Pomalé a pravděpodobně zavirované PC.

[Polášek Jan]

Zdravím. Známá má ntb, dala mi ho s tím, že je hrozně pomalé. Na pc byl nainstalovaný eTrust antivirus. Chtěl jsem ho nahradit avastem. Avast je stáhlý a nainstalovaný, ale nepřišel jsem na to, jak odinstalovat eTrust. V menu to nijak nejde, ani přes přidat/odebrat programy. Zkoušel jsem odinstalaci přes ccleaner, ale počítač akorát vytuhne úplně. Zatím jsem tedy akorát odebral antivirus ze spouštění po startu, v logu jsou ale pořád jeho běžící služby (po restartu).
Počítač je velmi pomalý, seká se. V procesech je např. csrss.exe, který se neobjevil v logu, nejde ukončit z task manageru.

Log z RSIT

Kód: Vybrat vše

Logfile of random's system information tool 1.06 (written by random/random)

Run by Owner at 2010-04-16 15:41:25

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 578 MB (3%) free of 19 GB

Total RAM: 239 MB (15% free)



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:43:09 PM, on 4/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\S3tray2.exe

C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\HPONE-~1\OneTouch.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

C:\WINDOWS\System32\HPConfig.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\RadioSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\RSIT.exe

E:\Owner.exe

C:\WINDOWS\system32\taskmgr.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart

O4 - Global Startup: SpeedStream Wireless LAN Utility.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177666657806

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe

O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe

O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe

O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe



--

End of file - 8650 bytes



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]

EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]

QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

c:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"S3TRAY2"=C:\WINDOWS\system32\S3tray2.exe [2002-01-15 69632]

"HP Display Settings"=C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe [2001-12-05 49152]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2001-08-09 94208]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2001-08-09 352256]

"CP4HPOT"=C:\PROGRA~1\HPONE-~1\OneTouch.EXE [2001-12-01 77824]

"hpsysdrv"=c:\windows\system\hpsysdrv.exe [2001-07-20 52736]

"HP Presentation Ready"=C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe [2001-11-08 73728]

"MMTray"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe [2002-11-01 90112]

"MoneyStartUp10.0"=c:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]

"Microsoft Works Portfolio"=c:\Program Files\Microsoft Works\WksSb.exe [2000-07-13 311350]

"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]

"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2006-10-26 132704]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Instant Access"=EGCOMSERVICE_1048.dll,InstantAccess []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]

C:\WINDOWS\essspk.exe [2002-02-14 163840]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPLaptopGamesActiveMenu]

C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-04-07 504080]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\WINDOWS\System32\rmctrl.exe [2000-10-16 32768]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\Winampa.exe []



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

c:\Program Files\Microsoft Works\wkfud.exe [2000-07-13 24576]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

C:\Program Files\WildTangent\Apps\GameChannel.exe [2003-05-01 184784]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]



C:\Documents and Settings\All Users\Start Menu\Programs\Startup

SpeedStream Wireless LAN Utility.lnk - C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"_NoDriveTypeAutoRun"=145



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4117f0-ea1d-11dd-b82a-000000006000}]

shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe





======List of files/folders created in the last 1 months======



2010-04-16 14:20:01 ----D---- C:\Program Files\CCleaner

2010-04-16 13:14:13 ----D---- C:\Program Files\trend micro

2010-04-16 13:14:07 ----D---- C:\rsit

2010-04-16 12:26:15 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-04-16 12:23:58 ----D---- C:\Program Files\Alwil Software

2010-04-16 12:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

2010-04-16 12:00:03 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Search

2010-04-15 09:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 09:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-15 09:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 09:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-04-15 09:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-15 08:57:40 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-04-14 16:41:01 ----D---- C:\Program Files\MSECache

2010-04-14 10:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-14 10:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-13 13:57:04 ----D---- C:\WINDOWS\ie8updates

2010-04-13 13:22:51 ----HDC---- C:\WINDOWS\ie8

2010-04-13 12:32:29 ----D---- C:\WINDOWS\system32\XPSViewer

2010-04-13 12:32:09 ----D---- C:\Program Files\MSBuild

2010-04-13 12:31:38 ----D---- C:\Program Files\Reference Assemblies

2010-04-13 12:27:19 ----N---- C:\WINDOWS\system32\prntvpt.dll

2010-04-13 12:27:18 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2010-04-13 12:27:18 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2010-04-13 12:06:19 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

