Trojský kůň Kryptik

[Kecal7]

ComboFix 11-09-17.04 - Lukas 18.09.2011 14:06:50.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2578 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukas\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\QIP 2010\Core\MousePhone.dll
c:\windows\system32\d3d9caps.dat
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-18 do 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-11 20:14 . 2011-09-11 20:14 -------- d-----w- C:\NST
2011-09-11 18:55 . 2011-09-11 18:55 -------- d-----w- C:\Boot
2011-09-09 13:47 . 2011-09-09 13:47 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-09-07 12:39 . 2011-09-10 17:43 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Tropico 4
2011-09-07 12:38 . 2011-09-07 12:38 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Kalypso Media
2011-09-07 12:29 . 2011-09-07 12:29 -------- d-----w- c:\program files\Kalypso Media
2011-09-04 19:03 . 2011-09-04 19:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft.NET
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-04 19:01 . 2011-09-04 19:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\windows\SHELLNEW
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Microsoft Help
2011-09-04 19:00 . 2011-09-04 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-09-04 18:59 . 2011-09-04 18:59 -------- d-----r- C:\MSOCache
2011-09-01 14:46 . 2009-05-06 07:53 30813416 ----a-w- c:\windows\system32\t3apstp.exe
2011-09-01 14:45 . 2011-09-01 14:45 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-09-01 14:02 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-09-01 14:02 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2011-09-01 14:00 . 2006-11-28 00:14 782336 ----a-r- c:\windows\system32\tmp61.tmp
2011-09-01 13:07 . 2011-09-01 13:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-09-01 11:47 . 2011-09-01 11:47 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Creative
2011-09-01 11:41 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-09-01 11:40 . 2000-05-22 00:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-09-01 11:40 . 2006-10-05 22:17 53248 ------w- c:\windows\Ctregrun.exe
2011-09-01 11:39 . 2011-09-01 11:39 -------- d-----w- c:\program files\Common Files\Creative
2011-09-01 11:39 . 2011-09-01 14:45 -------- d--h--w- c:\program files\Creative Installation Information
2011-09-01 11:37 . 2009-02-27 08:45 171008 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2011-09-01 11:37 . 2009-01-14 08:47 21504 ----a-w- c:\windows\system32\sfman32.dll
2011-09-01 11:37 . 2009-01-14 08:47 142336 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-09-01 11:37 . 2009-01-14 08:47 120832 ----a-w- c:\windows\system32\sfms32.dll
2011-09-01 11:37 . 2009-01-14 08:47 114688 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-09-01 11:37 . 2005-04-22 03:27 73728 ----a-r- c:\windows\MIDIDEF.EXE
2011-09-01 11:37 . 2011-09-01 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Creative
2011-09-01 11:37 . 2011-09-01 14:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-01 11:37 . 2011-09-01 14:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-01 11:37 . 2006-11-27 18:14 782336 ----a-r- c:\windows\system32\tmp4C.tmp
2011-09-01 11:37 . 2008-09-30 09:23 181760 ----a-w- c:\windows\system32\CtDvInst.dll
2011-09-01 11:34 . 2011-09-01 14:48 -------- d-----w- c:\program files\Creative
2011-08-20 15:41 . 2011-08-20 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Apple
2011-08-20 12:24 . 2011-08-20 12:24 13584 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMapBinder.dll
2011-08-20 12:24 . 2011-08-20 12:24 51472 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMap.dll
2011-08-20 12:24 . 2011-08-20 12:24 19216 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\rmdll\Final\CLRBinder.dll
2011-08-20 11:34 . 2011-08-20 11:34 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\NVIDIA
2011-08-19 18:06 . 2011-08-21 13:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-08-19 18:06 . 2011-08-19 18:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-08-19 18:05 . 2011-08-03 11:49 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-19 18:05 . 2011-08-21 13:10 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-19 18:05 . 2011-08-21 13:10 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-19 18:05 . 2011-08-21 13:10 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-19 18:05 . 2011-08-03 11:49 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-19 18:05 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-19 18:05 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-19 18:05 . 2011-08-03 11:49 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-19 18:05 . 2011-08-03 11:49 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-19 18:05 . 2011-08-03 11:49 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-19 18:05 . 2011-08-03 11:49 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-19 18:04 . 2011-08-21 13:10 -------- d-----w- c:\program files\NVIDIA Corporation
2011-08-19 18:04 . 2011-08-19 18:04 -------- d-----w- C:\NVIDIA
2011-08-19 17:40 . 2006-01-15 00:38 162304 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-19 15:21 . 2011-08-22 13:28 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Ubisoft Game Launcher
2011-08-19 15:07 . 2011-08-19 15:07 -------- d-----w- c:\program files\CCleaner
2011-08-19 15:00 . 2011-08-19 15:00 -------- d-----w- C:\Ubisoft Game Launcher
2011-08-19 14:47 . 2011-09-05 17:04 -------- d-----w- c:\program files\Ubisoft
