Prosim o kontrolu logu zkousel jsem neuspesne kde co ale nedari se mi vyresit problem s videama na youtube nacte se jen cca 1min videa a pak se to sekne zkousel jsem preinstal ovladace i jiny browser a nic tak mozna bude neco v tom logu snad jsem to udelal spravne
ComboFix 10-03-13.03 - Petr 14.03.2010 15:33:24.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.671 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\recycler\S-1-5-21-2052111302-1647877149-725345543-1004
e:\windows\system32\inter32.dll
Nakažená kopie e:\windows\system32\DRIVERS\nvata.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
Nakažená kopie e:\windows\system32\DRIVERS\nvata.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----w- e:\documents and settings\Administrator\Dokumenty
2010-03-14 13:38 . 2010-03-14 14:21 -------- d-----w- e:\documents and settings\Administrator\Plocha
2010-03-14 13:38 . 2010-03-14 13:38 -------- d-----w- e:\documents and settings\Administrator
2010-03-14 13:38 . 2007-07-02 14:42 -------- d--h--w- e:\documents and settings\Administrator\Okolní tiskárny
2010-03-14 13:38 . 2007-07-02 14:42 -------- d--h--w- e:\documents and settings\Administrator\Okolní síť
2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----w- e:\documents and settings\Administrator\Oblíbené položky
2010-03-14 13:38 . 2007-07-02 14:42 -------- d-----r- e:\documents and settings\Administrator\Nabídka Start
2010-03-14 13:38 . 2007-07-02 12:47 -------- d--h--w- e:\documents and settings\Administrator\Šablony
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 14:50 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-14 14:50 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 13:41 . 2010-03-14 13:40 3808 ----a-w- E:\mapmem.tmp
2010-03-14 13:41 . 2010-03-14 13:40 5311 ----a-w- E:\huadio.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2008-01-18 13:32 . 2008-01-16 18:55 48 --sh--w- e:\windows\S72949288.tmp
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screenshot Captor1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 autorun;autorun;E:\huadio.tmp [14.3.2010 14:40 5311]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 mapmem_dv;mapmem_dv;E:\mapmem.tmp [14.3.2010 14:40 3808]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-zzGBK - G:\setup.exe
MSConfigStartUp-CmUsbSound - cmcnfgu.cpl
MSConfigStartUp-HTV Agent - e:\program files\HTV\HTV.exe
MSConfigStartUp-IDMan - d:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-SunJavaUpdateSched - e:\program files\Java\jre6\bin\jusched.exe
AddRemove-0C5EDC3653FED5B121F464339EAC12534D253B25 - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-4077F884D1BB007055BDB83B621D87220A73F30F - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-B726756F5B5A5AA9D798B399386FC6205A45F19E - e:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-{00060000-0000-1004-8002-0000C06B5161} - e:\program files\WIBUKEY\Setup\Setup32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 15:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8696C240]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75dafc3
\Driver\ACPI -> ACPI.sys @ 0xf7427cb8
\Driver\atapi -> atapi.sys @ 0xf73b97b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\autorun]
"ImagePath"="\??\E:\huadio.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mapmem_dv]
"ImagePath"="\??\E:\mapmem.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1700)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3716)
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
e:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 15:56:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 380 112 896
Po spuštění: Volných bajtů: 25 203 437 568
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 35F1F72B3EE37464023DC9F4E2C8D1EB
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu,neprehrava stream videa
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
E:\mapmem.tmp
E:\huadio.tmp
e:\windows\S72949288.tmp
e:\windows\system32\opeD.exe
Driver::
mapmem_dv
autorun
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
Tady je novy scan.nejak jsem nemohl vypnout nod32 i kdyz jsem ho sestrelil v task manageru tak se znova zapnul..co jsem to vubec udelal? 