2010-04-13 12:06:18 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-04-13 12:04:01 ----D---- C:\WINDOWS\system32\GroupPolicy

2010-04-13 12:04:01 ----D---- C:\Program Files\Windows Desktop Search

2010-04-13 12:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-04-13 12:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-04-13 11:55:59 ----HDC---- C:\WINDOWS\ie7

2010-04-13 11:38:13 ----RSD---- C:\WINDOWS\assembly

2010-04-13 11:38:13 ----D---- C:\WINDOWS\Microsoft.NET

2010-04-13 11:38:00 ----D---- C:\WINDOWS\system32\URTTemp

2010-03-31 10:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$



======List of files/folders modified in the last 1 months======



2010-04-16 15:41:26 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-16 15:41:17 ----D---- C:\WINDOWS\Temp

2010-04-16 15:36:41 ----HD---- C:\WINDOWS

2010-04-16 15:35:24 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-16 15:27:00 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-04-16 15:09:30 ----D---- C:\WINDOWS\Debug

2010-04-16 15:09:27 ----D---- C:\WINDOWS\Minidump

2010-04-16 15:01:59 ----HD---- C:\Program Files

2010-04-16 14:33:22 ----SHD---- C:\WINDOWS\Installer

2010-04-16 13:27:36 ----HD---- C:\WINDOWS\inf

2010-04-16 13:12:27 ----D---- C:\Program Files\Mozilla Firefox

2010-04-16 12:31:36 ----D---- C:\WINDOWS\system32\drivers

2010-04-16 12:27:31 ----D---- C:\WINDOWS\WinSxS

2010-04-16 12:26:18 ----AD---- C:\WINDOWS\system32

2010-04-16 12:22:52 ----RASH---- C:\boot.ini

2010-04-16 12:22:51 ----A---- C:\WINDOWS\win.ini

2010-04-16 12:22:51 ----A---- C:\WINDOWS\system.ini

2010-04-16 12:11:16 ----D---- C:\WINDOWS\pss

2010-04-16 11:28:42 ----A---- C:\WINDOWS\WDICT32.INI

2010-04-16 07:48:57 ----RSHD---- C:\WINDOWS\system32\dllcache

2010-04-15 18:55:30 ----A---- C:\WINDOWS\winamp.ini

2010-04-15 10:49:30 ----A---- C:\WINDOWS\orun32.ini

2010-04-15 09:29:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-15 09:20:32 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-15 09:09:19 ----D---- C:\WINDOWS\system32\CatRoot

2010-04-15 08:52:06 ----D---- C:\Program Files\Internet Explorer

2010-04-15 08:45:29 ----D---- C:\WINDOWS\Registration

2010-04-14 16:44:11 ----RSD---- C:\WINDOWS\Fonts

2010-04-14 16:43:52 ----D---- C:\Program Files\Microsoft Office

2010-04-14 16:43:38 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-04-14 12:58:11 ----A---- C:\WINDOWS\MAHJONGG.INI

2010-04-13 14:14:16 ----D---- C:\WINDOWS\Prefetch

2010-04-13 14:03:29 ----D---- C:\WINDOWS\system32\en-US

2010-04-13 14:03:28 ----D---- C:\WINDOWS\Media

2010-04-13 14:03:28 ----D---- C:\WINDOWS\Help

2010-04-13 12:29:45 ----D---- C:\WINDOWS\system32\spool

2010-04-13 12:12:48 ----D---- C:\WINDOWS\security

2010-04-13 12:05:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-04-13 12:04:01 ----D---- C:\WINDOWS\system32\wbem

2010-04-13 12:01:06 ----D---- C:\WINDOWS\ie7updates

2010-04-13 11:58:43 ----D---- C:\WINDOWS\WBEM

2010-04-13 11:38:46 ----D---- C:\WINDOWS\system32\mui

2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]

R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]

R2 HPGate;HPGate; C:\WINDOWS\System32\Drivers\HPGate.sys [2000-08-16 6848]

R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\System32\Drivers\ino_fltr.sys []

R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 Edspport;EDSP Port Driver; C:\WINDOWS\System32\DRIVERS\es56hpi.sys [2002-03-25 702204]

R3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys [2001-12-05 17388]

R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2001-11-06 14474]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-11-11 28164]

R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-24 25434]

R3 S3Twistr;S3Twistr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-01-15 128128]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2001-08-09 239312]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VIAIRDA;VIA Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\viairda.sys [2001-08-17 24576]

R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]

