deadmarsh\Data aplikací\Nordic Games
2011-01-04 18:30 . 2011-01-04 18:30 -------- d-----w- c:\program files\Extreme Sprint 3010
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- C:\FOUND.031
2010-12-31 12:45 . 2010-12-31 12:45 -------- d-----w- c:\documents and settings\Deadmarsh\Local Settings\Data aplikací\Microsoft_Corporation
2010-12-31 12:45 . 2010-12-31 12:45 -------- d-----w- c:\documents and settings\Deadmarsh\Data aplikací\Microsoft Corporation
2010-12-31 12:19 . 1998-06-02 09:25 24576 ----a-w- c:\windows\system32\ealtest.exe
2010-12-31 12:19 . 1998-06-02 09:25 132096 ----a-w- c:\windows\system32\eaexec.exe
2010-12-31 12:16 . 2010-12-31 12:16 325632 ----a-w- c:\windows\system32\EAREMOVE.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-24 19:54 . 2007-04-24 17:07 721904 ------w- c:\windows\system32\drivers\sptd.sys
2010-11-26 17:16 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-26 17:16 . 2009-08-18 10:24 17816 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"timeNoticeSL001"="c:\sysiqqa.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Go!Zilla dial-up fix"="c:\progra~1\GOZILLA\Go.exe" [2000-12-13 1908736]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [BU]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2003-09-23 20480]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1279032]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [BU]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"MyWebSearch Plugin"="" [BU]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-24 949376]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"d:\\TrackMania Nations ESWC W98SE_03\\TmNationsESWC.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Deadmarsh\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\FlashFXP.v2.1.924.WinAll.WORKING.Read.NFO.REPACK-PH\\FlashFXP.exe"=
"c:\\Total Commander XP\\TOTALCMD.EXE"=
"h:\\OutRun2006 Coast 2 Coast - MINT\\OR2006C2C.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\windows\\System32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"h:\\NHL08\\nhl2008.exe"=
"c:\\TrackMania Nations ESWC - patched by Goblin\\TmNationsESWC.exe"=
"d:\\F1 Challenge KRC 2007\\F1 Challange KRC 2007.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\F1 Challenge 99-02 - for RH2005\\F1 Challenge 99-02.exe"=
"g:\\GRID\\GRID.exe"=
"g:\\GRID\\GRID_orig.exe"=
"h:\\TmUnitedForever\\TmForever.exe"=
"g:\\GRID\\GRID-crackly.exe"=
"d:\\MAX120_SYS disk - pred novym PC\\FlatOut2 CZ XP\\FlatOut2.exe"=
"h:\\FlatOut2 - MINT\\FlatOut2.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"h:\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\windows\\System32\\java.exe"=
"h:\\Worms Armageddon\\WA.exe"=
"i:\\Baja 1000 - MINT\\Baja.exe"=
"h:\\NHL 09 CZ\\nhl2009.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"h:\\NHL 2004\\nhl2004.exe"=
"c:\\Program Files\\FileZilla FTP Client_09\\filezilla.exe"=
"c:\\Documents and Settings\\Deadmarsh\\Local Settings\\Data aplikací\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"=
"i:\\FUEL\\FUEL.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\ToCA Race Driver 3\\rd3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"c:\\windows\\System32\\PnkBstrA.exe"=
"c:\\windows\\System32\\PnkBstrB.exe"=
"i:\\The Misadventures Of P.B. Winterbottom - MINT\\Winterbottom.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\F1 2010\\F1_2010_game.exe"=
"i:\\FIFA 11\\Game\\fifa.exe"=
"h:\\WRC2010\\Launcher.exe"=
"h:\\TDU2Downloader.exe"=
"d:\\Steam\\steamapps\\common\\dark forces\\DosBox\\dosbox.exe"=
"d:\\Naild\\Naild_x86.exe"=
"d:\\Steam\\steamapps\\common\\mafia ii\\pc\\Mafia2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"h:\\Soldier of Fortune Payback\\sof3.exe"=

