avast nasel win32:patched CK ve vice sys. souborech

Zpráva

anynyny · #1 Příspěvek od **anynyny** » 12 led 2010 11:38

win32:patched-CK nalezen v nasledujicich souborech:

windows\explorer.exe
windows\system32\lsass.exe
windows\system32\services.exe
windows\system32\svchost.exe
windows\system32\tctp.dll
windows\system32\winlogon.exe

Pocitac se spousti normalne s tim, ze skonci pred zobrazenim cehokoliv na plose (vyjma pozadi tedy). Pres spravce uloh jsem spustila RSIT, tady je log.

Jde s tim jeste neco, nebo uz to nema cenu?
******************************************
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-12 10:29:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (9%) free of 57 GB
Total RAM: 1015 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1644491937-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1644491937-839522115-1003UA.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Shutdowner"=C:\Documents and Settings\Admin\Plocha\Vypinac.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"okhk"=C:\WINDOWS\system32\okhk.exe [2010-01-11 58880]
"mssysbr"=C:\WINDOWS\system32\nmpybgqb.exe [2010-01-12 176128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-13 133104]
"StudentDOG"=C:\Program Files\Student DOG\StudentDOG.exe -h []
"D9Q071WKGS"=C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\d.exe [2010-01-11 181248]
"AAK8K3J4FL"=C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\e.exe [2010-01-11 171008]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\0023.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
JUoIxnHzeIRpJ - {2CDDCB05-8677-61AF-EB74-941A6004E854} - C:\WINDOWS\System32\tctp.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\WINDOWS\system32\okhk.exe"="C:\WINDOWS\system32\okhk.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62555231-bef4-11de-8545-0014a5e13f5b}]
shell\AutoRun\command - E:\AutoInstall.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62555232-bef4-11de-8545-0014a5e13f5b}]
shell\AutoRun\command - E:\AutoInstall.exe

======List of files/folders created in the last 1 months======

2010-01-12 10:06:16 ----D---- C:\Program Files\trend micro
2010-01-12 10:06:14 ----D---- C:\rsit
2010-01-12 09:19:29 ----A---- C:\WINDOWS\msg.exe
2010-01-12 09:09:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-12 09:06:01 ----A---- C:\WINDOWS\msf.exe
2010-01-11 23:47:46 ----A---- C:\WINDOWS\mse.exe
2010-01-11 23:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-11 23:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 23:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 23:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 23:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-11 23:19:56 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
2010-01-11 23:18:44 ----D---- C:\Documents and Settings\Admin\Data aplikací\Fighters
2010-01-11 22:36:54 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-11 22:36:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-01-11 22:34:42 ----A---- C:\WINDOWS\msd.exe
2010-01-11 21:58:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 21:12:59 ----A---- C:\WINDOWS\msc.exe
2010-01-11 21:02:23 ----A---- C:\WINDOWS\msb.exe
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-01-11 16:18:05 ----D---- C:\Program Files\Alwil Software
2010-01-11 15:59:54 ----AH---- C:\WINDOWS\system32\nmpybgqb.exe
2010-01-11 15:59:36 ----A---- C:\WINDOWS\system32\okhk.exe
2010-01-11 15:59:30 ----A---- C:\WINDOWS\system32\0023.DLL
2010-01-11 15:57:15 ----A---- C:\WINDOWS\msa.exe
2010-01-11 15:56:44 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 15:45:08 ----D---- C:\WINDOWS\system32\Filt
2010-01-11 15:44:25 ----A---- C:\WINDOWS\ODBC.INI
2010-01-11 15:05:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\GlarySoft
2009-12-17 13:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-17 13:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-17 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-17 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-17 13:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-17 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-17 13:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-17 00:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-17 00:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-17 00:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-17 00:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-17 00:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-17 00:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-17 00:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-17 00:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-16 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\it-IT
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\he-IL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\es-ES
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\el-GR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\de-DE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\da-DK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-16 23:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-16 23:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-16 23:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-16 23:09:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-16 23:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-16 23:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-16 23:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-16 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-16 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-16 22:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-16 22:36:44 ----D---- C:\Program Files\MSXML 4.0
2009-12-16 22:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-16 22:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-16 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-16 22:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-16 20:11:48 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2010-01-12 10:27:44 ----AD---- C:\WINDOWS\Temp
2010-01-12 10:27:39 ----SD---- C:\WINDOWS\Tasks
2010-01-12 10:27:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 10:26:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 10:17:10 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 10:15:31 ----SHD---- C:\WINDOWS\Installer
2010-01-12 10:15:30 ----HD---- C:\Config.Msi
2010-01-12 10:15:29 ----RD---- C:\Program Files
2010-01-12 10:15:27 ----D---- C:\WINDOWS\system32
2010-01-12 10:15:00 ----D---- C:\WINDOWS\Prefetch
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\wbem
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\usmt
2010-01-12 09:23:27 ----D---- C:\WINDOWS\system32\Setup
2010-01-12 09:23:27 ----D---- C:\WINDOWS\system32\Restore
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\config
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\Com
2010-01-12 09:23:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-12 09:23:24 ----D---- C:\WINDOWS\repair
2010-01-12 09:23:24 ----D---- C:\WINDOWS\Registration
2010-01-12 09:23:22 ----D---- C:\WINDOWS\msagent
2010-01-12 09:23:21 ----D---- C:\WINDOWS\Media
2010-01-12 09:23:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-12 09:23:20 ----HD---- C:\WINDOWS\inf
2010-01-12 09:23:20 ----D---- C:\WINDOWS\ime
2010-01-12 09:23:18 ----D---- C:\WINDOWS\AppPatch
2010-01-12 09:23:18 ----D---- C:\WINDOWS
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows NT
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows Media Player
2010-01-12 09:23:10 ----D---- C:\Program Files\Total Commander
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 PCSync
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 Mobile Modem
2010-01-12 09:23:06 ----D---- C:\Program Files\QuickTime
2010-01-12 09:23:06 ----D---- C:\Program Files\PDFCreator
2010-01-12 09:23:06 ----D---- C:\Program Files\Outlook Express
2010-01-12 09:23:05 ----D---- C:\Program Files\Opera 10 Beta
2010-01-12 09:23:05 ----D---- C:\Program Files\Movie Maker
2010-01-12 09:23:03 ----D---- C:\Program Files\Messenger
2010-01-12 09:23:01 ----D---- C:\Program Files\Internet Explorer
2010-01-12 09:22:59 ----D---- C:\Program Files\Glary Utilities
2010-01-12 09:22:59 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-12 09:22:56 ----D---- C:\Program Files\CDBurnerXP
2010-01-12 09:08:06 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-12 03:07:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-12 03:05:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 03:02:39 ----D---- C:\Program Files\Common Files\System
2010-01-12 03:02:39 ----A---- C:\WINDOWS\win.ini
2010-01-11 23:43:53 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 23:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 23:38:03 ----D---- C:\WINDOWS\WinSxS
2010-01-11 22:54:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 22:36:54 ----D---- C:\Program Files\Common Files
2010-01-11 22:26:14 ----D---- C:\Documents and Settings
2010-01-11 16:23:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 16:21:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 16:17:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-11 15:59:31 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-11 15:51:56 ----SHD---- C:\System Volume Information
2010-01-11 15:48:15 ----D---- C:\Program Files\Java
2010-01-11 15:29:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-11 15:26:48 ----D---- C:\WINDOWS\twain_32
2009-12-17 16:43:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-17 16:43:11 ----RSD---- C:\WINDOWS\assembly
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\en-US
2009-12-16 20:16:52 ----SH---- C:\boot.ini
2009-12-16 20:16:51 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-28 1160320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-05 1123328]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 adi7hjab;adi7hjab; C:\WINDOWS\system32\drivers\adi7hjab.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 S2usbser;S2 USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\S2usbser.sys [2008-03-20 103680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