S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 BT3CSer;3Com Bluetooth Serial Driver; C:\WINDOWS\System32\DRIVERS\BT3CSer.sys [2001-06-05 6237]

S3 bt3cusb;bt3cusb; C:\WINDOWS\system32\drivers\bt3cusb.sys [2001-11-21 41261]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MA-620;Mobile Action MA-620 USB Infrared Adapter; C:\WINDOWS\System32\DRIVERS\MA-620.sys [2003-03-25 27136]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]

S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 SS1022;Siemens SpeedStream Wireless USB Driver; C:\WINDOWS\System32\DRIVERS\SSUSBN51.sys [2002-01-27 46976]

S3 SUSCOM;Susteen Serial port driver; C:\WINDOWS\System32\DRIVERS\SUSCOM.SYS [2002-10-22 40448]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R2 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2004-03-01 143360]

R2 HPConfig;HP Configuration Service; C:\WINDOWS\System32\HPConfig.exe [2001-12-05 159744]

R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-04-07 139536]

R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2004-04-07 241936]

R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-04-07 254224]

R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R3 RadioSvr;RadioSvr; C:\WINDOWS\system32\RadioSvr.exe [2001-12-05 122880]

S2 HpRfDev;HP RF Device Service; C:\WINDOWS\system32\HpRfDev.exe [2001-12-05 69632]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2004-03-01 155648]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]



-----------------EOF-----------------

Děkuji

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Polášek Jan]

Log zde

Kód: Vybrat vše

ComboFix 10-04-15.05 - Owner 04/16/2010  19:55:58.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.239.110 [GMT 2:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}


.



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\documents and settings\Owner\My Documents\cc_20100416_151105.reg

c:\documents and settings\Owner\My Documents\cc_20100416_151158.reg

c:\program files\instant access

c:\program files\instant access\Center\Icons\SuperBabes.lnk

c:\program files\instant access\Center\tray1.ico

c:\program files\instant access\DesktopIcons\SuperBabes.lnk

c:\program files\instant access\Dialer\9428880601\Common\hits.php

c:\program files\instant access\Dialer\9428880601\Common\module.php

c:\program files\instant access\Dialer\9428880601\Common\show_module.php

c:\program files\instant access\Dialer\9428880601\ExitTraffic\exit.php

c:\program files\instant access\Dialer\9428880601\FreeDesign\generic\free_design.php

c:\program files\instant access\Dialer\9428880601\FreeDesign\index.htm

c:\program files\instant access\Dialer\9428880601\FreeDesign\index.htm.netID

c:\program files\instant access\Dialer\9428880601\FreeDesign\index.htm_0.loginvis

c:\program files\instant access\Dialer\9428880601\img\0101.bmp

c:\program files\instant access\Dialer\9428880601\img\0102.bmp

c:\program files\instant access\Dialer\9428880601\img\020201.bmp

c:\program files\instant access\Dialer\9428880601\img\020202.bmp

c:\program files\instant access\Dialer\9428880601\img\020301.bmp

c:\program files\instant access\Dialer\9428880601\img\020302.bmp

c:\program files\instant access\Dialer\9428880601\img\020303.bmp

c:\program files\instant access\Dialer\9428880601\img\0301.bmp

c:\program files\instant access\Dialer\9428880601\img\0302.bmp

c:\program files\instant access\Dialer\9428880601\img\butgrrr.bmp

c:\program files\instant access\Dialer\9428880601\img\button1.bmp

c:\program files\instant access\Dialer\9428880601\img\dialer.ico

c:\program files\instant access\Dialer\9428880601\img\hits_img.bmp

C:\VDM6.tmp

c:\windows\system32\ReadMe.txt

c:\windows\TEMP\_avast5_\unp110693632.tmp



.

(((((((((((((((((((((((((   Files Created from 2010-03-16 to 2010-04-16  )))))))))))))))))))))))))))))))

.