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [24.7.2007 13:56 33792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.4.2007 18:07 721904]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.2.2010 4:16 15424]
S1 PVR101Disk;PVR101Disk;c:\windows\system32\drivers\pvr101disk.sys [4.10.2006 22:00 8576]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2010 19:19 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 PRLT;Security Service;c:\windows\system32\svcd\svchost.exe --> c:\windows\system32\svcd\svchost.exe [?]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [19.10.2007 15:54 2368]
S3 cglptnt;cglptnt;c:\total commander xp\CGLPTNT.SYS [24.4.2007 1:12 7888]
S3 cpnmouse;cpnmouse;c:\windows\system32\drivers\cpnmouse.sys [2.4.2009 13:32 5162]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [8.12.2007 23:18 20856]
S3 RTCore32;RTCore32;c:\rmclock_235_bin\RTCore32.sys [27.6.2010 12:24 4608]
S3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk.sys [3.9.2010 0:42 10240]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [18.9.2007 1:52 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 18:19]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 18:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.aktualne.cz/?ms=ae
uInternet Settings,ProxyServer = http=127.0.0.1:51455
LSP: c:\windows\system32\imon.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: JSyn Audio - hxxp://www.softsynth.com/jsyn/plugins/archives/jsynv142.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {9100BA25-85A6-4C80-86E9-426D2899F8EF} - hxxp://xtraz.icq.com/xtraz/products/wirelesscl/WirelessContact.cab
FF - ProfilePath - c:\documents and settings\Deadmarsh\Data aplikací\Mozilla\Firefox\Profiles\lv273bwd.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51455
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Condemned: Criminal Origins CZ - h:\condemned - criminal origins - mint 2 with dx\Uninstall Condemned_cz.exe
AddRemove-iN Episodes: Emergence SK - c:\sin_sk\Uninstall Sin_emergence.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 23:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A694ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8500e879; SUB DWORD [EBP-0x4], 0x8500e135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x8A67E4A8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000087[0x8A690A98]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E1397] -> [0x8A754210]
[0x8A6FAD30] -> IRP_MJ_CREATE -> 0x8A694ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y120P0__________________________YAR41BW0#33593635574a4553202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A694AF1
user & kernel MBR OK
sectors 240121726 (+173): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1532298954-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(328)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\ieframe.dll
.
Celkový čas: 2011-01-24 23:15:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-24 22:15
ComboFix2.txt 2011-01-24 20:57

Před spuštěním: 3 418 390 528
Po spuštění: 3 458 760 704

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 1A75E96BB1E9542762396FFAEB40300B

#6 Příspěvek od **Rudy** » 25 led 2011 18:01

OK, smazáno. Ještě poprosím o log z MBR: http://www2.gmer.net/mbr/mbr.exe .

Pan.Klobouk · #7 Příspěvek od **Pan.Klobouk** » 25 led 2011 19:12

Rudy píše:OK, smazáno. Ještě poprosím o log z MBR: http://www2.gmer.net/mbr/mbr.exe .

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y120P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y120P0__________________________YAR41BW0#33593635574a4553202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A6E5AF1
user & kernel MBR OK
sectors 240121726 (+177): user != kernel

#8 Příspěvek od **Rudy** » 25 led 2011 19:47

Buď je v MBR chyba, nebo je nakažen. Použijte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.exe . Uložte na plochu a spusťte utilitu. Pak klik na Start Scan. nalezne-li TDSSKiller nákazu, zvolí akci Cure, vy kliknete na Continue. Najde-li podezřelý soubor, zvolí akci Skip (kliknete na Continue). Pokud si vyžádá restart, klikete na RebootNow. Pokud ne, kliknete na Report. Objeví se log a ten sem zkopírujte.

