svchost.exe
Napsal: 31 pro 2009 14:02
Zdravim svchost.exe pracuje na 100%procesor použil sem combofix vipadalo to že je pryč ale po restrt PC se ukazal znovu tady je zprava z combofix :ComboFix 09-12-30.02 - OEM 31.12.2009 13:28:02.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.635 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-30 21:52 . 2009-12-30 21:52 -------- d-----w- c:\program files\Microsoft Games
2009-12-30 21:34 . 2009-12-30 21:34 -------- d-----w- c:\program files\WinTV
2009-12-30 21:33 . 2009-08-05 08:09 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2009-12-30 21:33 . 2009-02-10 22:00 307256 ----a-w- c:\windows\system32\hcwpnp32.dll
2009-12-30 21:33 . 2004-06-08 04:03 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2009-12-30 21:32 . 2009-12-30 21:32 -------- d-----w- C:\Hauppauge
2009-12-30 21:19 . 2009-12-30 21:19 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-30 21:15 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-12-30 21:15 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-12-30 21:15 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-12-30 21:15 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-30 21:15 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-12-30 21:15 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-30 21:14 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-30 21:14 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-30 21:14 . 2008-04-13 23:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-12-30 21:14 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-30 21:14 . 2008-04-13 23:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-12-30 21:14 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-30 21:14 . 2008-04-14 07:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-12-30 21:14 . 2008-04-14 07:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2009-12-30 21:14 . 2008-04-13 23:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-30 21:14 . 2008-04-13 23:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-12-30 21:12 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-30 21:12 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-30 21:09 . 2009-08-06 08:35 40960 ----a-w- c:\windows\system32\hcwxds.dll
2009-12-30 21:09 . 2009-08-06 08:35 77056 ----a-w- c:\windows\system32\drivers\hcw88tun.sys
2009-12-30 21:09 . 2009-08-06 08:35 396672 ----a-w- c:\windows\system32\drivers\hcw88vid.sys
2009-12-30 21:09 . 2009-08-06 08:35 9539 ----a-w- c:\windows\system32\drivers\hcw88r9x.sys
2009-12-30 21:09 . 2009-08-06 08:35 215168 ----a-w- c:\windows\system32\drivers\hcw88bda.sys
2009-12-30 21:09 . 2009-08-06 08:35 17920 ----a-w- c:\windows\system32\drivers\hcw88bar.sys
2009-12-30 21:09 . 2009-08-06 08:35 12288 ----a-w- c:\windows\system32\drivers\hcw88rc5.sys
2009-12-30 20:39 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-30 20:39 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-30 20:39 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-30 20:39 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-30 20:39 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-30 20:39 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-30 20:39 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-30 20:39 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-30 20:39 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-30 20:16 . 2009-12-30 20:19 -------- d-----w- c:\program files\Google
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\Carambis
2009-12-30 19:48 . 2009-12-30 19:48 -------- d-----w- c:\program files\Alwil Software
2009-12-30 19:38 . 2009-12-30 19:43 -------- d-----w- c:\windows\system32\KB905474
2009-12-30 19:38 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-12-30 19:26 . 2009-12-30 19:26 -------- d-----w- c:\program files\MSXML 4.0
2009-12-30 19:25 . 2009-12-30 19:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-12-30 19:24 . 2006-11-22 09:52 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-12-30 19:24 . 2006-12-17 02:30 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-12-30 19:23 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-30 19:23 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-30 19:18 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-12-30 19:18 . 2009-12-30 19:18 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-30 19:18 . 2009-12-30 19:18 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-12-30 19:17 . 2009-12-30 19:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-30 19:17 . 2009-12-30 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2009-12-30 19:16 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-30 19:15 . 2009-12-30 19:15 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-12-30 19:15 . 2009-12-30 19:15 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-12-30 19:13 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-30 19:13 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-30 19:13 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-30 19:11 . 2009-12-30 19:11 -------- d-----w- c:\program files\Pinnacle
2009-12-30 19:08 . 2009-12-30 19:39 -------- d--h--w- c:\windows\$hf_mig$