anynyny · #2 Příspěvek od **anynyny** » 12 led 2010 12:12

njn, mel ho pres semestr v peci synovec... kazdopadne ja dekuji.

- pri spousteni combofix hlaska o zapnute rezidentni ochrane avastu, po odsouhlaseni hlasky jel program bez problemu dal
- konzole pro zotaveni nenainstalovana (pocitac se k internetu nepripojil, nezkoumala jsem detaily)
****************************************************

ComboFix 10-01-11.03 - Owner 12.01.2010 10:58:58.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.668 [GMT 0:00]
Spuštěný z: F:\abraka.com
AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\secupdat.dat
c:\recycler\S-1-5-21-8156701998-1963758365-253175726-8183
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\msf.exe
c:\windows\msg.exe
c:\windows\system32\0023.DLL
c:\windows\system32\ieuinit.inf
c:\windows\system32\kr_done1
c:\windows\system32\oem0.inf
c:\windows\system32\secupdat.dat
c:\windows\system32\sshnas21.dll
c:\windows\system32\WORK.DAT
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 10:06 . 2010-01-12 10:06 -------- d-----w- c:\program files\trend micro
2010-01-12 09:09 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 09:09 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 09:09 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 09:09 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-12 09:09 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 09:09 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 09:09 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-12 09:09 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-12 09:09 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-11 23:33 . 2010-01-12 10:16 327712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-11 23:33 . 2010-01-12 10:16 24096 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-11 23:23 . 2010-01-11 23:23 -------- d-----w- c:\documents and settings\Guest\Bluetooth Software
2010-01-11 22:36 . 2010-01-12 10:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-11 16:28 . 2010-01-11 20:45 182794 ----a-w- c:\windows\hpoins28.dat
2010-01-11 16:28 . 2008-05-12 19:44 796 ------w- c:\windows\hpomdl28.dat
2010-01-11 16:18 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-11 16:18 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2010-01-11 16:18 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-01-11 16:18 . 2010-01-11 16:18 -------- d-----w- c:\program files\Alwil Software
2010-01-11 16:03 . 2010-01-11 16:03 -------- d-s---w- c:\documents and settings\Admin\UserData
2010-01-11 16:00 . 2010-01-11 16:00 6144 ---ha-w- c:\documents and settings\Admin\mshrxa.exe
2010-01-11 15:59 . 2010-01-12 09:20 176128 ---ha-w- c:\windows\system32\nmpybgqb.exe
2010-01-11 15:59 . 2010-01-11 15:59 58880 ----a-w- c:\windows\system32\okhk.exe
2010-01-11 15:59 . 2010-01-11 15:59 58880 ---h--w- c:\documents and settings\Admin\uxq.exe
2010-01-11 15:45 . 2010-01-12 09:16 -------- d-----w- c:\windows\system32\Filt
2009-12-16 23:09 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 22:36 . 2009-12-16 22:36 -------- d-----w- c:\program files\MSXML 4.0
2009-12-16 13:36 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-16 13:33 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-16 13:26 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 10:16 . 2010-01-11 23:33 4916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-12 10:16 . 2010-01-11 23:33 3308 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-12 09:23 . 2009-10-22 12:32 -------- d-----w- c:\program files\S2 PCSync
2010-01-12 09:23 . 2009-10-22 12:11 -------- d-----w- c:\program files\S2 Mobile Modem
2010-01-12 09:23 . 2009-08-07 10:06 -------- d-----w- c:\program files\Total Commander
2010-01-12 09:23 . 2009-10-11 16:25 -------- d-----w- c:\program files\PDFCreator
2010-01-12 09:23 . 2009-08-11 15:52 -------- d-----w- c:\program files\QuickTime
2010-01-12 09:23 . 2009-08-08 22:04 -------- d-----w- c:\program files\Opera 10 Beta
2010-01-12 09:22 . 2009-08-09 17:55 -------- d-----w- c:\program files\Glary Utilities
2010-01-12 09:22 . 2009-08-07 10:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 09:22 . 2009-08-09 17:39 -------- d-----w- c:\program files\CDBurnerXP
2010-01-11 22:54 . 2001-10-25 14:00 79418 ----a-w- c:\windows\system32\perfc005.dat
2010-01-11 22:54 . 2001-10-25 14:00 432510 ----a-w- c:\windows\system32\perfh005.dat
2010-01-11 15:48 . 2009-10-11 17:18 -------- d-----w- c:\program files\Java
2009-10-29 05:26 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