Pan.Klobouk · #9 Příspěvek od **Pan.Klobouk** » 25 led 2011 20:15

TDSS Killer nasel jeden (byl to tusim pciide.sys) infikovany soubor - vyleceno.

2011/01/25 20:10:18.0015 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 20:10:18.0015 ================================================================================
2011/01/25 20:10:18.0015 SystemInfo:
2011/01/25 20:10:18.0015
2011/01/25 20:10:18.0015 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/25 20:10:18.0015 Product type: Workstation
2011/01/25 20:10:18.0015 ComputerName: M2N
2011/01/25 20:10:18.0015 UserName: Deadmarsh
2011/01/25 20:10:18.0015 Windows directory: C:\windows
2011/01/25 20:10:18.0015 System windows directory: C:\windows
2011/01/25 20:10:18.0015 Processor architecture: Intel x86
2011/01/25 20:10:18.0015 Number of processors: 2
2011/01/25 20:10:18.0015 Page size: 0x1000
2011/01/25 20:10:18.0015 Boot type: Normal boot
2011/01/25 20:10:18.0015 ================================================================================
2011/01/25 20:10:18.0625 Initialize success
2011/01/25 20:10:21.0437 ================================================================================
2011/01/25 20:10:21.0437 Scan started
2011/01/25 20:10:21.0437 Mode: Manual;
2011/01/25 20:10:21.0437 ================================================================================
2011/01/25 20:10:23.0062 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys
2011/01/25 20:10:23.0421 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/25 20:10:23.0500 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\windows\system32\drivers\ACPIEC.sys
2011/01/25 20:10:23.0953 ADIHdAudAddService (ce03d313a12cbc886c3beba3b4967a8a) C:\windows\system32\drivers\ADIHdAud.sys
2011/01/25 20:10:24.0484 AEAudio (058cdc314672a28a90566a787d9876e7) C:\windows\system32\drivers\AEAudio.sys
2011/01/25 20:10:25.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/01/25 20:10:25.0875 AFD (322d0e36693d6e24a2398bee62a268cd) C:\windows\System32\drivers\afd.sys
2011/01/25 20:10:27.0468 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\windows\system32\DRIVERS\AmdK8.sys
2011/01/25 20:10:27.0671 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\windows\system32\DRIVERS\AmdLLD.sys
2011/01/25 20:10:27.0937 AMON (687c3f2e78aeb209ade1cc265a2560bb) C:\windows\system32\drivers\amon.sys
2011/01/25 20:10:29.0218 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\windows\system32\drivers\aspi32.sys
2011/01/25 20:10:29.0671 asuskbnt (5f82ef81858852bbfbe7d13efee2f281) C:\windows\system32\drivers\atkkbnt.sys
2011/01/25 20:10:29.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/25 20:10:29.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/01/25 20:10:30.0640 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\windows\system32\DRIVERS\ati2mtag.sys
2011/01/25 20:10:31.0031 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
2011/01/25 20:10:31.0171 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/01/25 20:10:31.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/01/25 20:10:31.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/01/25 20:10:31.0546 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/25 20:10:31.0750 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/25 20:10:31.0937 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/25 20:10:32.0203 BTHPORT (164f186e09f26ba47b89e4db9b0aaf1e) C:\windows\system32\Drivers\BTHport.sys
2011/01/25 20:10:32.0375 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/25 20:10:33.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/01/25 20:10:33.0390 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
2011/01/25 20:10:33.0906 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2011/01/25 20:10:33.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/01/25 20:10:34.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/01/25 20:10:34.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/25 20:10:34.0203 cglptnt (c8b5858aebb4782ae16533297ef1f9be) C:\Total Commander XP\cglptnt.sys
2011/01/25 20:10:35.0046 cpnmouse (208e93b31d9b05515f6c8f7fb9744832) C:\windows\system32\DRIVERS\cpnmouse.sys
2011/01/25 20:10:36.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/01/25 20:10:36.0281 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\windows\system32\drivers\dmboot.sys
2011/01/25 20:10:36.0437 dmio (fff1720af51171f32f1ead5cf71f2810) C:\windows\system32\drivers\dmio.sys
2011/01/25 20:10:36.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/01/25 20:10:36.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/01/25 20:10:37.0000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/01/25 20:10:37.0218 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
2011/01/25 20:10:37.0515 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\windows\system32\Drivers\ElbyCDFL.sys
2011/01/25 20:10:37.0781 ElbyCDIO (c9c7113f5e15f70fcc576e835c859d56) C:\windows\system32\Drivers\ElbyCDIO.sys
2011/01/25 20:10:38.0000 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/01/25 20:10:38.0156 EverestDriver (01bae99f2ef5faff7927959db577d58a) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
2011/01/25 20:10:38.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/01/25 20:10:38.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
2011/01/25 20:10:38.0375 Fips (ac366695a0796560aa37215ad5762aaf) C:\windows\system32\drivers\Fips.sys
2011/01/25 20:10:38.0500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
2011/01/25 20:10:38.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
2011/01/25 20:10:38.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/25 20:10:38.0796 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\windows\system32\DRIVERS\ftdisk.sys
2011/01/25 20:10:38.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/01/25 20:10:39.0187 hamachi (7929a161f9951d173ca9900fe7067391) C:\windows\system32\DRIVERS\hamachi.sys