ComboFix 10-03-13.03 - Petr 14.03.2010 18:58:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.671 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Dokumenty\TU2010TrialEN-US.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AUTORUN
-------\Legacy_MAPMEM_DV
-------\Service_autorun
-------\Service_mapmem_dv
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 14:16 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-14 13:41 . 2010-03-14 13:40 3808 ----a-w- E:\mapmem.tmp
2010-03-14 13:41 . 2010-03-14 13:40 5311 ----a-w- E:\huadio.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2008-01-18 13:32 . 2008-01-16 18:55 48 --sh--w- e:\windows\S72949288.tmp
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 17:55 . 2010-03-14 17:55 16384 e:\windows\Temp\Perflib_Perfdata_278.dat
+ 2010-03-14 18:09 . 2010-03-14 18:09 16384 e:\windows\Temp\Perflib_Perfdata_178.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 19:11
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A6EDA0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1752)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(4040)
e:\windows\system32\ieframe.dll
e:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
e:\windows\system32\webcheck.dll
e:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 19:17:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 18:17
ComboFix2.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 989 696 000
Po spuštění: Volných bajtů: 24 951 259 136
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CA9D0EFDD1719ADA4AC2E2B9F8EBD2E5
ComboFix 10-03-13.03 - Petr 14.03.2010 18:58:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.671 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Dokumenty\TU2010TrialEN-US.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AUTORUN
-------\Legacy_MAPMEM_DV
-------\Service_autorun
-------\Service_mapmem_dv
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 14:16 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-14 13:41 . 2010-03-14 13:40 3808 ----a-w- E:\mapmem.tmp
2010-03-14 13:41 . 2010-03-14 13:40 5311 ----a-w- E:\huadio.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2008-01-18 13:32 . 2008-01-16 18:55 48 --sh--w- e:\windows\S72949288.tmp
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 17:55 . 2010-03-14 17:55 16384 e:\windows\Temp\Perflib_Perfdata_278.dat
+ 2010-03-14 18:09 . 2010-03-14 18:09 16384 e:\windows\Temp\Perflib_Perfdata_178.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 19:11
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A6EDA0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1752)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(4040)
e:\windows\system32\ieframe.dll
e:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
e:\windows\system32\webcheck.dll
e:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 19:17:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 18:17
ComboFix2.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 989 696 000
Po spuštění: Volných bajtů: 24 951 259 136
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CA9D0EFDD1719ADA4AC2E2B9F8EBD2E5
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
Restartujte do nouz. režimu a v něm znovu spusťte CF tímto skriptem:
Collect::
e:\windows\system32\drivers\Si3114r5_2.sys
E:\mapmem.tmp
E:\huadio.tmp
e:\windows\S72949288.tmp
Driver::
Si3114r5_2
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
Tak tady to je..
ComboFix 10-03-13.03 - Administrator 14.03.2010 21:04:13.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.816 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
file zipped: E:\huadio.tmp
file zipped: E:\mapmem.tmp
file zipped: e:\windows\S72949288.tmp
file zipped: e:\windows\system32\drivers\Si3114r5_2.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\huadio.tmp
E:\mapmem.tmp
e:\windows\S72949288.tmp
e:\windows\system32\drivers\Si3114r5_2.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 21:14
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F65378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7418cb8
\Driver\atapi -> atapi.sys @ 0xf73aa7b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1100)
e:\windows\system32\ieframe.dll
.
Celkový čas: 2010-03-14 21:19:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 20:19
ComboFix2.txt 2010-03-14 18:17
ComboFix3.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 976 695 296
Po spuštění: Volných bajtů: 24 939 163 648
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCB8A7533EAB9AD50C5955DE70A849F6
ComboFix 10-03-13.03 - Administrator 14.03.2010 21:04:13.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.816 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *enabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
file zipped: E:\huadio.tmp
file zipped: E:\mapmem.tmp
file zipped: e:\windows\S72949288.tmp
file zipped: e:\windows\system32\drivers\Si3114r5_2.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\huadio.tmp
E:\mapmem.tmp
e:\windows\S72949288.tmp
e:\windows\system32\drivers\Si3114r5_2.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 15:37 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-14 15:37 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
2007-08-07 19:28 . 2007-08-07 19:28 131247 --sha-r- e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-14 15:37 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-14 16:04 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
+ 2001-10-25 14:00 . 2010-03-14 15:37 436360 e:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 21:14
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F65378]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7418cb8
\Driver\atapi -> atapi.sys @ 0xf73aa7b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1100)
e:\windows\system32\ieframe.dll
.