2011-08-19 14:23 . 2011-08-21 11:47 -------- d-----w- c:\program files\Microsoft Silverlight
2011-08-19 14:19 . 2011-08-19 14:19 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\OpenCandy
2011-08-19 14:19 . 2011-08-19 14:19 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\OpenCandy
2011-08-19 14:19 . 2011-08-19 14:19 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-19 14:19 . 2011-08-19 14:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-08-19 14:18 . 2011-08-19 15:10 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\DAEMON Tools Lite
2011-08-19 14:18 . 2011-08-19 14:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 11:07 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-17 11:07 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-12 10:02 . 2011-07-21 12:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2007-10-25 09:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2007-10-25 09:17 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2007-10-25 09:17 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-08-03 11:49 . 2007-10-25 09:17 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-08-03 11:49 . 2007-10-25 09:17 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-08-03 11:49 . 2007-10-25 09:17 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-08-03 11:49 . 2007-10-25 09:17 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-08-03 11:49 . 2007-10-25 09:17 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-08-03 11:49 . 2007-10-25 09:17 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2007-10-25 09:17 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-08-03 11:49 . 2007-10-25 09:17 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2007-10-25 09:17 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2007-10-25 09:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2007-10-25 09:17 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2007-10-25 09:17 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-08-03 11:49 . 2007-10-25 09:17 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2007-10-25 09:17 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-07-21 12:23 . 2011-07-21 12:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-21 12:23 . 2011-07-21 12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 08:18 . 2011-07-21 08:18 315392 ----a-w- c:\windows\HideWin.exe
2011-07-15 13:29 . 2008-04-14 00:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 00:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-21 08:36 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-21 08:36 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-21 08:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-21 08:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-07-21 08:36 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-21 08:36 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-21 08:36 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-21 08:36 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-21 08:36 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-21 08:36 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2011-07-20 19:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2008-04-14 08:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2008-04-14 08:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2008-04-14 08:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2008-04-14 07:50 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 08:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 12:05 . 2011-07-21 08:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"SQ931STI"="c:\windows\SQ931STI.EXE" [2007-01-24 151552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\counter-strike source\\hl2.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.7.2011 10:36 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.7.2011 10:36 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.8.2011 16:19 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.7.2011 10:36 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21.7.2011 10:24 36864]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [1.9.2011 13:36 742936]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [1.9.2011 13:36 1803136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1.9.2011 16:48 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [1.9.2011 16:45 79360]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21: 37 4640000 ]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-21 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 81.19.5.10 81.19.5.11
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\xd9emqi6.default\
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Cpsqss - c:\documents and settings\Lukas\Data aplikací\Cpsqss.exe
HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk
HKCU-Run-EVEREST AutoStart - c:\documents and settings\Lukas\Plocha\EVEREST Ultimate Edition 4.60.1540 Beta(hodnoty PC)\everest.exe
AddRemove-Sound Blaster X-Fi Windows Drivers - c:\program files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 14:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2011-09-18 14:21:19
ComboFix-quarantined-files.txt 2011-09-18 12:21
.
Před spuštěním: Volných bajtů: 53 955 514 368
Po spuštění: Volných bajtů: 53 961 863 168
.
- - End Of File - - 3F84442F0CD70B13AFF179393A6C3C94



ještě se chci zeptat, pokud mám naformátovanou flash, tak může tam být někde ten vir skryt?
Předem děkuji za pomoc