2011/01/25 20:10:39.0375 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/25 20:10:39.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/25 20:10:39.0953 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\windows\system32\Drivers\HTTP.sys
2011/01/25 20:10:40.0218 hwpsgt (a439ebd90afdb1f516c875b9b317832f) C:\windows\system32\DRIVERS\hwpsgt.sys
2011/01/25 20:10:40.0953 i8042prt (c528e27945367191e7bae364930b6932) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/25 20:10:41.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/01/25 20:10:41.0859 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
2011/01/25 20:10:41.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/25 20:10:42.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/01/25 20:10:42.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/01/25 20:10:42.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/01/25 20:10:42.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/01/25 20:10:42.0437 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/25 20:10:42.0843 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/25 20:10:42.0953 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/25 20:10:43.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/01/25 20:10:43.0234 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\windows\system32\drivers\KSecDD.sys
2011/01/25 20:10:43.0484 L8042pr2 (42dec1fbcfa291720460705a8881a1c4) C:\windows\system32\DRIVERS\L8042pr2.Sys
2011/01/25 20:10:44.0046 lemsgt (057da656166893842dd401c25a058c4e) C:\windows\system32\DRIVERS\lemsgt.sys
2011/01/25 20:10:44.0281 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\windows\system32\drivers\libusb0.sys
2011/01/25 20:10:44.0828 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\windows\system32\DRIVERS\LMouFlt2.Sys
2011/01/25 20:10:44.0890 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/01/25 20:10:45.0015 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\windows\system32\drivers\Modem.sys
2011/01/25 20:10:45.0078 Mouclass (4cb582831dbde63ce43b45d771218374) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/25 20:10:45.0328 mouhid (bb269eba740737ab749b214d568b6812) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/25 20:10:45.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/01/25 20:10:45.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/01/25 20:10:45.0906 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/25 20:10:46.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/01/25 20:10:46.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/25 20:10:46.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/25 20:10:46.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/01/25 20:10:46.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/25 20:10:46.0562 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
2011/01/25 20:10:46.0734 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\windows\system32\DRIVERS\ASACPI.sys
2011/01/25 20:10:46.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys
2011/01/25 20:10:46.0906 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
2011/01/25 20:10:46.0968 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/01/25 20:10:47.0062 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
2011/01/25 20:10:47.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/25 20:10:47.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/25 20:10:47.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/25 20:10:47.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys
2011/01/25 20:10:47.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/01/25 20:10:47.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/01/25 20:10:47.0828 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\windows\system32\drivers\nmwcd.sys
2011/01/25 20:10:48.0093 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\windows\system32\drivers\nmwcdc.sys
2011/01/25 20:10:48.0359 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\windows\system32\drivers\nmwcdcj.sys
2011/01/25 20:10:48.0625 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\windows\system32\drivers\nmwcdcm.sys
2011/01/25 20:10:48.0906 nod32drv (b4ea8cba9a69d0921b7bd89c8cf9e032) C:\windows\system32\drivers\nod32drv.sys
2011/01/25 20:10:49.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/01/25 20:10:49.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/01/25 20:10:49.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/01/25 20:10:49.0484 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\windows\system32\DRIVERS\nvata.sys
2011/01/25 20:10:49.0656 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\windows\system32\DRIVERS\NVENETFD.sys
2011/01/25 20:10:49.0828 nvnetbus (57b669f9234604a350174b86764444b0) C:\windows\system32\DRIVERS\nvnetbus.sys
2011/01/25 20:10:50.0000 NVTCP (c0e7437765a694328579c4674ef3ab20) C:\windows\system32\DRIVERS\NVTcp.sys
2011/01/25 20:10:50.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/01/25 20:10:50.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/01/25 20:10:50.0156 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\windows\system32\DRIVERS\parport.sys
2011/01/25 20:10:50.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/01/25 20:10:50.0281 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\windows\system32\drivers\ParVdm.sys
2011/01/25 20:10:50.0343 PCI (6ce351d149cb4befc702951e471e1730) C:\windows\system32\DRIVERS\pci.sys
2011/01/25 20:10:50.0703 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\windows\system32\DRIVERS\pciide.sys
2011/01/25 20:10:50.0812 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\windows\system32\drivers\Pcmcia.sys
2011/01/25 20:10:51.0078 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys
2011/01/25 20:10:52.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/25 20:10:53.0031 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\windows\system32\DRIVERS\processr.sys