------- Sigcheck -------

[7] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2004-08-17 . 82A362FE1D4980B71B588D9C10748511 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[7] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . D41D8CD98F00B204E9800998ECF8427E . 113152 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2009-02-09 . 4F9F7B567970B524F31D9970A23F7C24 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[7] 2009-02-09 . 33081FED75032291EE0E008D5385E86F . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-17 . 6E401E61F952FBBF708AFBECEFAFAE81 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-17 . DFBA2915B0BF58ABB288CD4C9318CB3F . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 03:22 . !HASH: COULD NOT OPEN FILE !!!!! . 1036800 . . [------] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"okhk"="c:\windows\system32\okhk.exe \u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mssysbr"="c:\windows\system32\nmpybgqb.exe" [2010-01-12 176128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JUoIxnHzeIRpJ"= {2CDDCB05-8677-61AF-EB74-941A6004E854} - c:\windows\System32\tctp.dll [2009-03-21 32768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\okhk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.1.2010 9:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.1.2010 9:09 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.8.2009 10:12 722416]
S3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [22.10.2009 12:31 103680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-01-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-09 08:30]

2010-01-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-StudentDOG - c:\program files\Student DOG\StudentDOG.exe
HKLM-Run-Shutdowner - c:\documents and settings\Admin\Plocha\Vypinac.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 11:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-01-12 11:05:41
ComboFix-quarantined-files.txt 2010-01-12 11:05

Před spuštěním: 5 440 835 584
Po spuštění: 5 915 676 672

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - AC46EF8B3A29C30D780DF96E95B1AA01

anynyny · #3 Příspěvek od **anynyny** » 12 led 2010 12:56

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-12 11:49:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (10%) free of 57 GB
Total RAM: 1015 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"okhk"=C:\WINDOWS\system32\okhk.exe [2010-01-11 58880]
"mssysbr"=C:\WINDOWS\system32\nmpybgqb.exe [2010-01-12 176128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-13 133104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
JUoIxnHzeIRpJ - {2CDDCB05-8677-61AF-EB74-941A6004E854} - C:\WINDOWS\System32\tctp.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\okhk.exe"="C:\WINDOWS\system32\okhk.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-12 11:49:58 ----D---- C:\rsit
2010-01-12 11:05:42 ----A---- C:\ComboFix.txt
2010-01-12 10:58:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 10:58:01 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\zip.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\sed.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\grep.exe
2010-01-12 10:57:53 ----D---- C:\WINDOWS\ERDNT
2010-01-12 10:51:17 ----D---- C:\Qoobox
2010-01-12 10:06:16 ----D---- C:\Program Files\trend micro
2010-01-12 09:09:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-11 23:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-11 23:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 23:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 23:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 23:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-11 23:19:56 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
2010-01-11 23:18:44 ----D---- C:\Documents and Settings\Admin\Data aplikací\Fighters
2010-01-11 22:36:54 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-11 22:36:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-01-11 21:58:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-01-11 16:18:05 ----D---- C:\Program Files\Alwil Software
2010-01-11 15:59:54 ----AH---- C:\WINDOWS\system32\nmpybgqb.exe
2010-01-11 15:59:36 ----A---- C:\WINDOWS\system32\okhk.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 15:45:08 ----D---- C:\WINDOWS\system32\Filt
2010-01-11 15:44:25 ----A---- C:\WINDOWS\ODBC.INI
2010-01-11 15:05:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\GlarySoft
2009-12-17 13:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-17 13:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-17 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-17 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-17 13:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-17 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-17 13:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-17 00:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-17 00:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-17 00:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-17 00:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-17 00:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-17 00:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-17 00:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-17 00:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-16 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\it-IT
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\he-IL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\es-ES
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\el-GR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\de-DE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\da-DK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-16 23:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-16 23:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-16 23:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-16 23:09:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-16 23:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-16 23:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-16 23:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-16 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-16 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-16 22:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-16 22:36:44 ----D---- C:\Program Files\MSXML 4.0
2009-12-16 22:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-16 22:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-16 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-16 22:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-16 20:11:48 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2010-01-12 11:49:57 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-12 11:04:47 ----SD---- C:\WINDOWS\Tasks
2010-01-12 11:03:48 ----D---- C:\WINDOWS
2010-01-12 11:03:48 ----A---- C:\WINDOWS\system.ini
2010-01-12 11:03:17 ----AD---- C:\WINDOWS\Temp
2010-01-12 11:03:00 ----D---- C:\WINDOWS\system32
2010-01-12 11:01:40 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 11:01:40 ----D---- C:\WINDOWS\AppPatch
2010-01-12 11:01:33 ----D---- C:\Program Files\Common Files
2010-01-12 10:58:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 10:58:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 10:57:58 ----SHD---- C:\System Volume Information
2010-01-12 10:57:58 ----D---- C:\WINDOWS\system32\Restore
2010-01-12 10:57:53 ----D---- C:\WINDOWS\Prefetch
2010-01-12 10:17:10 ----D---- C:\Config.Msi
2010-01-12 10:15:31 ----SHD---- C:\WINDOWS\Installer
2010-01-12 10:15:29 ----RD---- C:\Program Files
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\wbem
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\usmt
2010-01-12 09:23:27 ----D---- C:\WINDOWS\system32\Setup
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\config
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\Com
2010-01-12 09:23:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-12 09:23:24 ----D---- C:\WINDOWS\repair
2010-01-12 09:23:24 ----D---- C:\WINDOWS\Registration
2010-01-12 09:23:22 ----D---- C:\WINDOWS\msagent
2010-01-12 09:23:21 ----D---- C:\WINDOWS\Media
2010-01-12 09:23:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-12 09:23:20 ----HD---- C:\WINDOWS\inf
2010-01-12 09:23:20 ----D---- C:\WINDOWS\ime
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows NT
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows Media Player
2010-01-12 09:23:10 ----D---- C:\Program Files\Total Commander
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 PCSync
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 Mobile Modem
2010-01-12 09:23:06 ----D---- C:\Program Files\QuickTime
2010-01-12 09:23:06 ----D---- C:\Program Files\PDFCreator
2010-01-12 09:23:06 ----D---- C:\Program Files\Outlook Express
2010-01-12 09:23:05 ----D---- C:\Program Files\Opera 10 Beta
2010-01-12 09:23:05 ----D---- C:\Program Files\Movie Maker
2010-01-12 09:23:03 ----D---- C:\Program Files\Messenger
2010-01-12 09:23:01 ----D---- C:\Program Files\Internet Explorer
2010-01-12 09:22:59 ----D---- C:\Program Files\Glary Utilities
2010-01-12 09:22:59 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-12 09:22:56 ----D---- C:\Program Files\CDBurnerXP
2010-01-12 03:07:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-12 03:05:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 03:02:39 ----D---- C:\Program Files\Common Files\System
2010-01-12 03:02:39 ----A---- C:\WINDOWS\win.ini
2010-01-11 23:43:53 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 23:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 23:38:03 ----D---- C:\WINDOWS\WinSxS
2010-01-11 22:54:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 22:26:14 ----D---- C:\Documents and Settings
2010-01-11 16:23:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 16:21:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 16:17:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-11 15:59:31 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-11 15:48:15 ----D---- C:\Program Files\Java
2010-01-11 15:29:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-11 15:26:48 ----D---- C:\WINDOWS\twain_32
2009-12-17 16:43:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-17 16:43:11 ----RSD---- C:\WINDOWS\assembly
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\en-US
2009-12-16 20:16:52 ----SH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-28 1160320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-05 1123328]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 S2usbser;S2 USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\S2usbser.sys [2008-03-20 103680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