Celkový čas: 2010-03-14 21:19:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 20:19
ComboFix2.txt 2010-03-14 18:17
ComboFix3.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 976 695 296
Po spuštění: Volných bajtů: 24 939 163 648
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BCB8A7533EAB9AD50C5955DE70A849F6
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
Položky smazány. Ještě poprosím:
1. Otestujte soubor e:\windows\system32\opeD.exe online na www.virustotal.com .
2. Prověřte MBR pomocí: http://www2.gmer.net/mbr/mbr.exe . Dejte log.
1. Otestujte soubor e:\windows\system32\opeD.exe online na www.virustotal.com .
2. Prověřte MBR pomocí: http://www2.gmer.net/mbr/mbr.exe . Dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
dekuji
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
ten soubor se mi zatim nedari nahrat budu to zkouset
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
ten soubor se mi zatim nedari nahrat budu to zkouset
Re: kontrola logu,neprehrava stream videa
aha soubor oped.exe tady nemam jen oped.tmp a to vyplivlo toto:
0 bytes size received / Se ha recibido un archivo vacio
to je ono?
0 bytes size received / Se ha recibido un archivo vacio
to je ono?
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
MBR je v pořádku. Zkuste do okénka zkopírovat cestu k souboru.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
tak to naslo toto je to vir? jak s nim pryc?
bylo to moje pc hodne zaneradeny?
http://www.virustotal.com/cs/reanalisis ... 1268667573
bylo to moje pc hodne zaneradeny?
http://www.virustotal.com/cs/reanalisis ... 1268667573
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
Spusťte CF ještě jednou tímto skriptem:
Collect::
e:\windows\system32\opeD.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
ComboFix 10-03-13.03 - Petr 15.03.2010 19:15:07.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.674 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
file zipped: e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 17:59 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-15 17:23 . 2010-03-15 17:23 -------- d-----w- e:\program files\CCleaner
2010-03-15 17:06 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 17:06 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-15 17:06 . 2010-03-15 17:06 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-15 15:57 . 2010-03-15 15:55 524288 ----a-w- E:\f5d7132v1_uk_05.01.11.bin
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 18:28 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-15 18:28 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-15 14:50 . 2010-03-15 14:50 0 --sh--w- e:\windows\S72949288.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 18:26 . 2010-03-15 18:26 16384 e:\windows\temp\Perflib_Perfdata_284.dat
+ 2010-03-15 18:02 . 2010-03-15 18:02 16384 e:\windows\temp\Perflib_Perfdata_154.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-15 18:28 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-15 15:55 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-15 18:28 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 19:27
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A048A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1864)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2732)
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 19:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 18:34
ComboFix2.txt 2010-03-14 20:19
ComboFix3.txt 2010-03-14 18:17
ComboFix4.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 664 236 032
Po spuštění: Volných bajtů: 24 620 703 744
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2E5F97036EECBF5BAFFCA09F41481979
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.674 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
* Rezidentní štít AV je zapnutý
file zipped: e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\windows\system32\opeD.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 17:59 . 2004-07-21 04:02 166400 ----a-r- e:\windows\system32\drivers\Si3114r5_2.sys
2010-03-15 17:23 . 2010-03-15 17:23 -------- d-----w- e:\program files\CCleaner
2010-03-15 17:06 . 2010-01-07 15:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 17:06 . 2010-01-07 15:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-15 17:06 . 2010-03-15 17:06 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-15 15:57 . 2010-03-15 15:55 524288 ----a-w- E:\f5d7132v1_uk_05.01.11.bin