2010-04-16 12:20 . 2010-04-16 12:20	--------	d-----w-	c:\program files\CCleaner

2010-04-16 11:14 . 2010-04-16 13:13	--------	d-----w-	c:\program files\trend micro

2010-04-16 11:14 . 2010-04-16 11:15	--------	d-----w-	C:\rsit

2010-04-16 10:31 . 2010-04-14 16:31	19024	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys

2010-04-16 10:31 . 2010-04-14 16:35	162768	----a-w-	c:\windows\system32\drivers\aswSP.sys

2010-04-16 10:31 . 2010-04-14 16:31	23376	----a-w-	c:\windows\system32\drivers\aswRdr.sys

2010-04-16 10:31 . 2010-04-14 16:35	46672	----a-w-	c:\windows\system32\drivers\aswTdi.sys

2010-04-16 10:30 . 2010-04-14 16:31	100432	----a-w-	c:\windows\system32\drivers\aswmon2.sys

2010-04-16 10:30 . 2010-04-14 16:31	94800	----a-w-	c:\windows\system32\drivers\aswmon.sys

2010-04-16 10:30 . 2010-04-14 16:30	28880	----a-w-	c:\windows\system32\drivers\aavmker4.sys

2010-04-16 10:26 . 2010-04-14 16:47	38848	----a-w-	c:\windows\system32\avastSS.scr

2010-04-16 10:26 . 2010-04-14 16:47	153184	----a-w-	c:\windows\system32\aswBoot.exe

2010-04-16 10:23 . 2010-04-16 10:23	--------	d-----w-	c:\program files\Alwil Software

2010-04-16 10:23 . 2010-04-16 10:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software

2010-04-16 10:00 . 2010-04-16 10:00	--------	d-----w-	c:\documents and settings\Owner\Application Data\Windows Search

2010-04-13 11:53 . 2010-02-16 04:50	64000	------w-	c:\windows\system32\dllcache\iecompat.dll

2010-04-13 11:22 . 2010-04-13 11:51	--------	dc-h--w-	c:\windows\ie8

2010-04-13 10:32 . 2010-04-13 10:32	--------	d-----w-	c:\windows\system32\XPSViewer

2010-04-13 10:32 . 2010-04-13 10:32	--------	d-----w-	c:\program files\MSBuild

2010-04-13 10:31 . 2010-04-13 10:31	--------	d-----w-	c:\program files\Reference Assemblies

2010-04-13 10:30 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-04-13 10:27 . 2008-07-06 12:06	89088	------w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-04-13 10:27 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll

2010-04-13 10:27 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-04-13 10:27 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-04-13 10:27 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll

2010-04-13 10:27 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\dllcache\xpsshhdr.dll

2010-04-13 10:27 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll

2010-04-13 10:27 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\dllcache\xpssvcs.dll

2010-04-13 10:06 . 2010-04-13 10:06	--------	d-----w-	c:\documents and settings\Owner\Application Data\Windows Desktop Search

2010-04-13 10:04 . 2010-04-15 06:57	--------	d-----w-	c:\program files\Windows Desktop Search

2010-04-13 10:04 . 2010-04-13 10:04	--------	d-----w-	c:\windows\system32\GroupPolicy

2010-04-13 10:02 . 2008-03-07 17:02	98304	------w-	c:\windows\system32\dllcache\nlhtml.dll

2010-04-13 10:02 . 2008-03-07 17:02	29696	------w-	c:\windows\system32\dllcache\mimefilt.dll

2010-04-13 10:02 . 2008-03-07 17:02	192000	------w-	c:\windows\system32\dllcache\offfilt.dll

2010-04-13 10:00 . 2010-03-10 13:18	13824	------w-	c:\windows\system32\dllcache\ieudinit.exe

2010-04-13 10:00 . 2010-02-25 06:24	594432	----a-w-	c:\windows\system32\dllcache\msfeeds.dll

2010-04-13 10:00 . 2010-02-25 06:24	55296	----a-w-	c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-13 10:00 . 2010-02-25 06:24	1985536	----a-w-	c:\windows\system32\dllcache\iertutil.dll

2010-04-13 09:59 . 2010-02-25 09:54	11070976	----a-w-	c:\windows\system32\dllcache\ieframe.dll

2010-04-13 09:59 . 2009-03-08 02:31	59904	----a-w-	c:\windows\system32\dllcache\icardie.dll

2010-04-13 09:59 . 2009-03-08 02:11	445952	----a-w-	c:\windows\system32\dllcache\ieapfltr.dll

2010-04-13 09:59 . 2009-02-06 19:07	3698584	----a-w-	c:\windows\system32\dllcache\ieapfltr.dat

2010-04-13 09:38 . 2010-04-13 09:41	--------	d-----w-	c:\windows\system32\URTTemp



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-15 08:50 . 2010-04-15 09:04	162204	----a-w-	c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1033.dat

2010-04-14 15:11 . 2004-02-27 18:15	83856	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-14 14:41 . 2010-04-14 14:41	--------	d-----w-	c:\program files\MSECache

2010-03-10 06:15 . 1980-01-01 07:00	420352	----a-w-	c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2004-01-08 23:23	916480	----a-w-	c:\windows\system32\wininet.dll

2010-02-24 13:11 . 1980-01-01 07:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 07:10 . 1980-01-01 07:00	2189952	----a-w-	c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2001-08-17 20:48	2066816	----a-w-	c:\windows\system32\ntkrnlpa.exe

2010-02-12 10:03 . 2010-03-15 09:41	293376	------w-	c:\windows\system32\browserchoice.exe

2010-02-12 04:33 . 1980-01-01 07:00	100864	----a-w-	c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 1980-01-01 07:00	226880	----a-w-	c:\windows\system32\drivers\tcpip6.sys

2003-03-21 11:45 . 2009-01-23 09:22	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx

2002-11-05 16:41 . 2002-11-05 16:41	187	----a-w-	c:\program files\Shortcut to CD Drive.lnk

2009-01-17 18:36 . 2008-01-27 18:20	67688	----a-w-	c:\program files\mozilla firefox\components\jar50.dll

2009-01-17 18:36 . 2008-01-27 18:20	54368	----a-w-	c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-17 18:36 . 2008-01-27 18:20	34944	----a-w-	c:\program files\mozilla firefox\components\myspell.dll

2009-01-17 18:36 . 2008-01-27 18:20	46712	----a-w-	c:\program files\mozilla firefox\components\spellchk.dll

2009-01-17 18:36 . 2008-01-27 18:20	172136	----a-w-	c:\program files\mozilla firefox\components\xpinstal.dll

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"S3TRAY2"="S3tray2.exe" [2002-01-15 69632]

"HP Display Settings"="c:\program files\Hewlett-Packard\HP Display Settings\hpdisply.exe" [2001-12-05 49152]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-09 94208]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-09 352256]

"CP4HPOT"="c:\progra~1\HPONE-~1\OneTouch.EXE" [2001-12-01 77824]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-20 52736]

"HP Presentation Ready"="c:\program files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe" [2001-11-08 73728]

"MMTray"="c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2002-11-01 90112]

"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 132704]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]



c:\documents and settings\All Users\Start Menu\Programs\Startup\

SpeedStream Wireless LAN Utility.lnk - c:\program files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe [2002-12-3 167936]



[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]



[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]

2002-02-14 14:37	163840	----a-w-	c:\windows\essspk.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

2004-04-07 01:14	504080	----a-w-	c:\progra~1\CA\ETRUST~1\Realmon.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2000-10-16 17:37	32768	----a-w-	c:\windows\system32\rmctrl.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

2000-07-13 20:00	24576	----a-w-	c:\program files\Microsoft Works\wkfud.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

2003-04-30 22:21	184784	----a-w-	c:\program files\WildTangent\Apps\GameChannel.exe



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/16/2010 12:31 PM 162768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/16/2010 12:31 PM 19024]

R2 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [3/1/2004 7:07 AM 143360]

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/20/2002 3:29 AM 53248]

S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [3/1/2004 7:07 AM 155648]

S3 SS1022;Siemens SpeedStream Wireless USB Driver;c:\windows\system32\drivers\SSUSBN51.sys [12/3/2002 4:50 PM 46976]

S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [6/25/2004 1:49 PM 40448]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.seznam.cz/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\zl6ec2j8.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

.

------- File Associations -------

.

.

- - - - ORPHANS REMOVED - - - -



MSConfigStartUp-HPLaptopGamesActiveMenu - c:\program files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\Winampa.exe

AddRemove-ESSMDM - c:\windows\remvess







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-16 20:15

Windows 5.1.2600 Service Pack 3 NTFS



scanning hidden processes ...  



scanning hidden autostart entries ... 



HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  MMTray = c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe?w???g ???V??g ???SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g???????????gPBY?@AY????????s"???2???????????8???? @???X???X?????????????????? Y???????Q????? 



scanning hidden files ...  



scan completed successfully

hidden files: 0



**************************************************************************

.

Completion time: 2010-04-16  20:24:17

ComboFix-quarantined-files.txt  2010-04-16 18:24



Pre-Run: 518,287,360 bytes free

Post-Run: 1,001,373,696 bytes free



- - End Of File - - A3CB56DAFEA0E5D4ACF3FEC8DAB9A442

[Rudy]

Několik položek bylo smazáno. Zbytek logu vypadá čistý. Nastala nějaká změna?