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\program files\PJsoft
2009-12-30 18:56 . 2009-12-30 18:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 18:50 . 2009-12-30 20:08 -------- d-----w- c:\program files\ATI Technologies
2009-12-30 18:50 . 2009-12-30 18:50 -------- d-----w- C:\ATI
2009-12-30 18:42 . 2009-12-30 18:42 -------- d-----w- c:\program files\Alcohol Soft
2009-12-30 18:41 . 2009-12-30 18:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\program files\UltraISO
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-30 18:22 . 2009-12-30 18:22 0 ----a-w- c:\windows\nsreg.dat
2009-12-30 18:15 . 2008-08-07 11:14 111360 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2009-12-30 18:15 . 2008-08-07 03:38 9728 ----a-r- c:\windows\system32\RtNicProp32.dll
2009-12-30 18:15 . 2009-12-30 18:15 -------- d-----w- c:\windows\OPTIONS
2009-12-30 18:14 . 2009-12-30 20:18 16608 ----a-w- c:\windows\gdrv.sys
2009-12-30 18:09 . 2009-12-30 18:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-30 18:09 . 2009-12-30 18:09 -------- d-----w- c:\program files\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 11:46 . 2001-10-25 13:00 77962 ----a-w- c:\windows\system32\perfc005.dat
2009-12-31 11:46 . 2001-10-25 13:00 429072 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 20:08 . 2009-12-30 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:23 . 2009-12-30 16:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-30 18:15 . 2009-12-30 16:45 -------- d-----w- c:\program files\Realtek
2009-12-30 18:03 . 2009-12-30 18:00 72 --sh--w- c:\windows\SDE2E7CD3.tmp
2009-12-30 17:58 . 2009-12-30 17:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 17:57 . 2009-12-30 17:57 -------- d-----w- c:\program files\7-Zip
2009-12-30 17:51 . 2009-12-30 17:51 -------- d-----w- c:\program files\MSBuild
2009-12-30 17:51 . 2009-12-30 17:51 -------- d-----w- c:\program files\Reference Assemblies
2009-12-30 17:13 . 2009-12-30 16:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 17:13 . 2009-12-30 16:35 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-30 17:13 . 2009-12-30 16:35 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-30 16:36 . 2009-12-30 16:36 -------- d-----w- c:\program files\microsoft frontpage
2009-12-30 16:33 . 2009-12-30 16:33 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-08 10:29 . 2009-12-30 16:45 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-08 10:29 . 2009-12-30 16:45 358944 ----a-w- c:\windows\vncutil.exe
2009-12-08 10:29 . 2009-12-30 16:45 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-08 10:29 . 2009-12-30 16:45 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-08 10:29 . 2009-12-30 16:45 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-08 10:29 . 2009-12-30 16:45 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-08 10:29 . 2009-12-30 16:45 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-08 10:29 . 2009-12-30 16:45 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-08 10:29 . 2009-12-30 16:45 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-08 10:29 . 2009-12-30 16:45 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-08 10:29 . 2009-12-30 16:45 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-08 10:03 . 2009-12-30 16:45 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-24 09:40 . 2009-12-30 16:45 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-17 23:17 . 2009-12-30 16:45 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-17 23:16 . 2009-12-30 16:45 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-10-29 05:26 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 10:34 . 2008-04-14 06:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 06:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 06:51 150016 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]
"CloneCDTray"="e:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 28160]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.12.2009 21:39 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.12.2009 21:39 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [30.12.2009 22:09 215168]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [30.12.2009 22:09 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [30.12.2009 22:09 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [30.12.2009 22:09 17920]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2009 19:41 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.12.2009 17:45 1691480]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 20:16]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 20:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\hzrfp3ch.default\
FF - prefs.js: browser.startup.homepage - wwww.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Driver Updater - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 13:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-31 13:30:47
ComboFix-quarantined-files.txt 2009-12-31 12:30
Před spuštěním: Volných bajtů: 487 602 270 208
Po spuštění: Volných bajtů: 488 301 232 128
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AF06FA03FD3187AD712B74706CC98EB6