2010-03-14 15:31 . 2004-11-03 13:02 138240 ----a-w- e:\windows\system32\drivers\nvatabus.sys
2010-03-14 15:17 . 2004-10-29 06:26 184832 ----a-w- e:\windows\system32\nvuide.exe
2010-03-14 15:15 . 2005-10-27 10:10 101632 ----a-w- e:\windows\system32\nvtcp.sys
2010-03-14 15:13 . 2005-08-18 08:52 289792 ----a-w- e:\windows\system32\idecoins.dll
2010-03-14 15:13 . 2005-08-03 05:52 33280 ----a-w- e:\windows\system32\NVCOI.DLL
2010-03-14 13:23 . 2010-03-14 13:23 -------- d-----w- e:\program files\Unibrain
2010-03-14 13:13 . 2010-03-14 13:11 389632 ----a-w- e:\windows\system32\CF27354.exe
2010-02-16 14:23 . 2010-02-16 14:33 -------- d-----w- e:\program files\Internet Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 18:28 . 2001-10-25 14:00 81016 ----a-w- e:\windows\system32\perfc005.dat
2010-03-15 18:28 . 2001-10-25 14:00 432890 ----a-w- e:\windows\system32\perfh005.dat
2010-03-15 14:50 . 2010-03-15 14:50 0 --sh--w- e:\windows\S72949288.tmp
2010-03-09 17:46 . 2007-07-14 07:08 137464 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-03-09 17:46 . 2007-07-27 18:43 214520 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-14 21:13 . 2008-06-30 13:46 -------- d-----w- e:\program files\Xvid
2010-02-14 21:13 . 2007-09-25 19:24 -------- d-----w- e:\program files\YouTube Downloader
2010-02-14 21:13 . 2010-01-09 07:24 -------- d-----w- e:\program files\DivX
2010-02-14 19:54 . 2008-11-13 14:41 -------- d-----w- e:\program files\Opera
2010-02-14 18:52 . 2008-06-06 07:02 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-02-11 20:44 . 2010-01-08 19:30 -------- d-----w- e:\program files\Any DVD Converter Professional
2010-02-10 21:49 . 2010-02-10 21:49 -------- d-----w- e:\program files\Microsoft Works
2010-02-10 21:49 . 2009-01-29 17:04 -------- d-----w- e:\program files\MSBuild
2010-02-10 21:47 . 2010-02-10 21:47 -------- d-----w- e:\program files\Microsoft.NET
2010-02-10 21:43 . 2010-02-10 21:43 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-02-03 20:12 . 2010-02-03 20:12 -------- d-----w- e:\program files\Common Files\GeoVid
2010-02-03 20:08 . 2010-02-03 19:25 -------- d-----w- e:\program files\E.M. PowerPoint Video Converter
2010-02-01 18:50 . 2007-10-18 18:17 -------- d-----w- e:\program files\Common Files\Java
2010-02-01 18:49 . 2007-10-18 18:17 -------- d-----w- e:\program files\Java
2010-02-01 18:46 . 2010-02-01 18:46 0 ----a-w- e:\windows\system32\cid_store.dat
2010-02-01 18:42 . 2010-02-01 18:41 -------- d-----w- e:\program files\GIMP-2.0
2010-02-01 15:33 . 2008-11-04 15:39 -------- d-----w- e:\program files\Common Files\Macromedia
2010-02-01 15:32 . 2008-03-18 15:02 -------- d-----w- e:\program files\Macromedia
2010-01-31 07:09 . 2010-01-31 07:09 -------- d-----w- e:\program files\Audacity
2009-12-17 16:14 . 2009-01-27 15:52 411368 ----a-w- e:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-03-14_14.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-15 18:26 . 2010-03-15 18:26 16384 e:\windows\temp\Perflib_Perfdata_284.dat
+ 2010-03-15 18:02 . 2010-03-15 18:02 16384 e:\windows\temp\Perflib_Perfdata_154.dat
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0035\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0035\DriverFiles\nvata.sys
+ 2010-03-14 15:34 . 2005-08-03 05:52 33280 e:\windows\system32\ReinstallBackups\0034\DriverFiles\NVCOI.DLL
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0034\DriverFiles\nvata.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 33280 e:\windows\system32\ReinstallBackups\0033\DriverFiles\nvefdxp.sys
+ 2010-03-14 15:15 . 2004-10-19 20:01 12928 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnetbus.sys
+ 2010-03-14 15:15 . 2004-10-11 07:37 32256 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvconrm.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 93568 e:\windows\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
+ 2001-10-25 14:00 . 2010-03-15 18:28 70124 e:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-03-14 14:50 70124 e:\windows\system32\perfc009.dat
+ 2005-04-04 17:00 . 2005-09-29 16:24 34304 e:\windows\system32\nvconrm.dll
