Stránka 1 z 1

Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 04 bře 2010 22:58
od PospaH
Zdravím, prosím o radu i pomoc (moc se v tom nevyznám), díky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by PospaH at 2010-03-04 22:57:01
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 68 GB (22%) free of 305 GB
Total RAM: 1789 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:02, on 4.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Hry\NFS Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programy\Firefox\firefox.exe
C:\Documents and Settings\Jan Pospíšil\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jan Pospíšil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programy\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [incognito] C:\WINDOWS\system32\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sysfgs32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Hry\NFS Undercover\PB\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11335 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-09 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-09 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-09 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-09 256112]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-01 61440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-09-09 122368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
"HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-05-28 81920]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-03-06 552960]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-16 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Programy\Adobe Reader\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"incognito"=C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Jan Pospíšil\Nabídka Start\Programy\Po spuštění
sysfgs32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-01 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\cbss.dll [2010-03-03 46592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{025b12fe-a6fb-11de-aa0f-0025b36bc9b3}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1efe347d-d51d-11de-aa9b-0025b36bc9b3}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc15898-f562-11de-ab03-00265e410010}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52823da8-25fd-11df-ab89-00265e410010}]
shell\AutoRun\command - G:\.\garbage/pizdec.exe
shell\explore\command - G:\
shell\open\command - G:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6885f9c-26bc-11df-ab8c-00265e410010}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e092b85c-252b-11df-ab84-00265e410010}]
shell\AutoRun\command - H:\.\garbage/pizdec.exe
shell\explore\command - H:\garbage////pizdec.exe
shell\open\command - H:\garbage\\\pizdec.exe


======List of files/folders created in the last 1 months======

2010-03-04 13:53:29 ----D---- C:\WINDOWS\CSC
2010-03-04 13:53:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-04 13:04:44 ----D---- C:\Program Files\trend micro
2010-03-04 13:04:42 ----D---- C:\rsit
2010-03-03 13:03:52 ----D---- C:\Documents and Settings\Jan Pospíšil\Data aplikací\U3
2010-03-01 09:15:49 ----RASH---- C:\WINDOWS\system32\incognito.exe
2010-02-26 08:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-26 08:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-26 08:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-26 08:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-26 08:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-26 08:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-26 08:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-26 08:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-26 08:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-26 08:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2010-02-26 08:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-26 08:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-26 08:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-26 08:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-26 08:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-26 08:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-26 08:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-26 08:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-26 08:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-26 08:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-26 08:51:26 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-26 08:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-26 08:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-26 08:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-26 08:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-26 08:51:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-26 08:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-26 08:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-26 08:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-26 08:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-26 08:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-02-26 08:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-26 08:50:13 ----D---- C:\Program Files\MSXML 4.0
2010-02-26 08:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-02-26 08:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-26 08:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-23 22:03:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2010-02-23 19:24:59 ----A---- C:\WINDOWS\system32\mkl_vml_p4.dll
2010-02-23 19:24:59 ----A---- C:\WINDOWS\system32\mkl_vml_p3.dll
2010-02-23 19:24:58 ----A---- C:\WINDOWS\system32\mkl_vml_def.dll
2010-02-23 19:24:58 ----A---- C:\WINDOWS\system32\mkl_p4.dll
2010-02-23 19:24:58 ----A---- C:\WINDOWS\system32\mkl_p3.dll
2010-02-23 19:24:58 ----A---- C:\WINDOWS\system32\mkl_lapack64.dll
2010-02-23 19:24:57 ----A---- C:\WINDOWS\system32\rapture3d_oal.dll
2010-02-23 19:24:57 ----A---- C:\WINDOWS\system32\mkl_lapack32.dll
2010-02-23 19:24:57 ----A---- C:\WINDOWS\system32\mkl_def.dll
2010-02-23 19:24:57 ----A---- C:\WINDOWS\system32\libguide40.dll
2010-02-23 19:24:56 ----D---- C:\Program Files\BRS
2010-02-23 19:21:53 ----D---- C:\0d5e9c81851bbc85b3405e8e0b5b
2010-02-23 19:19:28 ----D---- C:\Program Files\OpenAL
2010-02-23 19:19:27 ----RA---- C:\WINDOWS\system32\tmpD2.tmp
2010-02-23 19:19:27 ----RA---- C:\WINDOWS\system32\tmpD1.tmp
2010-02-23 19:19:27 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-02-23 19:19:27 ----A---- C:\WINDOWS\system32\OpenAL32.dll