2011/01/25 20:10:53.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/01/25 20:10:53.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/01/25 20:10:53.0390 PVR101Disk (beb8f520d0f83aa0d63e890612621cfe) C:\windows\system32\drivers\PVR101Disk.sys
2011/01/25 20:10:53.0656 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys
2011/01/25 20:10:55.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/25 20:10:55.0203 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/25 20:10:55.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/25 20:10:55.0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/01/25 20:10:55.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/25 20:10:55.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/25 20:10:55.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
2011/01/25 20:10:55.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys
2011/01/25 20:10:55.0671 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\windows\system32\DRIVERS\redbook.sys
2011/01/25 20:10:55.0828 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\windows\system32\DRIVERS\rfcomm.sys
2011/01/25 20:10:56.0375 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\rmclock_235_bin\RTCore32.sys
2011/01/25 20:10:56.0625 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys
2011/01/25 20:10:56.0953 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/01/25 20:10:57.0218 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\windows\system32\drivers\Senfilt.sys
2011/01/25 20:10:57.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
2011/01/25 20:10:57.0859 Serial (b842729337c9b921615c40d3c1a1af96) C:\windows\system32\DRIVERS\serial.sys
2011/01/25 20:10:58.0109 sermouse (61490899036b14dedc24babd847d7001) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/25 20:10:58.0359 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\windows\system32\drivers\sfhlp02.sys
2011/01/25 20:10:58.0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/01/25 20:10:58.0906 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\windows\system32\drivers\sfvfs02.sys
2011/01/25 20:10:59.0390 SliceDisk5 (903b5b4caa9a85b85ba57e411f7235fa) C:\Program Files\A-FF Find and Mount\slicedisk.sys
2011/01/25 20:10:59.0703 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
2011/01/25 20:10:59.0968 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\windows\system32\DRIVERS\snapman.sys
2011/01/25 20:11:00.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/01/25 20:11:00.0828 sptd (ed757582ae5339f051ffa6142ab25eca) C:\windows\system32\Drivers\sptd.sys
2011/01/25 20:11:01.0156 sr (94610c8653635e4459316a0050d55ce7) C:\windows\system32\DRIVERS\sr.sys
2011/01/25 20:11:01.0484 Srv (5252605079810904e31c332e241cd59b) C:\windows\system32\DRIVERS\srv.sys
2011/01/25 20:11:01.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
2011/01/25 20:11:02.0765 SVKP (f05028b163b92c302a74409d683ac9b0) C:\windows\system32\SVKP.sys
2011/01/25 20:11:03.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/01/25 20:11:03.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/01/25 20:11:04.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/01/25 20:11:05.0187 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/25 20:11:05.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/01/25 20:11:05.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/01/25 20:11:06.0046 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/01/25 20:11:06.0656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/01/25 20:11:07.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/01/25 20:11:07.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/25 20:11:07.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/25 20:11:07.0875 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/25 20:11:08.0140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
2011/01/25 20:11:08.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/25 20:11:08.0671 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\windows\System32\Drivers\vaxscsi.sys
2011/01/25 20:11:08.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/01/25 20:11:09.0468 Video3D (8643da4a6c83da6c10fcab1e5ab6632d) C:\windows\system32\Drivers\Video3D32.sys
2011/01/25 20:11:09.0765 VolSnap (28a4b296b47782173c346e376cb374d1) C:\windows\system32\drivers\VolSnap.sys
2011/01/25 20:11:10.0031 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/25 20:11:10.0296 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\windows\system32\DRIVERS\Wdf01000.sys
2011/01/25 20:11:10.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/01/25 20:11:11.0203 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\windows\system32\drivers\WmBEnum.sys
2011/01/25 20:11:11.0453 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\windows\system32\drivers\WmFilter.sys
2011/01/25 20:11:11.0734 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\windows\system32\drivers\WmHidLo.sys
2011/01/25 20:11:11.0984 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\windows\system32\drivers\WmVirHid.sys
2011/01/25 20:11:12.0265 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\windows\system32\drivers\WmXlCore.sys
2011/01/25 20:11:12.0531 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\Drivers\wpdusb.sys
2011/01/25 20:11:12.0609 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
2011/01/25 20:11:12.0906 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
2011/01/25 20:11:13.0156 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\windows\system32\DRIVERS\xusb21.sys
2011/01/25 20:11:13.0359 ================================================================================
2011/01/25 20:11:13.0359 Scan finished
2011/01/25 20:11:13.0359 ================================================================================