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\tmp61.tmp
c:\windows\system32\tmp4C.tmp

Uložte na plochu jako CFSCript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Rudy]

Ještě poprosím, abyste tento soubor: c:\windows\SQ931STI.EXE otestoval online na www.virustotal.com.

[Kecal7]

ComboFix 11-09-19.01 - Lukas 19.09.2011 18:46:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2824 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukas\Plocha\CFSCript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\windows\system32\tmp4C.tmp
file zipped: c:\windows\system32\tmp61.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tmp4C.tmp
c:\windows\system32\tmp61.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-19 do 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-18 20:40 . 2011-09-18 20:40 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Canon
2011-09-11 20:14 . 2011-09-11 20:14 -------- d-----w- C:\NST
2011-09-11 18:55 . 2011-09-11 18:55 -------- d-----w- C:\Boot
2011-09-09 13:47 . 2011-09-09 13:47 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-09-07 12:39 . 2011-09-10 17:43 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Tropico 4
2011-09-07 12:38 . 2011-09-07 12:38 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Kalypso Media
2011-09-07 12:29 . 2011-09-07 12:29 -------- d-----w- c:\program files\Kalypso Media
2011-09-04 19:03 . 2011-09-04 19:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft.NET
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-04 19:01 . 2011-09-04 19:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\windows\SHELLNEW
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Microsoft Help
2011-09-04 19:00 . 2011-09-04 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-09-04 18:59 . 2011-09-04 18:59 -------- d-----r- C:\MSOCache
2011-09-01 14:46 . 2009-05-06 07:53 30813416 ----a-w- c:\windows\system32\t3apstp.exe
2011-09-01 14:45 . 2011-09-01 14:45 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-09-01 14:02 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-09-01 14:02 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2011-09-01 13:07 . 2011-09-01 13:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-09-01 11:47 . 2011-09-01 11:47 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Creative
2011-09-01 11:41 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-09-01 11:40 . 2000-05-22 00:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-09-01 11:40 . 2006-10-05 22:17 53248 ------w- c:\windows\Ctregrun.exe
2011-09-01 11:39 . 2011-09-01 11:39 -------- d-----w- c:\program files\Common Files\Creative
2011-09-01 11:39 . 2011-09-01 14:45 -------- d--h--w- c:\program files\Creative Installation Information
2011-09-01 11:37 . 2009-02-27 08:45 171008 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2011-09-01 11:37 . 2009-01-14 08:47 21504 ----a-w- c:\windows\system32\sfman32.dll
2011-09-01 11:37 . 2009-01-14 08:47 142336 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-09-01 11:37 . 2009-01-14 08:47 120832 ----a-w- c:\windows\system32\sfms32.dll
2011-09-01 11:37 . 2009-01-14 08:47 114688 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-09-01 11:37 . 2005-04-22 03:27 73728 ----a-r- c:\windows\MIDIDEF.EXE
2011-09-01 11:37 . 2011-09-01 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Creative
2011-09-01 11:37 . 2011-09-01 14:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-01 11:37 . 2011-09-01 14:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-01 11:37 . 2008-09-30 09:23 181760 ----a-w- c:\windows\system32\CtDvInst.dll
2011-09-01 11:34 . 2011-09-01 14:48 -------- d-----w- c:\program files\Creative
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 14:19 . 2011-08-19 14:19 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-17 11:07 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-17 11:07 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-12 10:02 . 2011-07-21 12:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-08-19 18:05 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-08-19 18:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-08-19 18:05 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-08-19 18:05 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-08-19 18:05 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-08-19 18:05 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-08-19 18:05 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-08-19 18:05 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2007-10-25 09:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2007-10-25 09:17 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2007-10-25 09:17 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-08-03 11:49 . 