======List of files/folders modified in the last 1 months======

2010-03-04 22:12:55 ----D---- C:\WINDOWS\Temp
2010-03-04 21:17:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-04 21:17:26 ----D---- C:\Documents and Settings\Jan Pospíšil\Data aplikací\ICQ
2010-03-04 20:37:23 ----D---- C:\WINDOWS\Prefetch
2010-03-04 14:07:18 ----D---- C:\WINDOWS\system32
2010-03-04 14:07:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-04 13:53:42 ----D---- C:\WINDOWS
2010-03-04 13:52:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 13:50:37 ----D---- C:\Documents and Settings\Jan Pospíšil\Data aplikací\AIMP
2010-03-04 13:04:44 ----RD---- C:\Program Files
2010-03-04 12:10:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-04 12:10:11 ----D---- C:\WINDOWS\system32\drivers
2010-03-04 09:49:20 ----SHD---- C:\RECYCLER
2010-03-04 00:34:30 ----A---- C:\WINDOWS\wincmd.ini
2010-03-03 22:21:52 ----D---- C:\WINDOWS\system32\config
2010-03-02 20:23:47 ----D---- C:\Hry
2010-03-02 20:07:41 ----D---- C:\WINDOWS\system32\DirectX
2010-03-02 20:07:40 ----RSD---- C:\WINDOWS\assembly
2010-03-02 17:10:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-02 17:06:52 ----SHD---- C:\WINDOWS\Installer
2010-03-02 17:00:47 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-02 16:58:51 ----HD---- C:\WINDOWS\inf
2010-03-01 17:33:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 14:42:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-26 13:00:05 ----D---- C:\WINDOWS\system32\wbem
2010-02-26 13:00:05 ----D---- C:\WINDOWS\system32\Setup
2010-02-26 08:57:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-26 08:55:53 ----D---- C:\WINDOWS\WinSxS
2010-02-26 08:53:42 ----D---- C:\Program Files\Internet Explorer
2010-02-24 10:32:38 ----D---- C:\WINDOWS\Help
2010-02-23 19:22:58 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-23 19:22:55 ----D---- C:\WINDOWS\system32\en-us
2010-02-23 19:22:48 ----RSD---- C:\WINDOWS\Fonts
2010-02-23 18:22:00 ----D---- C:\Programy
2010-02-10 10:14:18 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-05-29 292288]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-17 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-18 113536]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-01 3597824]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-09-11 1735040]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-17 14080]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-05-27 1765184]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-17 12416]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-06-04 27232]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-03-27 296960]
S3 a9iwec90;a9iwec90; C:\WINDOWS\system32\drivers\a9iwec90.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-01 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-16 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 PnkBstrA;PunkBuster; C:\Hry\NFS Undercover\PB\PnkBstrA.exe [2008-10-23 63040]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
S2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 04 bře 2010 23:15
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly

stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet

zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci

skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install

Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho

malware k nezadoucim kolizim s rezidentem antispyware

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 04 bře 2010 23:59
od PospaH
ComboFix 10-03-04.02 - PospaH 04.03.2010 23:35:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1319 [GMT 1:00]
Spuštěný z: c:\documents and settings\ PospaH\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\cbss.dll
c:\recycler\S-1-5-21-0080021571-0104157474-862466173-5947
c:\recycler\S-1-5-21-0135179446-5604298399-389448119-1075
c:\recycler\S-1-5-21-0360434431-0951036591-173427999-7968
c:\recycler\S-1-5-21-0415793839-3962107256-099645507-8490
c:\recycler\S-1-5-21-0509935580-8658595730-818843197-7785
c:\recycler\S-1-5-21-0720740740-8139663559-212304381-7346
c:\recycler\S-1-5-21-0894573749-8453773269-610956340-4869
c:\recycler\S-1-5-21-1176715999-6284458759-470775568-9255
c:\recycler\S-1-5-21-1226750656-1804569719-317403081-2701
c:\recycler\S-1-5-21-1810942574-3288389900-045879768-1076
c:\recycler\S-1-5-21-2299913091-6445541958-140449518-8340
c:\recycler\S-1-5-21-2399598009-2630889773-918160150-5945
c:\recycler\S-1-5-21-2773932076-5510115241-477854299-5407
c:\recycler\S-1-5-21-2873368597-8505566911-049651239-4558
c:\recycler\S-1-5-21-2921166173-6958439002-039905920-7955
c:\recycler\S-1-5-21-3503955731-0978965279-476753450-8049
c:\recycler\S-1-5-21-3607559922-7807721890-277364794-0732
c:\recycler\S-1-5-21-3658000088-5171369812-643666576-3193
c:\recycler\S-1-5-21-3905775584-7826055140-691879533-3131
c:\recycler\S-1-5-21-4227408043-0716969192-686527544-4598
c:\recycler\S-1-5-21-4256494858-4735570466-549556398-3973
c:\recycler\S-1-5-21-4948347056-0355439858-540457484-3503
c:\recycler\S-1-5-21-5004022332-5163831882-386030096-1125
c:\recycler\S-1-5-21-5609935472-6816300248-794618056-2167
c:\recycler\S-1-5-21-6119123056-9987313310-589738582-5034
c:\recycler\S-1-5-21-6373470297-4987075611-852826951-5447
c:\recycler\S-1-5-21-6413272962-4388653828-720429274-9671
c:\recycler\S-1-5-21-6502530503-1436472450-582497734-3171
c:\recycler\S-1-5-21-6946537941-5078041056-655697410-9329
c:\recycler\S-1-5-21-7172590516-0567217236-536861217-6332
c:\recycler\S-1-5-21-7807892457-4426287569-233002772-5978
c:\recycler\S-1-5-21-7961652515-8833187391-258418142-4412
c:\recycler\S-1-5-21-8655131460-6308202719-812433598-6727
c:\recycler\S-1-5-21-8661795645-1622503069-098406065-3711
c:\recycler\S-1-5-21-8955201287-3173810689-105548811-9621
c:\recycler\S-1-5-21-9038374131-9468432264-528180023-9762
c:\recycler\S-1-5-21-9277991474-7599766349-041816249-5419
c:\recycler\S-1-5-21-9666553068-2807201167-896949869-8435
c:\recycler\S-1-5-21-9724079123-4305966760-625059299-5207
c:\recycler\S-1-5-21-9844824033-3760735710-233159034-5321
c:\windows\gendel32.exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\incognito.exe
c:\windows\system32\oem0.inf

c:\windows\system32\drivers\asyncmac.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 22:38 . 2004-08-03 21:05 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-03-04 12:04 . 2010-03-04 21:57 -------- d-----w- c:\program files\trend micro
2010-03-04 12:04 . 2010-03-04 12:05 -------- d-----w- C:\rsit
2010-03-03 23:12 . 2005-01-28 11:44 18944 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-02-26 07:50 . 2010-02-26 07:50 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 06:44 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-26 06:42 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-26 06:42 . 2009-02-09 11:52 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-26 06:42 . 2009-02-09 11:52 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-26 06:42 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-26 06:41 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 18:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-02-23 18:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-02-23 18:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-02-23 18:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-02-23 18:24 . 2010-02-23 18:24 -------- d-----w- c:\program files\BRS
2010-02-23 18:21 . 2010-02-23 18:22 -------- d-----w- C:\0d5e9c81851bbc85b3405e8e0b5b
2010-02-23 18:19 . 2010-02-23 18:19 -------- d-----w- c:\program files\OpenAL
2010-02-23 18:19 . 2010-02-23 18:19 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-23 18:19 . 2010-02-23 18:19 109144 ----a-w- c:\windows\system32\OpenAL32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 13:07 . 2004-08-18 10:00 78070 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 13:07 . 2004-08-18 10:00 428988 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 19:24 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-02 16:10 . 2009-10-26 16:27 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-02 16:10 . 2009-10-26 16:27 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-01 16:33 . 2009-09-09 19:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 09:14 . 2009-11-25 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 16:05 . 2010-01-22 16:05 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-12-22 05:42 . 2004-08-17 13:49 663040 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 08:00 . 2009-09-09 15:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-01 61440]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-09 122368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programy\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]
"incognito"="c:\windows\system32\svchost.exe" [2004-08-17 14336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Jan Pospˇçil\Nabˇdka Start\Programy\Po spuçtŘnˇ\
sysfgs32.exe [2004-8-17 22528]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.10.2009 10:23 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.9.2009 20:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.9.2009 20:48 20560]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9.9.2009 21:24 113536]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.9.2009 22:11 228408]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1.1.2010 13:02 25832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Jan Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\zi9w1szj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\programy\Adobe Reader\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cm106Sound - cm106.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 23:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89C951F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> 0x89c951f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c SendCompleteHandler -> NDIS.sys @ 0xb9d05ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d12b21
SendHandler -> NDIS.sys @ 0xb9cf087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'Explorer.EXE'(268)
c:\windows\system32\msi.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\idt\wdm\STacSV.exe
c:\windows\system32\RunDll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\hry\NFS Undercover\PB\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-04 23:44:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-04 22:44