#10 Příspěvek od **Rudy** » 25 led 2011 21:33

OK. Jak se nyní PC chová?

Pan.Klobouk · #11 Příspěvek od **Pan.Klobouk** » 26 led 2011 20:35

Zatim to vypada dobre. Budu se tomu teprve venovat, ale v IE uz nevyskakuji zadne hlasky o malware, nespousti se DOS okno s cmd.exe, stranky se nacitaji jak maji, nic nepada... i podle NODu je cisto a bez trojanu.

Jeste budu muset nejak opravit DAEMON Tools (ComboFix byl nekompromisni a DT ted hlasi "This program requires Windows 2000 and more with SPTD 1.51 or Higher. Kernel debug must be inactivated."

) a zitra dam vedet, jestli je vse definitivne OK, ciste a fungujici.

#12 Příspěvek od **Rudy** » 26 led 2011 20:50

Pan.Klobouk · #13 Příspěvek od **Pan.Klobouk** » 27 led 2011 22:02

Tak se zda, ze je opravdu po problemech.

#14 Příspěvek od **Rudy** » 27 led 2011 23:05

Jsem rád, že se to povedlo.

Pan.Klobouk · #15 Příspěvek od **Pan.Klobouk** » 28 led 2011 17:56

Kazdopadne diky za pomoc, pane.

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu