WiXP rootkit hive-Zvuk,RPC+dalsi sluzby off, Start, zmizel
Napsal: 10 črc 2011 21:54
Ahoj,
potreboval bych poradit, matka mela na PC admina nedopadlo to dobre, klikla na nejaky link a v PC se zabydlelo neco hodne nepeknyho, ted funguje na Linuxu, ale nerada, nicmene rad bych ji ty jeji XP zase poradne rozjel, ma tam data, programy a jak nema tu spravnou ikonu na plose, tak s kompem neumi, takze do cisty instalace se mi nechce.
Symptony:
- nejede tak polovina Windows sluzeb, hlavne RPC na ktery jsou naveseny dalsi -chyba 5 pristup odepren
- nejde vzuk, jen PC speaker kvici
- zmizel start panel, ale to jsem na jednom uctu nejak, opravil poradne ani
nevim jak
- nejde schranka, nejdou presouvat ikony tazeni; ani mysi kopirovat soubory
- nesel net - opraveno Winsock LSP fixem
- nenabiha ani Avira, ani malware bytes (problem s visual basic knihovnou hry); spybot
- do woken i do nouzovyho rezimu se prihlasim
- ted uz ne, ale drive bylo v systemovym logu cosi o SidebySide uzivateli
Pokusy o reseni
- nemyslim, si ze bych byl uplne zacatecnik, tak jsem zkousel a zkousel, ale vyhral
- combofix neco nasel, ale problemy jsou stale stejny
- nejaky boot CD Avira, Dr. Web, Ubuntu malware, ale s cinim jsem nevyhral
- zkousel sem i opravu instalace Windows - probehla, ale problemy to nevyresilo
- nouzovnym resimu jsem nainstaloval Avast, ale po nabehnuti, jsou jeho stity vypnuty
Moje idea
- podle me jsou polamany registry a to velmi specificky
- a coz by to asi chtelo nejaky specificky tool a podle symptomu poznat, co tady vlastne radilo
Co funguje:
- cmd
- regedit
- autoruns
Logy:
RSIt:
Logfile of random's system information tool 1.09 (written by random/random)
Run by RuThaN_ at 2011-07-10 22:30:55
WIN_XP Service Pack 2
System drive C: has 51 GB (75%) free of 68 GB
Total RAM: 1791 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:31:10, on 10.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\RuThaN_\Plocha\RSIT.exe
C:\Program Files\trend micro\RuThaN_.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\RuThaN_\Plocha\\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\RuThaN_\Plocha\\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4388 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default
prefs.js - "browser.startup.homepage" - "http://www.atlas.cz/?from=icqhp"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, {20a82645-c095-46ed-80e3-08825760534b}:1.1, wrc@avast.com:6.0.1203, {972ce4c6-7e08-4474-a285-3208198ce6fd}:2.0"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default\searchplugins\
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-14 13684736]
"nwiz"=nwiz.exe /install []
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-12-03 33718272]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-14 86016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusAgent]
C:\Program Files\iriver plus\iAgent.exe [2005-06-07 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe [2003-10-14 38984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-12-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RuThaN_^Nabídka Start^Programy^Po spuštění^Launch Programs Now (Hidden).lnk]
C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2
"CiSvc"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Games\Quake III Arena\quake3.exe"="D:\Games\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.XVID"=xvidvfw.dll
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.lameacm"=lameACM.acm
"vidc.3iv2"=3ivxVfWCodec.dll
"msacm.divxa32"=divxa32.acm
"VIDC.HFYU"=huffyuv.dll
"VIDC.IV50"=ir50_32.dll
"VIDC.wmv3"=wmv9vcm.dll
"VIDC.i263"=i263_32.drv
"msacm.imc"=imc32.acm
"VIDC.IV40"=Ir41_32.ax
"VIDC.IV41"=Ir41_32.ax
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP31"=vp31vfw.dll
"vidc.MPG4"=Mpg4c32.dll
"vidc.MP42"=Mpg4c32.dll
"vidc.MP43"=Mpg4c32.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"MSVideo8"=VfWWDM32.dll
"vidc.yv12"=DivX.dll
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-10 22:30:55 ----D---- C:\rsit