Před spuštěním: Volných bajtů: 71 177 981 952
Po spuštění: Volných bajtů: 71 090 663 424

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

- - End Of File - - B0399602C8316B90E6DAB337871573D6

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 05 bře 2010 19:04
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"incognito"=-
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu CoimboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

Po akci ještě proveďte kontrolu MBR: http://www2.gmer.net/mbr/mbr.exe . Dejte log.

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 05 bře 2010 23:00
od PospaH
ComboFix 10-03-04.02 - PospaH 05.03.2010 22:44:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1324 [GMT 1:00]
Spuštěný z: c:\documents and settings\PospaH\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PospaH\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100305-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 20:38 . 2010-03-05 20:38 -------- d-----w- c:\program files\IDT
2010-03-04 22:52 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\Administrator
2010-03-04 22:38 . 2004-08-03 21:05 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-03-04 22:38 . 2004-08-03 21:05 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-03-04 12:04 . 2010-03-04 21:57 -------- d-----w- c:\program files\trend micro
2010-03-04 12:04 . 2010-03-04 12:05 -------- d-----w- C:\rsit
2010-03-03 23:12 . 2005-01-28 11:44 18944 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 ------w- c:\windows\system32\drivers\ip6fw.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 ------w- c:\windows\system32\drivers\aec.sys
2010-02-26 07:50 . 2010-02-26 07:50 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 06:44 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-26 06:42 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-26 06:42 . 2009-02-09 11:52 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-26 06:42 . 2009-02-09 11:52 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-26 06:42 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-26 06:41 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 18:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-02-23 18:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-02-23 18:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-02-23 18:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-02-23 18:24 . 2010-02-23 18:24 -------- d-----w- c:\program files\BRS
2010-02-23 18:21 . 2010-02-23 18:22 -------- d-----w- C:\0d5e9c81851bbc85b3405e8e0b5b
2010-02-23 18:19 . 2010-02-23 18:19 -------- d-----w- c:\program files\OpenAL
2010-02-23 18:19 . 2010-02-23 18:19 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-23 18:19 . 2010-02-23 18:19 109144 ----a-w- c:\windows\system32\OpenAL32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 20:38 . 2009-09-09 19:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 09:59 . 2004-08-18 10:00 78070 ----a-w- c:\windows\system32\perfc005.dat
2010-03-05 09:59 . 2004-08-18 10:00 428988 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 19:24 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-02 16:10 . 2009-10-26 16:27 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-02 16:10 . 2009-10-26 16:27 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-10 09:14 . 2009-11-25 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 16:05 . 2010-01-22 16:05 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-12-22 05:42 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 08:00 . 2009-09-09 15:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-04_22.40.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 21:42 . 2010-03-05 21:42 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2010-03-05 21:42 . 2010-03-05 21:42 16384 c:\windows\Temp\Perflib_Perfdata_354.dat
+ 2010-03-05 20:38 . 2004-08-17 13:57 23552 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\wdmaud.drv
+ 2010-03-05 20:38 . 2004-08-03 22:08 48640 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys
+ 2010-03-05 20:38 . 2004-08-03 22:08 60288 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\drmk.sys