2007-10-25 09:17 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-08-03 11:49 . 2007-10-25 09:17 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-08-03 11:49 . 2007-10-25 09:17 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-08-03 11:49 . 2007-10-25 09:17 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-08-03 11:49 . 2007-10-25 09:17 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-08-03 11:49 . 2007-10-25 09:17 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2007-10-25 09:17 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-08-03 11:49 . 2007-10-25 09:17 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2007-10-25 09:17 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2007-10-25 09:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2007-10-25 09:17 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2007-10-25 09:17 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-08-03 11:49 . 2007-10-25 09:17 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2007-10-25 09:17 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-07-21 12:23 . 2011-07-21 12:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-21 12:23 . 2011-07-21 12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 08:18 . 2011-07-21 08:18 315392 ----a-w- c:\windows\HideWin.exe
2011-07-15 13:29 . 2008-04-14 00:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 00:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-21 08:36 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-21 08:36 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-21 08:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-21 08:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-07-21 08:36 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-21 08:36 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-21 08:36 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-21 08:36 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-21 08:36 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-21 08:36 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2011-07-20 19:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2008-04-14 08:52 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2008-04-14 08:50 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2008-04-14 08:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2008-04-14 07:50 370176 ----a-w- c:\windows\system32\html.iec
2011-09-07 12:05 . 2011-07-21 08:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-18_12.16.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-19 16:56 . 2011-09-19 16:56 16384 c:\windows\Temp\Perflib_Perfdata_570.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 68292 c:\windows\system32\perfc009.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 79220 c:\windows\system32\perfc005.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 435396 c:\windows\system32\perfh009.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 432272 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"SQ931STI"="c:\windows\SQ931STI.EXE" [2007-01-24 151552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\counter-strike source\\hl2.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.7.2011 10:36 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.7.2011 10:36 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.8.2011 16:19 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.7.2011 10:36 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21.7.2011 10:24 36864]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [1.9.2011 13:36 742936]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [1.9.2011 13:36 1803136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1.9.2011 16:48 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [1.9.2011 16:45 79360]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-21 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 81.19.5.10 81.19.5.11
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\xd9emqi6.default\
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 18:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-09-19 19:01:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-19 17:01
ComboFix2.txt 2011-09-18 12:21
.
Před spuštěním: Volných bajtů: 53 704 241 152
Po spuštění: Volných bajtů: 53 717 454 848
.
- - End Of File - - 7E827E9569FA2BFB0972DA5879540135
Nahr nˇ probŘhlo ŁspŘçnŘ