2011-07-10 22:30:55 ----D---- C:\Program Files\trend micro
2011-07-10 22:19:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-10 22:19:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-10 22:18:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-10 22:18:30 ----A---- C:\WINDOWS\avastSS.scr
2011-07-10 22:18:22 ----D---- C:\Program Files\AVAST Software
2011-07-10 22:18:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-10 22:15:11 ----D---- C:\WINDOWS\temp
2011-07-10 22:15:10 ----A---- C:\ComboFix.txt
2011-07-10 22:06:25 ----A---- C:\WINDOWS\zip.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWSC.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWREG.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\sed.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\grep.exe
2011-07-10 22:06:18 ----D---- C:\ComboFix
2011-07-10 22:04:01 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Opera
2011-06-27 01:01:27 ----SHD---- C:\RECYCLER
2011-06-27 00:33:18 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-27 00:23:39 ----A---- C:\WINDOWS\resetlog.txt
2011-06-27 00:19:56 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-27 00:19:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-20 20:13:44 ----D---- C:\Program Files\msn gaming zone
2011-06-20 19:11:54 ----A---- C:\WINDOWS\pnplog.txt
2011-06-20 18:55:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-06-20 18:55:03 ----A---- C:\WINDOWS\system32\irclass.dll
2011-06-20 18:54:42 ----RA---- C:\WINDOWS\SETF5.tmp
2011-06-20 18:54:38 ----RA---- C:\WINDOWS\SETE9.tmp
2011-06-20 18:54:36 ----RA---- C:\WINDOWS\SETE6.tmp
======List of files/folders modified in the last 1 month======
2011-07-10 22:30:55 ----RAD---- C:\Program Files
2011-07-10 22:20:16 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-10 22:19:09 ----D---- C:\WINDOWS\system32\drivers
2011-07-10 22:18:30 ----D---- C:\WINDOWS\system32
2011-07-10 22:18:30 ----D---- C:\WINDOWS
2011-07-10 22:15:12 ----D---- C:\Qoobox
2011-07-10 22:12:41 ----D---- C:\WINDOWS\ERDNT
2011-07-10 22:11:31 ----N---- C:\WINDOWS\system.ini
2011-07-10 22:11:27 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-10 22:09:59 ----D---- C:\WINDOWS\AppPatch
2011-07-10 22:09:58 ----D---- C:\Program Files\Common Files
2011-06-27 01:05:55 ----D---- C:\Program Files\Mozilla Firefox
2011-06-27 00:43:04 ----SD---- C:\WINDOWS\Tasks
2011-06-27 00:29:46 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Adobe
2011-06-27 00:29:21 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla
2011-06-27 00:25:21 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2011-06-27 00:16:37 ----D---- C:\Program Files\Lavasoft
2011-06-27 00:16:36 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Lavasoft
2011-06-27 00:14:50 ----HD---- C:\WINDOWS\inf
2011-06-27 00:14:41 ----D---- C:\Documents and Settings
2011-06-20 20:51:10 ----D---- C:\WINDOWS\system
2011-06-20 20:51:03 ----D---- C:\WINDOWS\system32\usmt
2011-06-20 20:51:00 ----D---- C:\WINDOWS\system32\Setup
2011-06-20 20:50:51 ----D---- C:\WINDOWS\Media
2011-06-20 20:50:46 ----RSD---- C:\WINDOWS\Fonts
2011-06-20 20:50:39 ----D---- C:\WINDOWS\peernet
2011-06-20 20:50:39 ----D---- C:\WINDOWS\ime
2011-06-20 20:50:17 ----D---- C:\WINDOWS\system32\npp
2011-06-20 20:50:08 ----D---- C:\WINDOWS\msagent
2011-06-20 20:49:39 ----D---- C:\WINDOWS\EHome
2011-06-20 20:49:03 ----D---- C:\WINDOWS\twain_32
2011-06-20 20:48:53 ----D---- C:\WINDOWS\security
2011-06-20 20:48:48 ----D---- C:\WINDOWS\system32\icsxml
2011-06-20 20:48:14 ----D---- C:\WINDOWS\system32\1033
2011-06-20 20:48:14 ----D---- C:\WINDOWS\system32\1029
2011-06-20 20:47:15 ----D---- C:\WINDOWS\Driver Cache
2011-06-20 20:38:51 ----A---- C:\WINDOWS\setuplog.txt
2011-06-20 20:17:51 ----D---- C:\WINDOWS\system32\config
2011-06-20 20:15:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-20 20:13:38 ----D---- C:\Program Files\Windows Media Player
2011-06-20 20:13:37 ----D---- C:\WINDOWS\Help
2011-06-20 20:13:19 ----A---- C:\WINDOWS\OEWABLog.txt
2011-06-20 20:13:14 ----A---- C:\WINDOWS\ODBCINST.INI