+ 2004-08-18 10:00 . 2010-03-05 09:59 67510 c:\windows\system32\perfc009.dat
- 2004-08-18 10:00 . 2010-03-04 13:07 67510 c:\windows\system32\perfc009.dat
+ 2009-09-09 20:30 . 2009-02-18 12:41 86016 c:\windows\system32\AESTCom.dll
- 2009-09-09 20:30 . 2009-02-18 11:41 86016 c:\windows\system32\AESTCom.dll
+ 2010-03-05 20:38 . 2004-08-17 14:49 4096 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
+ 2009-09-09 20:30 . 2009-03-30 11:47 254042 c:\windows\system32\stacsv.exe
- 2009-09-09 20:30 . 2009-03-30 10:47 254042 c:\windows\system32\stacsv.exe
- 2009-09-09 20:24 . 2009-03-30 10:47 171520 c:\windows\system32\staco.dll
+ 2009-09-09 20:24 . 2009-03-30 11:47 171520 c:\windows\system32\staco.dll
- 2009-09-09 20:24 . 2009-03-30 10:47 471146 c:\windows\system32\stacapi.dll
+ 2009-09-09 20:24 . 2009-03-30 11:47 471146 c:\windows\system32\stacapi.dll
+ 2010-03-05 20:38 . 2009-03-30 11:47 171520 c:\windows\system32\ReinstallBackups\0003\DriverFiles\staco.dll
+ 2010-03-05 20:38 . 2009-03-30 10:47 471146 c:\windows\system32\ReinstallBackups\0003\DriverFiles\stacapi.dll
+ 2010-03-05 20:38 . 2004-03-16 08:58 136960 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\portcls.sys
+ 2010-03-05 20:38 . 2004-08-03 22:15 140928 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ks.sys
+ 2010-03-05 20:38 . 2009-02-18 11:41 113536 c:\windows\system32\ReinstallBackups\0003\DriverFiles\AESTAud.sys
- 2004-08-18 10:00 . 2010-03-04 13:07 432554 c:\windows\system32\perfh009.dat
+ 2004-08-18 10:00 . 2010-03-05 09:59 432554 c:\windows\system32\perfh009.dat
- 2009-09-09 20:24 . 2009-02-18 11:41 113536 c:\windows\system32\drivers\AESTAud.sys
+ 2009-09-09 20:24 . 2009-02-18 12:41 113536 c:\windows\system32\drivers\AESTAud.sys
- 2009-09-09 20:30 . 2009-03-30 10:47 3514368 c:\windows\system32\stlang.dll
+ 2009-09-09 20:30 . 2009-03-30 11:47 3514368 c:\windows\system32\stlang.dll
+ 2010-03-05 20:38 . 2009-03-30 10:47 1550891 c:\windows\system32\ReinstallBackups\0003\DriverFiles\sthda.sys
- 2009-09-09 20:24 . 2009-03-30 10:47 1550891 c:\windows\system32\drivers\sthda.sys
+ 2009-09-09 20:24 . 2009-03-30 11:47 1550891 c:\windows\system32\drivers\sthda.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-01 61440]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-09 122368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programy\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.9.2009 20:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.9.2009 20:48 20560]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9.9.2009 21:24 113536]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.10.2009 10:23 721904]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.9.2009 22:11 228408]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1.1.2010 13:02 25832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Jan Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\zi9w1szj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\programy\Adobe Reader\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 22:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-03-05 22:50:51
ComboFix-quarantined-files.txt 2010-03-05 21:50
ComboFix2.txt 2010-03-04 22:44

Před spuštěním: Volných bajtů: 79 232 462 848
Po spuštění: Volných bajtů: 79 195 078 656

- - End Of File - - 7D73DD750BA4D7439B5838DF835149F4

MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Jinak, spuštění systému je poměrně rychlejší,ale pořád to nějakou chvíli trvá. Další problém je, že mi nefunguje zvuk...

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 05 bře 2010 23:28
od Rudy
Vyčistěte CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 , ev. optimalizujte pomocí XPManageru: http://www.viry.cz/forum/viewtopic.php?f=46&t=17549 . Přeinstalujte ovladač od zv. karty.

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 08 bře 2010 13:18
od PospaH
projel jsem to Ccleanerem, preinstaloval ovladace od zvuku a nic...jinak s tim spoustenim to byla pouze domnenka-startuje to porad pomalu-tj. cca 10-12min...btw: v tom XP manageru moc neumim, takze nevim, co vsechno se v nem da udělat...