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.635 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-30 21:52 . 2009-12-30 21:52 -------- d-----w- c:\program files\Microsoft Games
2009-12-30 21:34 . 2009-12-30 21:34 -------- d-----w- c:\program files\WinTV
2009-12-30 21:33 . 2009-08-05 08:09 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2009-12-30 21:33 . 2009-02-10 22:00 307256 ----a-w- c:\windows\system32\hcwpnp32.dll
2009-12-30 21:33 . 2004-06-08 04:03 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2009-12-30 21:32 . 2009-12-30 21:32 -------- d-----w- C:\Hauppauge
2009-12-30 21:19 . 2009-12-30 21:19 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-30 21:15 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-12-30 21:15 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2009-12-30 21:15 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-12-30 21:15 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-12-30 21:15 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-12-30 21:15 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-12-30 21:15 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-12-30 21:14 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-30 21:14 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-12-30 21:14 . 2008-04-13 23:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-12-30 21:14 . 2008-04-13 23:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-12-30 21:14 . 2008-04-13 23:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-12-30 21:14 . 2008-04-13 23:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-12-30 21:14 . 2008-04-14 07:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-12-30 21:14 . 2008-04-14 07:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2009-12-30 21:14 . 2008-04-13 23:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-30 21:14 . 2008-04-13 23:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-12-30 21:12 . 2008-04-14 07:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-30 21:12 . 2008-04-14 07:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-30 21:09 . 2009-08-06 08:35 40960 ----a-w- c:\windows\system32\hcwxds.dll
2009-12-30 21:09 . 2009-08-06 08:35 77056 ----a-w- c:\windows\system32\drivers\hcw88tun.sys
2009-12-30 21:09 . 2009-08-06 08:35 396672 ----a-w- c:\windows\system32\drivers\hcw88vid.sys
2009-12-30 21:09 . 2009-08-06 08:35 9539 ----a-w- c:\windows\system32\drivers\hcw88r9x.sys
2009-12-30 21:09 . 2009-08-06 08:35 215168 ----a-w- c:\windows\system32\drivers\hcw88bda.sys
2009-12-30 21:09 . 2009-08-06 08:35 17920 ----a-w- c:\windows\system32\drivers\hcw88bar.sys
2009-12-30 21:09 . 2009-08-06 08:35 12288 ----a-w- c:\windows\system32\drivers\hcw88rc5.sys
2009-12-30 20:39 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-30 20:39 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-30 20:39 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-30 20:39 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-30 20:39 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-30 20:39 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-30 20:39 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-30 20:39 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-30 20:39 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-30 20:16 . 2009-12-30 20:19 -------- d-----w- c:\program files\Google
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\Carambis
2009-12-30 19:48 . 2009-12-30 19:48 -------- d-----w- c:\program files\Alwil Software
2009-12-30 19:38 . 2009-12-30 19:43 -------- d-----w- c:\windows\system32\KB905474
2009-12-30 19:38 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-12-30 19:26 . 2009-12-30 19:26 -------- d-----w- c:\program files\MSXML 4.0
2009-12-30 19:25 . 2009-12-30 19:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-12-30 19:24 . 2006-11-22 09:52 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-12-30 19:24 . 2006-12-17 02:30 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-12-30 19:23 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-30 19:23 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-30 19:18 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-12-30 19:18 . 2009-12-30 19:18 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-30 19:18 . 2009-12-30 19:18 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-12-30 19:17 . 2009-12-30 19:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-30 19:17 . 2009-12-30 19:19 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2009-12-30 19:16 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-30 19:15 . 2009-12-30 19:15 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-12-30 19:15 . 2009-12-30 19:15 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-12-30 19:13 . 2009-08-04 17:29 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-30 19:13 . 2009-08-04 17:29 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-30 19:13 . 2009-08-04 17:29 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-30 19:11 . 2009-12-30 19:11 -------- d-----w- c:\program files\Pinnacle
2009-12-30 19:08 . 2009-12-30 19:39 -------- d--h--w- c:\windows\$hf_mig$
2009-12-30 19:06 . 2009-12-30 19:06 -------- d-----w- c:\program files\PJsoft