2011-06-20 20:13:05 ----D---- C:\WINDOWS\Registration
2011-06-20 20:13:01 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-06-20 20:12:58 ----D---- C:\WINDOWS\system32\ias
2011-06-20 20:12:37 ----RD---- C:\WINDOWS\Web
2011-06-20 20:12:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-06-20 20:12:20 ----A---- C:\WINDOWS\win.ini
2011-06-20 20:12:08 ----D---- C:\WINDOWS\system32\oobe
2011-06-20 20:11:51 ----D---- C:\Program Files\Movie Maker
2011-06-20 20:11:35 ----D---- C:\Program Files\Outlook Express
2011-06-20 19:48:34 ----D---- C:\Program Files\Internet Explorer
2011-06-20 19:48:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 19:47:55 ----D---- C:\WINDOWS\system32\Com
2011-06-20 19:47:30 ----D---- C:\WINDOWS\system32\wbem
2011-06-20 19:39:49 ----SH---- C:\boot.ini
2011-06-20 18:54:57 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-06-20 18:54:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-20 18:54:44 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-20 17:25:48 ----D---- C:\Program Files\HijackThis
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 SiSide;SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-12-26 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2001-01-02 22089]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys []
R1 truecrypt;truecrypt; \??\C:\WINDOWS\system32\Drivers\truecrypt.sys []
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2002-02-23 206208]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-24 21616]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-14 6308032]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-11-25 1617408]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2006-10-20 41216]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 AMBFilt;AMBFilt; C:\WINDOWS\system32\drivers\AMBFilt.sys [2009-06-26 1656960]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\AMDPCI.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-20 60800]
S3 ati;ati; C:\WINDOWS\system32\DRIVERS\ati.sys [2001-10-24 77696]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-02-01 165888]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GcKernel;Ovladač filtru Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 59136]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\System32\DRIVERS\gtusbmdm_gpc6400.sys [2006-02-13 66858]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2005-04-13 15752]
S3 HIDSwvd;Miniovladač stanadardu HID Microsoft SideWinder Virtual; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MonFilt;MonFilt; C:\WINDOWS\system32\drivers\MonFilt.sys [2008-12-02 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-02-01 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-10-20 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-20 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCD65X2;PCD65X2; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\PCD65X2.sys []
S3 RadProbe;Radeon Probe Driver; C:\WINDOWS\system32\DRIVERS\RadProbe.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RivaTunerEx;RivaTunerEx; \??\C:\Program Files\RivaTuner v2.0 RC 15.4\RivaTunerEx.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2006-10-20 17664]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-14 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-17 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 Avusipcfnqt;Avusipcfnqt; C:\WINDOWS\system32\drivers\raspti.sys [2001-10-25 16512]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
S4 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S4 ZKPBDMGK;ZKPBDMGK; C:\DOCUME~1\Mama\LOCALS~1\Temp\ZKPBDMGK.exe []
-----------------EOF-----------------
potreboval bych poradit, matka mela na PC admina nedopadlo to dobre, klikla na nejaky link a v PC se zabydlelo neco hodne nepeknyho, ted funguje na Linuxu, ale nerada, nicmene rad bych ji ty jeji XP zase poradne rozjel, ma tam data, programy a jak nema tu spravnou ikonu na plose, tak s kompem neumi, takze do cisty instalace se mi nechce.