- po ukonceni programu pouze log, zadna jina zmena
- restart se automaticky neprovedl, mam vyzkouset?

anynyny · #4 Příspěvek od **anynyny** » 12 led 2010 13:05

pardoooon:( jak mi nejede ta plocha, tak mam s manipulaci s temi soubory trochu trable... uz jdu na to

anynyny · #5 Příspěvek od **anynyny** » 12 led 2010 13:41

no... jestli se podarilo nevim. Spravny log mi nejspis budes muset pomoct najit...

- plocha nejede, takze jsem soubor pretahla nad combofix rucne v "pruzkumnickem" okne
- vsechno predpokladam probehlo tak jak ma (hlasky o ochrane avastem, nabidka stazeni konzole, samotny prubeh)
- automaticky restart
- na pocitaci mi nesel spustit uz ani ten Spravce uloh pres ktereho ted vsechno resim
- manualni restart
- stav se (alespon na prvni pohled) nelisi, zase jedu pres Spravce uloh

Log nemuzu najit. Na C: existuje slozka Qoobox, ktera obsahuje ten predesly log a dalsi soubory. Z tech se podle casu vytvoreni k tomu, co jsem vyvadela, vztahuje jen prikazovy script Curlit, HTML document CF-Submit, textak s tim scriptem a textak LogA, ktery ti prikladam:

\Registry\Machine\System\CurrentControlSet\Services\vkquwexg

*******************

Script file located at: \??\C:\abraka\ComboDel.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\QooBox
*******************

Beginning to process script file:

File move operation C:\windows\System32\tctp.dll|C:\QooBox\Quarantine\C\windows\System32\tctp.dll.vir completed successfully.
Program C:\abraka\CF24094.cfxxe" /c "C:\abraka\Combobatch.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

Cekam na dalsi rady a prubezne dekuji za trpelivost.

anynyny · #6 Příspěvek od **anynyny** » 12 led 2010 13:45

jeste jsem nasla tohle

ComboFix 10-01-11.03 - Owner 12.01.2010 12:07:22.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.675 [GMT 0:00]
Spuštěný z: F:\abraka.com
Použité ovládací přepínače :: F:\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: c:\windows\system32\nmpybgqb.exe
file zipped: c:\windows\system32\okhk.exe
file zipped: c:\windows\System32\tctp.dll
.

anynyny · #7 Příspěvek od **anynyny** » 12 led 2010 13:59

Nabidka start bohuzel nejede... vsechno delam pres Spravce uloh (ten jde spustit pres CTRL+ALT+DLT) a pripadne si oteviram Total CMD.

Podle TCMD jsou na C: za posledni hodinu pouze dva soubory s ComboFix v nazvu. Jde o ty dva logy, co uz jsem tady uvadela. Ten uplne prvni a pak tenhle neuplny.

anynyny · #8 Příspěvek od **anynyny** » 12 led 2010 14:04

jejda... uz asi vim, proc ten log neni cely...