2009-12-30 18:56 . 2009-12-30 18:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-30 18:50 . 2009-12-30 20:08 -------- d-----w- c:\program files\ATI Technologies
2009-12-30 18:50 . 2009-12-30 18:50 -------- d-----w- C:\ATI
2009-12-30 18:42 . 2009-12-30 18:42 -------- d-----w- c:\program files\Alcohol Soft
2009-12-30 18:41 . 2009-12-30 18:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\program files\UltraISO
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-30 18:22 . 2009-12-30 18:22 0 ----a-w- c:\windows\nsreg.dat
2009-12-30 18:15 . 2008-08-07 11:14 111360 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2009-12-30 18:15 . 2008-08-07 03:38 9728 ----a-r- c:\windows\system32\RtNicProp32.dll
2009-12-30 18:15 . 2009-12-30 18:15 -------- d-----w- c:\windows\OPTIONS
2009-12-30 18:14 . 2009-12-30 20:18 16608 ----a-w- c:\windows\gdrv.sys
2009-12-30 18:09 . 2009-12-30 18:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-30 18:09 . 2009-12-30 18:09 -------- d-----w- c:\program files\Nero
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 11:46 . 2001-10-25 13:00 77962 ----a-w- c:\windows\system32\perfc005.dat
2009-12-31 11:46 . 2001-10-25 13:00 429072 ----a-w- c:\windows\system32\perfh005.dat
2009-12-30 20:08 . 2009-12-30 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 19:23 . 2009-12-30 16:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-30 18:15 . 2009-12-30 16:45 -------- d-----w- c:\program files\Realtek
2009-12-30 18:03 . 2009-12-30 18:00 72 --sh--w- c:\windows\SDE2E7CD3.tmp
2009-12-30 17:58 . 2009-12-30 17:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-30 17:57 . 2009-12-30 17:57 -------- d-----w- c:\program files\7-Zip
2009-12-30 17:51 . 2009-12-30 17:51 -------- d-----w- c:\program files\MSBuild
2009-12-30 17:51 . 2009-12-30 17:51 -------- d-----w- c:\program files\Reference Assemblies
2009-12-30 17:13 . 2009-12-30 16:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 17:13 . 2009-12-30 16:35 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-30 17:13 . 2009-12-30 16:35 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-30 16:36 . 2009-12-30 16:36 -------- d-----w- c:\program files\microsoft frontpage
2009-12-30 16:33 . 2009-12-30 16:33 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-08 10:29 . 2009-12-30 16:45 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-08 10:29 . 2009-12-30 16:45 358944 ----a-w- c:\windows\vncutil.exe
2009-12-08 10:29 . 2009-12-30 16:45 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-08 10:29 . 2009-12-30 16:45 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-08 10:29 . 2009-12-30 16:45 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-08 10:29 . 2009-12-30 16:45 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-08 10:29 . 2009-12-30 16:45 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-08 10:29 . 2009-12-30 16:45 18789920 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-08 10:29 . 2009-12-30 16:45 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-08 10:29 . 2009-12-30 16:45 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-08 10:29 . 2009-12-30 16:45 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-08 10:03 . 2009-12-30 16:45 6017568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-24 09:40 . 2009-12-30 16:45 838176 ----a-w- c:\windows\RtlExUpd.dll
2009-11-17 23:17 . 2009-12-30 16:45 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-11-17 23:16 . 2009-12-30 16:45 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-10-29 05:26 . 2008-04-14 06:52 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 10:34 . 2008-04-14 06:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 06:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 06:51 150016 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-08 18789920]
"CloneCDTray"="e:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2008-4-14 28160]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"e:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.12.2009 21:39 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.12.2009 21:39 20560]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [30.12.2009 22:09 215168]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [30.12.2009 22:09 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [30.12.2009 22:09 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [30.12.2009 22:09 17920]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2009 19:41 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.12.2009 17:45 1691480]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 20:16]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 20:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\hzrfp3ch.default\
FF - prefs.js: browser.startup.homepage - wwww.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Driver Updater - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 13:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-31 13:30:47
ComboFix-quarantined-files.txt 2009-12-31 12:30
Před spuštěním: Volných bajtů: 487 602 270 208
Po spuštění: Volných bajtů: 488 301 232 128
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - AF06FA03FD3187AD712B74706CC98EB6