Symptony:
- nejede tak polovina Windows sluzeb, hlavne RPC na ktery jsou naveseny dalsi -chyba 5 pristup odepren
- nejde vzuk, jen PC speaker kvici
- zmizel start panel, ale to jsem na jednom uctu nejak, opravil poradne ani
nevim jak
- nejde schranka, nejdou presouvat ikony tazeni; ani mysi kopirovat soubory
- nesel net - opraveno Winsock LSP fixem
- nenabiha ani Avira, ani malware bytes (problem s visual basic knihovnou hry); spybot
- do woken i do nouzovyho rezimu se prihlasim
- ted uz ne, ale drive bylo v systemovym logu cosi o SidebySide uzivateli
Pokusy o reseni
- nemyslim, si ze bych byl uplne zacatecnik, tak jsem zkousel a zkousel, ale vyhral
- combofix neco nasel, ale problemy jsou stale stejny
- nejaky boot CD Avira, Dr. Web, Ubuntu malware, ale s cinim jsem nevyhral
- zkousel sem i opravu instalace Windows - probehla, ale problemy to nevyresilo
- nouzovnym resimu jsem nainstaloval Avast, ale po nabehnuti, jsou jeho stity vypnuty
Moje idea
- podle me jsou polamany registry a to velmi specificky
- a coz by to asi chtelo nejaky specificky tool a podle symptomu poznat, co tady vlastne radilo
Co funguje:
- cmd
- regedit
- autoruns
Logy:
RSIt:
Logfile of random's system information tool 1.09 (written by random/random)
Run by RuThaN_ at 2011-07-10 22:30:55
WIN_XP Service Pack 2
System drive C: has 51 GB (75%) free of 68 GB
Total RAM: 1791 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:31:10, on 10.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\RuThaN_\Plocha\RSIT.exe
C:\Program Files\trend micro\RuThaN_.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\RuThaN_\Plocha\\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\RuThaN_\Plocha\\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4388 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default
prefs.js - "browser.startup.homepage" - "http://www.atlas.cz/?from=icqhp"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, {20a82645-c095-46ed-80e3-08825760534b}:1.1, wrc@avast.com:6.0.1203, {972ce4c6-7e08-4474-a285-3208198ce6fd}:2.0"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla\Firefox\Profiles\bbdcit6a.default\searchplugins\
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-14 13684736]
"nwiz"=nwiz.exe /install []
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-12-03 33718272]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-14 86016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusAgent]
C:\Program Files\iriver plus\iAgent.exe [2005-06-07 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe [2003-10-14 38984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-12-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RuThaN_^Nabídka Start^Programy^Po spuštění^Launch Programs Now (Hidden).lnk]
C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2
"CiSvc"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Games\Quake III Arena\quake3.exe"="D:\Games\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.XVID"=xvidvfw.dll
"vidc.DIV3"=DivXc32.dll
"vidc.DIV4"=DivXc32f.dll
"msacm.lameacm"=lameACM.acm
"vidc.3iv2"=3ivxVfWCodec.dll
"msacm.divxa32"=divxa32.acm
"VIDC.HFYU"=huffyuv.dll
"VIDC.IV50"=ir50_32.dll
"VIDC.wmv3"=wmv9vcm.dll
"VIDC.i263"=i263_32.drv
"msacm.imc"=imc32.acm
"VIDC.IV40"=Ir41_32.ax
"VIDC.IV41"=Ir41_32.ax
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP31"=vp31vfw.dll
"vidc.MPG4"=Mpg4c32.dll
"vidc.MP42"=Mpg4c32.dll
"vidc.MP43"=Mpg4c32.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"MSVideo8"=VfWWDM32.dll
"vidc.yv12"=DivX.dll
"vidc.DIVX"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-10 22:30:55 ----D---- C:\rsit
2011-07-10 22:30:55 ----D---- C:\Program Files\trend micro
2011-07-10 22:19:09 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-10 22:19:09 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-10 22:19:08 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-10 22:18:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-10 22:18:30 ----A---- C:\WINDOWS\avastSS.scr