Jestli si spravne pamatuju, tak jsem nad ten Combofix musela pretahovat ten script dvakrat. Poprve to totiz vyhodilo jen nejakou hlasku o spatnem hlaskovani nebo tak neco (nestihla jsem si to zapsat) a vsechno se zavrelo bez jakychkoliv dalsich informacnich oken).

Podruhe to ale projelo v poradku. K tomu ale zadny log najit fakt nemuzu

anynyny · #9 Příspěvek od **anynyny** » 12 led 2010 14:19

restart probehl dvakrat, jednou na zacatku a pak az uplne na konci. Log jsem opet nenasla. Primo na C: se vytvorily pouze soubory hiberfil.sys a pagefile.sys. Pak je jeste vnorene ve slozce dalsi ComboFix.txt ale to je zase "nedokoncene" tentokrat dokonce uz jen s tou hlavickou po hlasku o varovani o konzoli.

Nouzovy rezim jsem nezkousela, vyzkousim.

anynyny · #10 Příspěvek od **anynyny** » 12 led 2010 14:32

Stav nouze s praci v siti nabehl. Plocha a klasicke ovladani oken v nem zase funguje.

RSIT log je tady:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-12 13:27:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (12%) free of 57 GB
Total RAM: 1015 MB (81% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"combofix"=C:\ComboFix\CF19956.cfxxe [2010-01-12 390144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"=C:\ComboFix\CF19956.cfxxe [2010-01-12 390144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-13 133104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
JUoIxnHzeIRpJ - {2CDDCB05-8677-61AF-EB74-941A6004E854} - C:\WINDOWS\System32\tctp.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-12 13:27:58 ----D---- C:\rsit
2010-01-12 13:26:38 ----D---- C:\WINDOWS\CSC
2010-01-12 13:18:09 ----SD---- C:\ComboFix
2010-01-12 12:06:51 ----SHD---- C:\RECYCLER
2010-01-12 12:06:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 10:58:01 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\zip.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\sed.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\grep.exe
2010-01-12 10:57:53 ----D---- C:\WINDOWS\ERDNT
2010-01-12 10:51:17 ----D---- C:\Qoobox
2010-01-12 10:06:16 ----D---- C:\Program Files\trend micro
2010-01-12 09:09:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-11 23:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-11 23:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 23:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 23:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 23:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-11 23:19:56 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
2010-01-11 23:18:44 ----D---- C:\Documents and Settings\Admin\Data aplikací\Fighters
2010-01-11 22:36:54 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-11 22:36:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-01-11 21:58:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-01-11 16:18:05 ----D---- C:\Program Files\Alwil Software
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 15:45:08 ----D---- C:\WINDOWS\system32\Filt
2010-01-11 15:44:25 ----A---- C:\WINDOWS\ODBC.INI
2010-01-11 15:05:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\GlarySoft
2009-12-17 13:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-17 13:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-17 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-17 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-17 13:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-17 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-17 13:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-17 00:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-17 00:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-17 00:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-17 00:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-17 00:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-17 00:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-17 00:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-17 00:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-16 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\it-IT
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\he-IL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\es-ES
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\el-GR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\de-DE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\da-DK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-16 23:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-16 23:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-16 23:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-16 23:09:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-16 23:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-16 23:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-16 23:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-16 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-16 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-16 22:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-16 22:36:44 ----D---- C:\Program Files\MSXML 4.0
2009-12-16 22:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-16 22:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-16 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-16 22:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-16 20:11:48 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2010-01-12 13:27:54 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-12 13:26:38 ----D---- C:\WINDOWS
2010-01-12 13:24:06 ----AD---- C:\WINDOWS\Temp
2010-01-12 13:18:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 13:10:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 13:10:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 13:07:56 ----D---- C:\WINDOWS\AppPatch
2010-01-12 13:07:55 ----D---- C:\WINDOWS\system32
2010-01-12 13:07:47 ----D---- C:\Program Files\Common Files
2010-01-12 11:04:47 ----SD---- C:\WINDOWS\Tasks
2010-01-12 11:03:48 ----A---- C:\WINDOWS\system.ini
2010-01-12 10:57:58 ----SHD---- C:\System Volume Information
2010-01-12 10:57:58 ----D---- C:\WINDOWS\system32\Restore
2010-01-12 10:57:53 ----D---- C:\WINDOWS\Prefetch
2010-01-12 10:17:10 ----D---- C:\Config.Msi
2010-01-12 10:15:31 ----SHD---- C:\WINDOWS\Installer
2010-01-12 10:15:29 ----RD---- C:\Program Files
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\wbem
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\usmt
2010-01-12 09:23:27 ----D---- C:\WINDOWS\system32\Setup
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\config
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\Com
2010-01-12 09:23:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-12 09:23:24 ----D---- C:\WINDOWS\repair
2010-01-12 09:23:24 ----D---- C:\WINDOWS\Registration
2010-01-12 09:23:22 ----D---- C:\WINDOWS\msagent
2010-01-12 09:23:21 ----D---- C:\WINDOWS\Media
2010-01-12 09:23:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-12 09:23:20 ----HD---- C:\WINDOWS\inf
2010-01-12 09:23:20 ----D---- C:\WINDOWS\ime
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows NT
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows Media Player
2010-01-12 09:23:10 ----D---- C:\Program Files\Total Commander
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 PCSync
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 Mobile Modem
2010-01-12 09:23:06 ----D---- C:\Program Files\QuickTime
2010-01-12 09:23:06 ----D---- C:\Program Files\PDFCreator
2010-01-12 09:23:06 ----D---- C:\Program Files\Outlook Express
2010-01-12 09:23:05 ----D---- C:\Program Files\Opera 10 Beta
2010-01-12 09:23:05 ----D---- C:\Program Files\Movie Maker
2010-01-12 09:23:03 ----D---- C:\Program Files\Messenger
2010-01-12 09:23:01 ----D---- C:\Program Files\Internet Explorer
2010-01-12 09:22:59 ----D---- C:\Program Files\Glary Utilities
2010-01-12 09:22:59 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-12 09:22:56 ----D---- C:\Program Files\CDBurnerXP
2010-01-12 03:07:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-12 03:05:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 03:02:39 ----D---- C:\Program Files\Common Files\System
2010-01-12 03:02:39 ----A---- C:\WINDOWS\win.ini
2010-01-11 23:43:53 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 23:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 23:38:03 ----D---- C:\WINDOWS\WinSxS
2010-01-11 22:54:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-11 22:26:14 ----D---- C:\Documents and Settings
2010-01-11 16:23:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 16:21:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 16:17:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-11 15:59:31 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-11 15:48:15 ----D---- C:\Program Files\Java
2010-01-11 15:29:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-11 15:26:48 ----D---- C:\WINDOWS\twain_32
2009-12-17 16:43:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-17 16:43:11 ----RSD---- C:\WINDOWS\assembly
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\en-US
2009-12-16 20:16:52 ----SH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-05 1123328]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-28 1160320]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys []
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 S2usbser;S2 USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\S2usbser.sys [2008-03-20 103680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-07 722416]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