+ 2005-04-06 01:22 . 2005-09-30 04:52 13056 e:\windows\system32\drivers\nvnetbus.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 34048 e:\windows\system32\drivers\NVENETFD.sys
+ 2005-05-17 15:45 . 2005-08-18 08:52 93568 e:\windows\system32\drivers\nvata.sys
- 2008-01-16 20:17 . 2010-03-14 12:38 34308 e:\windows\system32\BASSMOD.dll
+ 2008-01-16 20:17 . 2010-03-15 15:55 34308 e:\windows\system32\BASSMOD.dll
+ 2010-03-14 15:15 . 2004-10-19 19:48 9728 e:\windows\system32\ReinstallBackups\0032\DriverFiles\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 9728 e:\windows\system32\bdco1.dll
- 2005-04-06 01:19 . 2004-10-19 19:48 9728 e:\windows\system32\bdco1.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0035\DriverFiles\idecoi.dll
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0034\DriverFiles\idecoi.dll
+ 2010-03-14 15:15 . 2004-10-19 19:49 200192 e:\windows\system32\ReinstallBackups\0033\DriverFiles\fdco1.dll
+ 2010-03-14 15:15 . 2004-10-19 20:00 208128 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvsnpu.sys
+ 2010-03-14 15:15 . 2004-10-19 20:00 258560 e:\windows\system32\ReinstallBackups\0032\DriverFiles\nvnrm.sys
+ 2010-03-14 15:36 . 2004-10-26 23:24 223104 e:\windows\system32\ReinstallBackups\0003\DriverFiles\yk51x86.sys
+ 2010-03-14 15:34 . 2005-08-18 08:52 289792 e:\windows\system32\ReinstallBackups\0001\DriverFiles\idecoi.dll
- 2001-10-25 14:00 . 2010-03-14 14:50 436360 e:\windows\system32\perfh009.dat
+ 2001-10-25 14:00 . 2010-03-15 18:28 436360 e:\windows\system32\perfh009.dat
+ 2007-07-02 13:24 . 2004-12-16 15:32 176128 e:\windows\system32\nvusmb.exe
+ 2005-05-17 15:45 . 2005-08-18 08:52 289792 e:\windows\system32\idecoi.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1ins.dll
+ 2005-04-06 01:19 . 2005-09-30 04:51 202240 e:\windows\system32\fdco1.dll
+ 2007-07-08 19:58 . 2006-11-22 06:01 250496 e:\windows\system32\drivers\yk51x86.sys
+ 2005-04-06 01:22 . 2005-09-30 04:51 222464 e:\windows\system32\drivers\nvsnpu.sys
+ 2005-04-06 01:22 . 2005-09-30 04:52 301312 e:\windows\system32\drivers\nvnrm.sys
+ 2007-07-02 13:24 . 2006-01-23 10:51 466944 e:\windows\system32\CapabilityTable.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2010-03-07 831744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2007-11-01 917504]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2007-10-18 98304]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=e:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
backup=e:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hp psc 1000 series.lnk]
backup=e:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^hpoddt01.exe.lnk]
backup=e:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\E:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=e:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-12-21 12:34 1649600 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2007-03-01 23:11 43008 ----a-w- d:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 07:42 342848 ----a-w- e:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- e:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 20:22 133104 ----atw- e:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-18 19:17 98304 ----a-w- e:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Activision1\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"e:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [24.11.2008 20:08 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [24.11.2008 20:08 5248]
R0 ub1394;Unibrain 1394 Class Driver;e:\windows\system32\drivers\UB1394.sys [22.11.2004 17:24 115328]
R0 ubsbm;Unibrain 1394 SBM Driver;e:\windows\system32\drivers\UBSBM.sys [22.11.2004 17:25 11776]
R1 fwdrv;Firewall Driver;e:\windows\system32\drivers\fwdrv.sys [26.9.2005 10:05 286720]
R1 khips;Kerio HIPS Driver;e:\windows\system32\drivers\khips.sys [26.9.2005 10:05 81920]
R2 ubumapi;Unibrain 1394 FireAPI Driver;e:\windows\system32\drivers\UBUMAPI.sys [22.11.2004 17:25 29568]
R3 PhTVTune;TCL2002 TV Tuner;e:\windows\system32\drivers\phtvtune.sys [14.3.2007 16:51 19904]
R3 ubohci;Unibrain 1394 OHCI Driver;e:\windows\system32\drivers\ubohci.sys [22.11.2004 17:23 72832]
R3 ubsbp2;Unibrain SBP2 Bus Driver;e:\windows\system32\drivers\ubsbp2.sys [22.11.2004 17:24 32768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\program files\HWiNFO32\HWiNFO32.SYS --> c:\program files\HWiNFO32\HWiNFO32.SYS [?]
S3 FlyPCI;FlyPCI;e:\windows\system32\drivers\FlyPCI.sys [14.2.2008 18:40 4134]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);e:\windows\system32\drivers\s816bus.sys [4.3.2009 21:20 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;e:\windows\system32\drivers\s816mdfl.sys [4.3.2009 21:20 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;e:\windows\system32\drivers\s816mdm.sys [4.3.2009 21:20 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);e:\windows\system32\drivers\s816mgmt.sys [4.3.2009 21:33 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);e:\windows\system32\drivers\s816nd5.sys [4.3.2009 21:33 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;e:\windows\system32\drivers\s816obex.sys [4.3.2009 21:20 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);e:\windows\system32\drivers\s816unic.sys [4.3.2009 21:33 97704]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [18.1.2008 13:27 639224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download All Links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: imon.dll
LSP: e:\windows\system32\idmmbc.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 19:27
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A048A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf7338cb8
\Driver\atapi -> atapi.sys @ 0xf72ca7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-839522115-602162358-2146141123-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,e4,c4,23,3a,7c,48,1a,c3,2f,ed,28,af,a3,df,48,06,98,09,f5,be,27,28,
98,78,0f,e4,16,f0,d9,63,63,41,07,e6,88,42,39,1f,d8,19,01,37,07,d1,8c,b1,4f,\
"??"=hex:bc,82,7f,4a,96,db,01,60,c4,45,27,fc,ff,a4,1b,37
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{38f223f1-3a79-4b9a-8316-ea1d531e1fa0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fc
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{535cdf91-dec3-4cf9-b189-6849b8ef9215}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cc
"Therad"=dword:00000017
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):55,5d,ea,18,4b,88,ab,0a,bc,72,73,70,b2,2a,ef,df,47,f0,13,5c,a5,
00,17,20,5e,30,cf,66,95,41,24,65,7d,7a,4a,14,82,a9,22,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,2f,86,74,b0,96,5f,f8,25,eb,fd,28,51,15,f0,fc,7a,71,b2,f9,4d,
f2,09,3e,19,36,c1,6d,27,54,56,ef,43,96,6d,be,fc,7e,04,25,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="566306325DCB6AE020E8DCB19CF74A3B37FB422E75F0039440BE1A27776189BE38DC7697916C33FA2102C00C410D9D38419BE6136142AF25F4EE1F6C7A091E10837F3C16ACAD0A9599BD10A6A5E228254014D9F12533FC4E6C334D82163729E29EB9A565332BBEE392AB41BABD42B14A79325C2AC5D84E0CCEB1CF10006DC30832B1E30B29F2432ED38BAF5600E5A583797213ED4BBBA5F00BC7B30AEFA22DE8AA3F0DE59709304FEB539BD9E57E14C00F0887C3BFDAAC224D83E83DA340C57C396F9D260EE43E35AEACA87D6FAFB0074D5AA30734A531D60D2A4649DBA39453558272CF1D704D64B0755C489E12D36E0C033A66BB01245E80B105FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407A9C6AECB7A5D1407EAE49B6F0BA99AD3ECC339951542C6A0ED7A28CD212AD002FA3DB76B7D3D58FD491542EB791FB6C3212CDB787A880FF0119BC96F56A93662FB5C54FA8716E315EDB45E412FC3BA1B46C4D41BE0171A9E2F98EA5DC708C4F16752A7B913C7D2B3595EBEA13B87780205BBC0C40E401839B5CE959B10162ACB8E4D48812FC4EF1FE130A85EC29C7605D53E30E25996EB36E29D45CE5C69C76C977D41D17EC1387DB14DD3F1FC7B6E158A812A06B1712EF0CB696E40705AAF387819124DB8BA5E5A455B6C7638DED006433C2663986E2825579CF55FA1872CF3FEDA2DBA286C46256F8692AC52C53F10782B1253A1EC5B73C02337BDD9503ACBCC7E79052DD90A3255FC59F6C0F210CFF38D4E5377127AE21AEC7E9098DA08CCD5C7D13B3B48763771704ADF0B6DCC4655262F84D6C56EDCC4EF0FB16E117C6963FA0610D8C20F509197DF914F8136D70F3EFE2B91B2512DF9239D20049EAEF81261D85BA196087C562E0B5CBB3DBDCB679F7A310C4B7207C484D57C91F46C3553C9819644574A21B6F22FB31774094F799B5222C041D6FE8515D40D66CAB53CEA06A961065A7503FC27A531B63DF3F235842B2FBB0F338EEED7AD3C64963E1171EAF1FEBB39D8CF4492B88E87F30DAA5A339FAE9EEF771389D5E49702986E1A5552ED55D153FA94017FA92C0C38154F0303BB179F63BECD321DF4D1C8CFE42155192270464916C6F8BCAC8ED56B849D98D20008072D5F65163D4B3FD801EF5507A28BFE2F82163DC39DE85E8F360634D80662C0B157DF61BBCA4C5BE2371649D2D2985231289D33D0F6F965F303F51958074BA5122D7B30795F4B422DBE8DF17715ACE30AA982C661A4F116530168B4FC3D1841AC3EA2A37A1793381328C4AA03569E4D06B84C7D0C06538191242453029C1ABF9BDF786FBF11E3A001C9DBB2DB0739CC89CA3BBDB87B95E12922A3A4741594710C2AD32E1DF4EC07FB"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1864)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
e:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2732)