a otestování souboru na virustotal:
MD5: cb2d509acf5c2606710797596bc6ff2c
Date first seen: 2009-02-15 01:35:44 (UTC)
Date last seen: 2011-09-09 16:44:19 (UTC)
Detection ratio: 0/44

nevím, jestli vám pojede odkaz, ale je zde:
http://www.virustotal.com/file-scan/rea ... 1316451957

[Rudy]

Ještě jednou spusťte ComboFix tímto skriptem:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1

Soubor je čistý.

[Kecal7]

hotovo:
ComboFix 11-09-19.01 - Lukas 20.09.2011 12:40:18.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2802 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukas\Plocha\CFSCript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-20 do 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-18 20:40 . 2011-09-18 20:40 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Canon
2011-09-11 20:14 . 2011-09-11 20:14 -------- d-----w- C:\NST
2011-09-11 18:55 . 2011-09-11 18:55 -------- d-----w- C:\Boot
2011-09-09 13:47 . 2011-09-09 13:47 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-09-07 12:39 . 2011-09-10 17:43 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Tropico 4
2011-09-07 12:38 . 2011-09-07 12:38 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Kalypso Media
2011-09-07 12:29 . 2011-09-07 12:29 -------- d-----w- c:\program files\Kalypso Media
2011-09-04 19:03 . 2011-09-04 19:03 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft.NET
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-09-04 19:02 . 2011-09-04 19:02 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-09-04 19:01 . 2011-09-04 19:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\windows\SHELLNEW
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-09-04 19:00 . 2011-09-04 19:00 -------- d-----w- c:\documents and settings\Lukas\Local Settings\Data aplikací\Microsoft Help
2011-09-04 19:00 . 2011-09-04 19:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-09-04 18:59 . 2011-09-04 18:59 -------- d-----r- C:\MSOCache
2011-09-01 14:46 . 2009-05-06 07:53 30813416 ----a-w- c:\windows\system32\t3apstp.exe
2011-09-01 14:45 . 2011-09-01 14:45 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-09-01 14:02 . 1999-12-12 23:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-09-01 14:02 . 1999-11-17 23:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2011-09-01 13:07 . 2011-09-01 13:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2011-09-01 11:47 . 2011-09-01 11:47 -------- d-----w- c:\documents and settings\Lukas\Data aplikací\Creative
2011-09-01 11:41 . 2003-06-12 21:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-09-01 11:40 . 2000-05-22 00:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-09-01 11:40 . 2006-10-05 22:17 53248 ------w- c:\windows\Ctregrun.exe
2011-09-01 11:39 . 2011-09-01 11:39 -------- d-----w- c:\program files\Common Files\Creative
2011-09-01 11:39 . 2011-09-01 14:45 -------- d--h--w- c:\program files\Creative Installation Information
2011-09-01 11:37 . 2009-02-27 08:45 171008 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2011-09-01 11:37 . 2009-01-14 08:47 21504 ----a-w- c:\windows\system32\sfman32.dll
2011-09-01 11:37 . 2009-01-14 08:47 142336 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2011-09-01 11:37 . 2009-01-14 08:47 120832 ----a-w- c:\windows\system32\sfms32.dll
2011-09-01 11:37 . 2009-01-14 08:47 114688 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2011-09-01 11:37 . 2005-04-22 03:27 73728 ----a-r- c:\windows\MIDIDEF.EXE
2011-09-01 11:37 . 2011-09-01 17:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Creative
2011-09-01 11:37 . 2011-09-01 14:47 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-01 11:37 . 2011-09-01 14:47 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-01 11:37 . 2008-09-30 09:23 181760 ----a-w- c:\windows\system32\CtDvInst.dll
2011-09-01 11:34 . 2011-09-01 14:48 -------- d-----w- c:\program files\Creative
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 14:19 . 2011-08-19 14:19 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-17 11:07 . 2009-08-18 09:30 564632 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-17 11:07 . 2009-08-18 09:24 18328 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-12 10:02 . 2011-07-21 12:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:49 . 2011-08-19 18:05 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-08-19 18:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-08-19 18:05 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2011-08-19 18:05 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2011-08-19 18:05 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-08-19 18:05 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-08-19 18:05 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-08-19 18:05 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2007-10-25 09:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2007-10-25 09:17 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2007-10-25 09:17 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-08-03 11:49 . 2007-10-25 09:17 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-08-03 11:49 . 2007-10-25 09:17 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-08-03 11:49 . 2007-10-25 09:17 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-08-03 11:49 . 2007-10-25 09:17 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-08-03 11:49 . 2007-10-25 09:17 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-08-03 11:49 . 2007-10-25 09:17 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-08-03 11:49 . 2007-10-25 09:17 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-08-03 11:49 . 