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 08 bře 2010 19:53
od Rudy
Je to v odkazu dobře a srozumitelně popsáno. Zkuste Optimizer>system repair.

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 09 bře 2010 14:05
od PospaH
Ok, vsechno jsem udělal...jeste jednou jsem to nechal projet Combofixem, tady je log:

ComboFix 10-03-08.02 - PospaH 09.03.2010 13:52:47.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1392 [GMT 1:00]
Spuštěný z: c:\documents and settings\PospaH\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100309-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-09 do 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-06 19:34 . 2010-03-06 19:35 -------- d-----w- c:\program files\IDT
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-04 22:38 . 2004-08-03 21:05 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-03-04 22:38 . 2004-08-03 21:05 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-03-04 12:04 . 2010-03-04 21:57 -------- d-----w- c:\program files\trend micro
2010-03-04 12:04 . 2010-03-04 12:05 -------- d-----w- C:\rsit
2010-03-03 23:12 . 2005-01-28 11:44 18944 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-03-03 22:17 . 2004-08-03 21:00 29056 ------w- c:\windows\system32\drivers\ip6fw.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-03 19:28 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-03 19:26 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-03-03 19:25 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 19:20 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2010-03-03 19:14 . 2004-08-03 21:39 142464 ------w- c:\windows\system32\drivers\aec.sys
2010-02-26 06:44 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-26 06:42 . 2009-02-09 11:52 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-26 06:42 . 2009-02-09 11:52 2059904 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-26 06:42 . 2009-02-09 11:52 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-26 06:42 . 2009-02-09 11:52 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-26 06:41 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 18:24 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-02-23 18:24 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-02-23 18:24 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-02-23 18:24 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-02-23 18:24 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-02-23 18:24 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-02-23 18:24 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-02-23 18:24 . 2010-02-23 18:24 -------- d-----w- c:\program files\BRS
2010-02-23 18:21 . 2010-02-23 18:22 -------- d-----w- C:\0d5e9c81851bbc85b3405e8e0b5b
2010-02-23 18:19 . 2010-02-23 18:19 -------- d-----w- c:\program files\OpenAL
2010-02-23 18:19 . 2010-02-23 18:19 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-23 18:19 . 2010-02-23 18:19 109144 ----a-w- c:\windows\system32\OpenAL32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 20:38 . 2009-09-09 19:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 09:59 . 2004-08-18 10:00 78070 ----a-w- c:\windows\system32\perfc005.dat
2010-03-05 09:59 . 2004-08-18 10:00 428988 ----a-w- c:\windows\system32\perfh005.dat
2010-03-02 19:24 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-02 16:10 . 2009-10-26 16:27 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-02 16:10 . 2009-10-26 16:27 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-10 09:14 . 2009-11-25 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-22 05:42 . 2004-08-17 13:49 663040 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 08:00 . 2009-09-09 15:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-04_22.40.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-09 12:35 . 2010-03-09 12:35 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2010-03-09 12:35 . 2010-03-09 12:35 16384 c:\windows\Temp\Perflib_Perfdata_2f8.dat
+ 2010-03-06 19:34 . 2004-08-17 13:57 23552 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\wdmaud.drv
+ 2010-03-06 19:34 . 2004-08-03 22:08 48640 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys
+ 2010-03-06 19:34 . 2004-08-03 22:08 60288 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\drmk.sys
+ 2004-08-18 10:00 . 2010-03-05 09:59 67510 c:\windows\system32\perfc009.dat
- 2004-08-18 10:00 . 2010-03-04 13:07 67510 c:\windows\system32\perfc009.dat
+ 2009-09-09 20:30 . 2009-02-18 12:41 86016 c:\windows\system32\AESTCom.dll
- 2009-09-09 20:30 . 2009-02-18 11:41 86016 c:\windows\system32\AESTCom.dll
+ 2010-03-06 19:34 . 2004-08-17 14:49 4096 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
+ 2009-09-09 20:30 . 2009-03-30 11:47 254042 c:\windows\system32\stacsv.exe
- 2009-09-09 20:30 . 2009-03-30 10:47 254042 c:\windows\system32\stacsv.exe
- 2009-09-09 20:24 . 2009-03-30 10:47 171520 c:\windows\system32\staco.dll
+ 2009-09-09 20:24 . 2009-03-30 11:47 171520 c:\windows\system32\staco.dll
- 2009-09-09 20:24 . 2009-03-30 10:47 471146 c:\windows\system32\stacapi.dll
+ 2009-09-09 20:24 . 2009-03-30 11:47 471146 c:\windows\system32\stacapi.dll
+ 2010-03-06 19:34 . 2009-03-30 11:47 171520 c:\windows\system32\ReinstallBackups\0003\DriverFiles\staco.dll
+ 2010-03-06 19:34 . 2009-03-30 11:47 471146 c:\windows\system32\ReinstallBackups\0003\DriverFiles\stacapi.dll
+ 2010-03-06 19:34 . 2004-03-16 08:58 136960 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\portcls.sys
+ 2010-03-06 19:34 . 2004-08-03 22:15 140928 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ks.sys
+ 2010-03-06 19:34 . 2009-02-18 12:41 113536 c:\windows\system32\ReinstallBackups\0003\DriverFiles\AESTAud.sys
+ 2004-08-18 10:00 . 2010-03-05 09:59 432554 c:\windows\system32\perfh009.dat
- 2004-08-18 10:00 . 2010-03-04 13:07 432554 c:\windows\system32\perfh009.dat
+ 2009-09-09 20:24 . 2009-02-18 12:41 113536 c:\windows\system32\drivers\AESTAud.sys
- 2009-09-09 20:24 . 2009-02-18 11:41 113536 c:\windows\system32\drivers\AESTAud.sys
+ 2010-03-06 18:03 . 2010-03-06 18:03 756224 c:\windows\Installer\111e5cf.msi
- 2009-09-09 20:30 . 2009-03-30 10:47 3514368 c:\windows\system32\stlang.dll
+ 2009-09-09 20:30 . 2009-03-30 11:47 3514368 c:\windows\system32\stlang.dll
+ 2010-03-06 19:34 . 2009-03-30 11:47 1550891 c:\windows\system32\ReinstallBackups\0003\DriverFiles\sthda.sys
- 2009-09-09 20:24 . 2009-03-30 10:47 1550891 c:\windows\system32\drivers\sthda.sys
+ 2009-09-09 20:24 . 2009-03-30 11:47 1550891 c:\windows\system32\drivers\sthda.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-01 61440]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-09 122368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-05-28 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-06 552960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programy\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.9.2009 20:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.9.2009 20:48 20560]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9.9.2009 21:24 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.9.2009 22:11 228408]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.10.2009 10:23 721904]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [1.1.2010 13:02 25832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Jan Pospíšil\Data aplikací\Mozilla\Firefox\Profiles\zi9w1szj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\programy\Adobe Reader\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 13:57
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-03-09 13:58:54
ComboFix-quarantined-files.txt 2010-03-09 12:58
ComboFix2.txt 2010-03-05 21:50
ComboFix3.txt 2010-03-04 22:44