anynyny · #11 Příspěvek od **anynyny** » 12 led 2010 17:56

ok, takze asi postupne:

1. nazvy souboru zmeneny

2. avenger stazen, script vlozen, par restartu, avenger.txt zde:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\System32\tctp.dll" not found!
Deletion of file "C:\WINDOWS\System32\tctp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|combofix" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce|combofix" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|JUoIxnHzeIRpJ" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

3. catchme stazen, script vlozen, run OK, restart OK. Catchme.txt zde:

Processing "Files:"

file zipped: c:\windows\ServicePackFiles\i386\lsass.exe -> catchme.zip -> lsass.exe ( 13312 bytes )
file zipped: c:\windows\system32\lsass.exe -> catchme.zip -> lsass.exe.1 ( 14848 bytes )
file zipped: c:\windows\ServicePackFiles\i386\services.exe -> catchme.zip -> services.exe ( 108544 bytes )
file zipped: c:\windows\system32\services.exe -> catchme.zip -> services.exe.1 ( 113152 bytes )
file zipped: c:\windows\ServicePackFiles\i386\winlogon.exe -> catchme.zip -> winlogon.exe ( 507904 bytes )
file zipped: c:\windows\system32\winlogon.exe -> catchme.zip -> winlogon.exe.1 ( 512000 bytes )
file zipped: C:\windows\ServicePackFiles\i386\svchost.exe -> catchme.zip -> svchost.exe ( 14336 bytes )
file zipped: c:\windows\system32\svchost.exe -> catchme.zip -> svchost.exe.1 ( 17408 bytes )
file zipped: c:\windows\ServicePackFiles\i386\explorer.exe -> catchme.zip -> explorer.exe ( 1034240 bytes )
file zipped: c:\windows\explorer.exe -> catchme.zip -> explorer.exe.1 ( 1036800 bytes )

4. gmer stazen, procesy ukonceny, soubory smazany a znovu nakopirovany, restart

vysledek: comp sel nastartovat normalne mimo nouzovy rezim, vse vypada ok. Na tom linku, coos poslal ten soubor porad cekal, tak jsem ho otestovala na KasperskyLab. Zkusila jsem projet explorer, lsass, schvost - vsechny jsou ciste.

Uz muzu zacit horecne dekovat a uctivat sveho zachrance, nebo bude jeste par dalsich pokynu?

anynyny · #12 Příspěvek od **anynyny** » 12 led 2010 18:36

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-12 17:32:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (10%) free of 57 GB
Total RAM: 1015 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:12, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\S2 PCSync\S2 PCSuite.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6430 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-13 133104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9bfee55-ff9b-11de-856b-00170830f8e4}]
shell\AutoRun\command - E:\AutoInstall.exe