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\crypserv.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
e:\program files\Eset\nod32krn.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\system32\wscntfy.exe
e:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
e:\windows\SOUNDMAN.EXE
e:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-03-15 19:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 18:34
ComboFix2.txt 2010-03-14 20:19
ComboFix3.txt 2010-03-14 18:17
ComboFix4.txt 2010-03-14 14:56
Před spuštěním: Volných bajtů: 24 664 236 032
Po spuštění: Volných bajtů: 24 620 703 744
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2E5F97036EECBF5BAFFCA09F41481979
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu,neprehrava stream videa
Pořád se něco vrací. Udělejte sken Icesword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu,neprehrava stream videa
process
Process:
System Idle Process
System
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Crypserv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ESET\nod32krn.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\DOCUME~1\Petr\LOCALS~1\temp\Rar$EX00.250\IceSword122en\IceSword.exe
C:\Program Files\WinRAR\WinRAR.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\alg.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\soundman.exe
E:\Program Files\BitTorrent\bittorrent.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Java\jre6\launch4j-tmp\frd.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
Process:
System Idle Process
System
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Crypserv.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ESET\nod32krn.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\DOCUME~1\Petr\LOCALS~1\temp\Rar$EX00.250\IceSword122en\IceSword.exe
C:\Program Files\WinRAR\WinRAR.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Internet Download Manager\IDMan.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\alg.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\soundman.exe
E:\Program Files\BitTorrent\bittorrent.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Java\jre6\launch4j-tmp\frd.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
Re: kontrola logu,neprehrava stream videa
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
d347bus.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
Si3114r5.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
d347prt.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Combo-Fix.sys
ubsbm.sys
ub1394.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ubohci.sys
\SystemRoot\System32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\irsir.sys
\SystemRoot\System32\DRIVERS\irenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasirda.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ubsbp2.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\phtvtune.sys
\SystemRoot\System32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\drivers\khips.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\DRIVERS\irda.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\E:\WINDOWS\system32\drivers\amon.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\ubumapi.sys
\SystemRoot\SYSTEM32\DRIVERS\Wibukey.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\E:\ComboFix\catchme.sys
\??\E:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
d347bus.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
Si3114r5.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
d347prt.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Combo-Fix.sys
ubsbm.sys
ub1394.sys
Mup.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\Cap7134.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ubohci.sys
\SystemRoot\System32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\irsir.sys
\SystemRoot\System32\DRIVERS\irenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasirda.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ubsbp2.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\phtvtune.sys
\SystemRoot\System32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\drivers\khips.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\DRIVERS\irda.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\E:\WINDOWS\system32\drivers\amon.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\ubumapi.sys
\SystemRoot\SYSTEM32\DRIVERS\Wibukey.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\E:\ComboFix\catchme.sys
\??\E:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Přispějete na provoz fóra?