2011-07-10 22:18:22 ----D---- C:\Program Files\AVAST Software
2011-07-10 22:18:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-10 22:15:11 ----D---- C:\WINDOWS\temp
2011-07-10 22:15:10 ----A---- C:\ComboFix.txt
2011-07-10 22:06:25 ----A---- C:\WINDOWS\zip.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWSC.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\SWREG.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\sed.exe
2011-07-10 22:06:25 ----A---- C:\WINDOWS\grep.exe
2011-07-10 22:06:18 ----D---- C:\ComboFix
2011-07-10 22:04:01 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Opera
2011-06-27 01:01:27 ----SHD---- C:\RECYCLER
2011-06-27 00:33:18 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-27 00:23:39 ----A---- C:\WINDOWS\resetlog.txt
2011-06-27 00:19:56 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-27 00:19:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-20 20:13:44 ----D---- C:\Program Files\msn gaming zone
2011-06-20 19:11:54 ----A---- C:\WINDOWS\pnplog.txt
2011-06-20 18:55:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-06-20 18:55:03 ----A---- C:\WINDOWS\system32\irclass.dll
2011-06-20 18:54:42 ----RA---- C:\WINDOWS\SETF5.tmp
2011-06-20 18:54:38 ----RA---- C:\WINDOWS\SETE9.tmp
2011-06-20 18:54:36 ----RA---- C:\WINDOWS\SETE6.tmp
======List of files/folders modified in the last 1 month======
2011-07-10 22:30:55 ----RAD---- C:\Program Files
2011-07-10 22:20:16 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-10 22:19:09 ----D---- C:\WINDOWS\system32\drivers
2011-07-10 22:18:30 ----D---- C:\WINDOWS\system32
2011-07-10 22:18:30 ----D---- C:\WINDOWS
2011-07-10 22:15:12 ----D---- C:\Qoobox
2011-07-10 22:12:41 ----D---- C:\WINDOWS\ERDNT
2011-07-10 22:11:31 ----N---- C:\WINDOWS\system.ini
2011-07-10 22:11:27 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-10 22:09:59 ----D---- C:\WINDOWS\AppPatch
2011-07-10 22:09:58 ----D---- C:\Program Files\Common Files
2011-06-27 01:05:55 ----D---- C:\Program Files\Mozilla Firefox
2011-06-27 00:43:04 ----SD---- C:\WINDOWS\Tasks
2011-06-27 00:29:46 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Adobe
2011-06-27 00:29:21 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Mozilla
2011-06-27 00:25:21 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2011-06-27 00:16:37 ----D---- C:\Program Files\Lavasoft
2011-06-27 00:16:36 ----D---- C:\Documents and Settings\RuThaN_\Data aplikací\Lavasoft
2011-06-27 00:14:50 ----HD---- C:\WINDOWS\inf
2011-06-27 00:14:41 ----D---- C:\Documents and Settings
2011-06-20 20:51:10 ----D---- C:\WINDOWS\system
2011-06-20 20:51:03 ----D---- C:\WINDOWS\system32\usmt
2011-06-20 20:51:00 ----D---- C:\WINDOWS\system32\Setup
2011-06-20 20:50:51 ----D---- C:\WINDOWS\Media
2011-06-20 20:50:46 ----RSD---- C:\WINDOWS\Fonts
2011-06-20 20:50:39 ----D---- C:\WINDOWS\peernet
2011-06-20 20:50:39 ----D---- C:\WINDOWS\ime
2011-06-20 20:50:17 ----D---- C:\WINDOWS\system32\npp
2011-06-20 20:50:08 ----D---- C:\WINDOWS\msagent
2011-06-20 20:49:39 ----D---- C:\WINDOWS\EHome
2011-06-20 20:49:03 ----D---- C:\WINDOWS\twain_32
2011-06-20 20:48:53 ----D---- C:\WINDOWS\security
2011-06-20 20:48:48 ----D---- C:\WINDOWS\system32\icsxml
2011-06-20 20:48:14 ----D---- C:\WINDOWS\system32\1033
2011-06-20 20:48:14 ----D---- C:\WINDOWS\system32\1029
2011-06-20 20:47:15 ----D---- C:\WINDOWS\Driver Cache
2011-06-20 20:38:51 ----A---- C:\WINDOWS\setuplog.txt
2011-06-20 20:17:51 ----D---- C:\WINDOWS\system32\config
2011-06-20 20:15:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-20 20:13:38 ----D---- C:\Program Files\Windows Media Player
2011-06-20 20:13:37 ----D---- C:\WINDOWS\Help
2011-06-20 20:13:19 ----A---- C:\WINDOWS\OEWABLog.txt
2011-06-20 20:13:14 ----A---- C:\WINDOWS\ODBCINST.INI
2011-06-20 20:13:05 ----D---- C:\WINDOWS\Registration