======List of files/folders created in the last 1 months======

2010-01-12 17:32:23 ----D---- C:\rsit
2010-01-12 16:44:39 ----A---- C:\WINDOWS\system32\winlogon.exe
2010-01-12 16:44:39 ----A---- C:\WINDOWS\system32\svchost.exe
2010-01-12 16:44:39 ----A---- C:\WINDOWS\system32\services.exe
2010-01-12 16:44:39 ----A---- C:\WINDOWS\system32\lsass.exe
2010-01-12 16:44:39 ----A---- C:\WINDOWS\explorer.exe
2010-01-12 15:56:59 ----A---- C:\avenger.txt
2010-01-12 13:26:38 ----SHD---- C:\WINDOWS\CSC
2010-01-12 12:06:51 ----SHD---- C:\RECYCLER
2010-01-12 12:06:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 10:58:01 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\zip.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\sed.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 10:58:00 ----A---- C:\WINDOWS\grep.exe
2010-01-12 10:57:53 ----D---- C:\WINDOWS\ERDNT
2010-01-12 10:06:16 ----D---- C:\Program Files\trend micro
2010-01-12 09:09:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-11 23:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-11 23:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-11 23:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-11 23:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-11 23:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-11 23:19:56 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
2010-01-11 23:18:44 ----D---- C:\Documents and Settings\Admin\Data aplikací\Fighters
2010-01-11 22:36:54 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-01-11 22:36:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2010-01-11 21:58:43 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2010-01-11 16:18:11 ----A---- C:\WINDOWS\system32\MFC71.dll
2010-01-11 16:18:05 ----D---- C:\Program Files\Alwil Software
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-11 15:48:19 ----A---- C:\WINDOWS\system32\java.exe
2010-01-11 15:45:08 ----D---- C:\WINDOWS\system32\Filt
2010-01-11 15:44:25 ----A---- C:\WINDOWS\ODBC.INI
2010-01-11 15:05:16 ----D---- C:\Documents and Settings\Admin\Data aplikací\GlarySoft
2009-12-17 13:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-17 13:24:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-17 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-17 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-17 13:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-17 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-17 13:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-17 00:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-17 00:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-17 00:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-17 00:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-17 00:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-17 00:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-17 00:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-17 00:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-16 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\it-IT
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\he-IL
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\es-ES
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\el-GR
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\de-DE
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\da-DK
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-16 23:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-16 23:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-16 23:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-16 23:09:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-16 23:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-16 23:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-16 23:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-16 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-16 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-16 22:41:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-16 22:36:44 ----D---- C:\Program Files\MSXML 4.0
2009-12-16 22:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-16 22:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-16 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-16 22:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-16 20:11:48 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2010-01-12 17:31:47 ----A---- C:\WINDOWS\WINCMD.INI
2010-01-12 17:05:16 ----D---- C:\Program Files\S2 PCSync
2010-01-12 17:04:09 ----HD---- C:\WINDOWS\inf
2010-01-12 16:52:08 ----AD---- C:\WINDOWS\Temp
2010-01-12 16:47:46 ----D---- C:\WINDOWS\system32
2010-01-12 16:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-12 16:47:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 16:44:39 ----D---- C:\WINDOWS
2010-01-12 15:53:46 ----SD---- C:\WINDOWS\Tasks
2010-01-12 13:18:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-12 13:10:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 13:07:56 ----D---- C:\WINDOWS\AppPatch
2010-01-12 13:07:47 ----D---- C:\Program Files\Common Files
2010-01-12 11:03:48 ----N---- C:\WINDOWS\system.ini
2010-01-12 10:57:58 ----SHD---- C:\System Volume Information
2010-01-12 10:57:58 ----D---- C:\WINDOWS\system32\Restore
2010-01-12 10:57:53 ----D---- C:\WINDOWS\Prefetch
2010-01-12 10:17:10 ----D---- C:\Config.Msi
2010-01-12 10:15:31 ----SHD---- C:\WINDOWS\Installer
2010-01-12 10:15:29 ----RD---- C:\Program Files
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\wbem
2010-01-12 09:23:28 ----D---- C:\WINDOWS\system32\usmt
2010-01-12 09:23:27 ----D---- C:\WINDOWS\system32\Setup
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\config
2010-01-12 09:23:26 ----D---- C:\WINDOWS\system32\Com
2010-01-12 09:23:25 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-12 09:23:24 ----D---- C:\WINDOWS\repair
2010-01-12 09:23:24 ----D---- C:\WINDOWS\Registration
2010-01-12 09:23:22 ----D---- C:\WINDOWS\msagent
2010-01-12 09:23:21 ----D---- C:\WINDOWS\Media
2010-01-12 09:23:20 ----RSD---- C:\WINDOWS\Fonts
2010-01-12 09:23:20 ----D---- C:\WINDOWS\ime
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows NT
2010-01-12 09:23:12 ----D---- C:\Program Files\Windows Media Player
2010-01-12 09:23:10 ----D---- C:\Program Files\Total Commander
2010-01-12 09:23:10 ----D---- C:\Program Files\S2 Mobile Modem
2010-01-12 09:23:06 ----D---- C:\Program Files\QuickTime
2010-01-12 09:23:06 ----D---- C:\Program Files\PDFCreator
2010-01-12 09:23:06 ----D---- C:\Program Files\Outlook Express
2010-01-12 09:23:05 ----D---- C:\Program Files\Opera 10 Beta
2010-01-12 09:23:05 ----D---- C:\Program Files\Movie Maker
2010-01-12 09:23:03 ----D---- C:\Program Files\Messenger
2010-01-12 09:23:01 ----D---- C:\Program Files\Internet Explorer
2010-01-12 09:22:59 ----D---- C:\Program Files\Glary Utilities
2010-01-12 09:22:59 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-12 09:22:56 ----D---- C:\Program Files\CDBurnerXP
2010-01-12 03:07:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-12 03:05:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-12 03:02:39 ----N---- C:\WINDOWS\win.ini
2010-01-12 03:02:39 ----D---- C:\Program Files\Common Files\System
2010-01-11 23:43:53 ----A---- C:\WINDOWS\imsins.BAK
2010-01-11 23:43:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-11 23:38:03 ----D---- C:\WINDOWS\WinSxS
2010-01-11 22:26:14 ----D---- C:\Documents and Settings
2010-01-11 16:23:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-11 16:21:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 16:17:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-11 15:59:31 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-11 15:48:15 ----D---- C:\Program Files\Java
2010-01-11 15:29:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-11 15:26:48 ----D---- C:\WINDOWS\twain_32
2009-12-17 16:43:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-17 16:43:11 ----RSD---- C:\WINDOWS\assembly
2009-12-16 23:33:26 ----D---- C:\WINDOWS\system32\en-US
2009-12-16 20:16:52 ----SH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-28 1160320]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-05 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 S2usbser;S2 USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\S2usbser.sys [2008-03-20 103680]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-07 722416]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-02-15 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