Před spuštěním: Volných bajtů: 80 306 860 032
Po spuštění: Volných bajtů: 80 312 016 896

- - End Of File - - C212986DB3F618C457C6DF69F6D842B7

Díky za pomoc!

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 09 bře 2010 19:33
od Rudy
Nic nebezpečného není vidět. Pokud problém trvá, udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a Kernel module.

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 09 bře 2010 22:42
od PospaH
Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spmj.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\ash805o1.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AESTAud.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\USIUDF.sys
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\Drivers\sptd.sys

Process nejde- zobrazí se mi "modra obrazovka", krach systemu Windows + nejaky chyba souboru IsDrv122.sys...

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 10 bře 2010 18:26
od Rudy
Rootkit pravděpodobně nemáte. IsDrv122.sys je ovladač IceSword. Pravděpodobně je špatně nainstalován, což může souviset s chybou systému, či chybou disku, případně s obojím. daylší možností je sw kolize.
1. Co jste instaloval těsně před tím, než se problém objevil?
2. Udělejte kontrolu disku s opravou chyb checkdiskem. Doporučuji si předem zazálohovat důležitá data.

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 10 bře 2010 20:20
od PospaH
Díky za pomoc, už není nutná...OS jsem reinstaloval

Re: Zamrznutí při startu -->Malware, Rootkit,...

Napsal: 10 bře 2010 20:28
od Rudy
Nemáte zač!