2007-10-25 09:17 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-08-03 11:49 . 2007-10-25 09:17 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-08-03 11:49 . 2007-10-25 09:17 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-08-03 11:49 . 2007-10-25 09:17 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-08-03 11:49 . 2007-10-25 09:17 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2007-10-25 09:17 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-08-03 11:49 . 2007-10-25 09:17 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2007-10-25 09:17 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2007-10-25 09:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2007-10-25 09:17 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2007-10-25 09:17 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-08-03 11:49 . 2007-10-25 09:17 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2007-10-25 09:17 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-07-21 12:23 . 2011-07-21 12:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-21 12:23 . 2011-07-21 12:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-21 08:18 . 2011-07-21 08:18 315392 ----a-w- c:\windows\HideWin.exe
2011-07-15 13:29 . 2008-04-14 00:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 00:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-21 08:36 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-21 08:36 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-21 08:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-21 08:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-07-21 08:36 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-21 08:36 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-21 08:36 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-21 08:36 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-21 08:36 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-21 08:36 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2011-07-20 19:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-07 12:05 . 2011-07-21 08:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-18_12.16.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-20 10:01 . 2011-09-20 10:01 16384 c:\windows\Temp\Perflib_Perfdata_1d8.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 68292 c:\windows\system32\perfc009.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 79220 c:\windows\system32\perfc005.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 435396 c:\windows\system32\perfh009.dat
+ 2001-10-25 15:00 . 2011-09-18 19:41 432272 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"SQ931STI"="c:\windows\SQ931STI.EXE" [2007-01-24 151552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-01-16 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"SPIRun"="SPIRun.dll" [2006-11-29 8704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\kecal7\\counter-strike source\\hl2.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.7.2011 10:36 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.7.2011 10:36 309848]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [19.8.2011 16:19 232512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.7.2011 10:36 19544]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [4.8.2011 14:34 1361288]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21.7.2011 10:24 36864]
R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [1.9.2011 13:36 742936]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [1.9.2011 13:36 1803136]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1.9.2011 16:48 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [1.9.2011 16:45 79360]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Lukas\LOCALS~1\Temp\EverestDriver.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.7.2011 10:36 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 13:18]
.
2011-09-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-07-21 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 81.19.5.10 81.19.5.11
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Lukas\Data aplikací\Mozilla\Firefox\Profiles\xd9emqi6.default\
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-20 12:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1029\GrooveIntlResource.dll
.
Celkový čas: 2011-09-20 12:51:21
ComboFix-quarantined-files.txt 2011-09-20 10:51
ComboFix2.txt 2011-09-19 17:03
ComboFix3.txt 2011-09-18 12:21
.
Před spuštěním: Volných bajtů: 53 516 652 544
Po spuštění: Volných bajtů: 53 528 514 560
.
- - End Of File - - 24F3FF0B318250C8185F919DFFBBEEEF

[Rudy]

OK. Ještě otevřte poznámkový blok a zkopírujte do něj:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Zajišťuje překlad síťové adresy, adresování, překlad adres IP a ochranu před neoprávněným vniknutím do podnikové nebo domácí sítě."
"DisplayName"="Brána Firewall / Sdílení připojení k Internetu (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cd0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Uložte na plochu jako oprava.reg a dvouklikem ho rozbalte.

[Kecal7]

Hotovo Mám to projet combofixem bez příkazů?

[Rudy]

CF nechte na pokoji, nedoporučujeme jeho užívání bez zjevné příčiny. Změnilo se něco?

[Kecal7]

tak nějakou změnu rychlosti internetu jsem nezaznamenal, ale pokud to bude ok, tak je to super A moc Vám děkuji

[Rudy]

tak nějakou změnu rychlosti internetu jsem nezaznamenal, ale pokud to bude ok, tak je to super A moc Vám děkuji

Myslel jsem, zda vám AV toho vira už nedetekuje. Nemáte zač!

[Kecal7]

Tak jsem udělal nejdůkladnější test avastem jaký může být a nenašlo to ani jeden vir Takže určitě děkuji za Váš čas, radost s Vámi spolupracovat

[Rudy]

Rádo se stalo!