anynyny · #13 Příspěvek od **anynyny** » 12 led 2010 20:28

ComboFix 10-01-11.04 - Owner 12.01.2010 17:37:22.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.621 [GMT 0:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.com
AV: avast! antivirus 4.8.1356 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 17:32 . 2010-01-12 17:33 -------- d-----w- C:\rsit
2010-01-12 16:44 . 2008-04-14 03:22 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-01-12 16:44 . 2008-04-14 03:22 14336 ----a-w- c:\windows\system32\svchost.exe
2010-01-12 16:44 . 2008-04-14 03:22 108544 ----a-w- c:\windows\system32\services.exe
2010-01-12 16:44 . 2008-04-14 03:22 13312 ----a-w- c:\windows\system32\lsass.exe
2010-01-12 16:44 . 2008-04-14 03:22 1034240 ----a-w- c:\windows\explorer.exe
2010-01-12 10:06 . 2010-01-12 17:33 -------- d-----w- c:\program files\trend micro
2010-01-12 09:09 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 09:09 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 09:09 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 09:09 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-12 09:09 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 09:09 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 09:09 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-12 09:09 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-12 09:09 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-11 23:33 . 2010-01-12 10:16 327712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-11 23:33 . 2010-01-12 10:16 24096 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-11 23:23 . 2010-01-11 23:23 -------- d-----w- c:\documents and settings\Guest\Bluetooth Software
2010-01-11 22:36 . 2010-01-12 10:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-11 16:28 . 2010-01-11 20:45 182794 ----a-w- c:\windows\hpoins28.dat
2010-01-11 16:28 . 2008-05-12 19:44 796 ------w- c:\windows\hpomdl28.dat
2010-01-11 16:18 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-01-11 16:18 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2010-01-11 16:18 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-01-11 16:18 . 2010-01-11 16:18 -------- d-----w- c:\program files\Alwil Software
2010-01-11 16:03 . 2010-01-11 16:03 -------- d-s---w- c:\documents and settings\Admin\UserData
2010-01-11 16:00 . 2010-01-11 16:00 6144 ---ha-w- c:\documents and settings\Admin\mshrxa.exe
2010-01-11 15:59 . 2010-01-11 15:59 58880 ---h--w- c:\documents and settings\Admin\uxq.exe
2010-01-11 15:45 . 2010-01-12 09:16 -------- d-----w- c:\windows\system32\Filt
2009-12-16 23:09 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-16 22:36 . 2009-12-16 22:36 -------- d-----w- c:\program files\MSXML 4.0
2009-12-16 13:36 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-16 13:33 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-16 13:26 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 17:35 . 2009-10-22 12:32 -------- d-----w- c:\program files\S2 PCSync
2010-01-12 16:47 . 2001-10-25 14:00 79418 ----a-w- c:\windows\system32\perfc005.dat
2010-01-12 16:47 . 2001-10-25 14:00 432510 ----a-w- c:\windows\system32\perfh005.dat
2010-01-12 10:16 . 2010-01-11 23:33 4916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-12 10:16 . 2010-01-11 23:33 3308 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-12 09:23 . 2009-10-22 12:11 -------- d-----w- c:\program files\S2 Mobile Modem
2010-01-12 09:23 . 2009-08-07 10:06 -------- d-----w- c:\program files\Total Commander
2010-01-12 09:23 . 2009-10-11 16:25 -------- d-----w- c:\program files\PDFCreator
2010-01-12 09:23 . 2009-08-11 15:52 -------- d-----w- c:\program files\QuickTime
2010-01-12 09:23 . 2009-08-08 22:04 -------- d-----w- c:\program files\Opera 10 Beta
2010-01-12 09:22 . 2009-08-09 17:55 -------- d-----w- c:\program files\Glary Utilities
2010-01-12 09:22 . 2009-08-07 10:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 09:22 . 2009-08-09 17:39 -------- d-----w- c:\program files\CDBurnerXP
2010-01-11 15:48 . 2009-10-11 17:18 -------- d-----w- c:\program files\Java
2009-10-29 05:26 . 2004-08-17 13:49 668160 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 13:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 13:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.1.2010 9:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.1.2010 9:09 20560]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [22.10.2009 12:31 103680]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.8.2009 10:12 722416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 17:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-01-12 17:43:43
ComboFix-quarantined-files.txt 2010-01-12 17:43

Před spuštěním: 5 829 062 656
Po spuštění: 5 795 491 840

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 24BBC3A9BC04371C97299EAE9659FF0E

Diky moc. Jakykoliv dalsi ocistny proces jen vitam.

anynyny · #14 Příspěvek od **anynyny** » 12 led 2010 21:04

njn, to je tak kdyz clovek necha nekomu pocitac na hrani

nastesti tam nemam zadna dulezita data.
Tady je zatim prvni log. Zbytek dodam az bude.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-12 19:53:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\ugtdypoc.sys

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

anynyny · #15 Příspěvek od **anynyny** » 13 led 2010 00:07

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 22:53:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\ugtdypoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA37F6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA37F574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA37FA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA37F14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA37F64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA37F08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA37F0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA37F76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA37F72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA37F8AE]

Code \??\C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ANNAPU~1\LOCALS~1\Temp\catchme.sys Systém nemůže nalézt uvedený soubor. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Systém nemůže nalézt uvedený soubor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe[764] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xB3 0x44 0x30 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x07 0x43 0x73 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x26 0xBB 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xB3 0x44 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x07 0x43 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x26 0xBB 0x45 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xB3 0x44 0x30 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x07 0x43 0x73 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x26 0xBB 0x45 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\db7f424bdee91b9e8f0fca26121ec29b 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\db7f424bdee91b9e8f0fca26121ec29b\BITAE.tmp 730968 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\be7ba0ca291f5211b420f9b34340d2e3\BITAF.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

VIRY.CZ

avast nasel win32:patched CK ve vice sys. souborech

avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

Re: avast nasel win32:patched CK ve vice sys. souborech

RSIT

Re: avast nasel win32:patched CK ve vice sys. souborech

prvni jednoduchy scan

gmer cely scan