2011-06-20 20:13:01 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2011-06-20 20:12:58 ----D---- C:\WINDOWS\system32\ias
2011-06-20 20:12:37 ----RD---- C:\WINDOWS\Web
2011-06-20 20:12:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-06-20 20:12:20 ----A---- C:\WINDOWS\win.ini
2011-06-20 20:12:08 ----D---- C:\WINDOWS\system32\oobe
2011-06-20 20:11:51 ----D---- C:\Program Files\Movie Maker
2011-06-20 20:11:35 ----D---- C:\Program Files\Outlook Express
2011-06-20 19:48:34 ----D---- C:\Program Files\Internet Explorer
2011-06-20 19:48:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 19:47:55 ----D---- C:\WINDOWS\system32\Com
2011-06-20 19:47:30 ----D---- C:\WINDOWS\system32\wbem
2011-06-20 19:39:49 ----SH---- C:\boot.ini
2011-06-20 18:54:57 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-06-20 18:54:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-20 18:54:44 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-20 17:25:48 ----D---- C:\Program Files\HijackThis
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-10-28 20016]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 SiSide;SiSide; C:\WINDOWS\System32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sisidex;sisidex; C:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; C:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-12-26 82380]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2001-01-02 22089]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys []
R1 truecrypt;truecrypt; \??\C:\WINDOWS\system32\Drivers\truecrypt.sys []
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2002-02-23 206208]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R2 PStrip;PStrip; C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-24 21616]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-14 6308032]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-11-25 1617408]
S1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2006-10-20 41216]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 AMBFilt;AMBFilt; C:\WINDOWS\system32\drivers\AMBFilt.sys [2009-06-26 1656960]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\AMDPCI.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-20 60800]
S3 ati;ati; C:\WINDOWS\system32\DRIVERS\ati.sys [2001-10-24 77696]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-02-01 165888]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GcKernel;Ovladač filtru Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 59136]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\System32\DRIVERS\gtusbmdm_gpc6400.sys [2006-02-13 66858]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2005-04-13 15752]
S3 HIDSwvd;Miniovladač stanadardu HID Microsoft SideWinder Virtual; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MonFilt;MonFilt; C:\WINDOWS\system32\drivers\MonFilt.sys [2008-12-02 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-02-01 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-10-20 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-10-20 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 PCD65X2;PCD65X2; \??\C:\DOCUME~1\RuThaN_\LOCALS~1\Temp\PCD65X2.sys []
S3 RadProbe;Radeon Probe Driver; C:\WINDOWS\system32\DRIVERS\RadProbe.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RivaTunerEx;RivaTunerEx; \??\C:\Program Files\RivaTuner v2.0 RC 15.4\RivaTunerEx.sys []
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2006-10-20 17664]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-14 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-17 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 Avusipcfnqt;Avusipcfnqt; C:\WINDOWS\system32\drivers\raspti.sys [2001-10-25 16512]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
S4 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
S4 ZKPBDMGK;ZKPBDMGK; C:\DOCUME~1\Mama\LOCALS~1\Temp\ZKPBDMGK.exe []
-----------------EOF-----------------
Pokud nemáte, přesuňte Combofix na plochu
