Zdravím, včera ke mě přišel na návštěvu bez pozvání do notebooka ten NT AUTHORITY\SYSTEM a spolu s nim se mi často objevuje hláška Generic Host Process for Win32 Services. Zlobí to, jen když mám nainstalovanou a zaplou wifinu. Když ji odinstaluju, funguje v pohodě. A taky to dělá, že mi v tom Windowsu nejde načíst CDčka a DVDčka, ale jinak v nouzovém režimu načítají v pohodě a i při náběhu PC.
Udělal jsme ten log s HijackThis. Mohli byste mi někdo prosím vás říct, co dál s tím mám udělat? Děkuji moc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:46, on 15.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4180 bytes
Vítám Tš na fóru. Jinak příště nevkládej svůj dotaz do jiného příspěvku. Přesunuto a upraven název. Pic
Jak na NT AUTHORITY SYSTEM?
Re: Jak na NT AUTHORITY SYSTEM?
Pry v tomto nic zavadneho neni 
Zkusil jsme ComboFix. Nevidite v nem uz neco prosim vas?
ComboFix 08-04-15.8 - bil208 2008-04-16 20:59:30.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\bil208\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 20:30 . 2008-04-15 20:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 20:17 . 2005-04-19 21:05 516,096 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-04-15 20:17 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-04-15 20:17 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-04-15 20:17 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-04-15 20:17 . 2008-04-15 20:17 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-04-15 12:35 . 2008-04-15 12:35 390 --a------ C:\WINDOWS\ODBC.INI
2008-04-15 12:33 . 2008-04-15 12:34 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-15 12:05 . 2008-04-15 12:05 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\AdobeUM
2008-04-15 09:32 . 2008-04-15 09:32 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\ACD Systems
2008-04-15 08:10 . 2008-04-15 08:24 1,593 --a------ C:\WINDOWS\VPNUnInstall.MIF
2008-04-15 08:04 . 2008-04-15 08:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-15 08:04 . 2008-04-15 08:04 <DIR> d-------- C:\Program Files\Cisco Systems
2008-04-15 08:04 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-04-15 08:04 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-04-15 08:04 . 2008-04-15 08:12 1,593 --a------ C:\WINDOWS\VPNInstall.MIF
2008-04-15 00:59 . 2008-04-15 00:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-15 00:58 . 2008-04-15 00:58 <DIR> d-------- C:\Program Files\Winamp
2008-04-15 00:57 . 2008-04-15 00:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-15 00:57 . 2008-04-15 00:57 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\vlc
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Program Files\Skype
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\Skype
2008-04-15 00:55 . 2008-04-15 00:55 <DIR> d-------- C:\Program Files\PSPad editor
2008-04-15 00:55 . 2008-04-15 00:55 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\PSpad
2008-04-15 00:55 . 2008-04-15 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-04-15 00:54 . 2008-04-15 00:54 <DIR> d-------- C:\Program Files\Opera
2008-04-15 00:53 . 2008-04-15 00:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-15 00:53 . 2008-04-15 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-04-15 00:53 . 2006-04-06 20:11 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Program Files\CDex_140b9
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-15 00:50 . 2008-04-15 00:51 <DIR> d-------- C:\Programy
2008-04-15 00:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 00:33 . 2008-04-16 21:00 162 --a------ C:\ASWL2K.ini
2008-04-15 00:31 . 2008-04-15 00:31 <DIR> d-------- C:\Program Files\ASUS
2008-04-15 00:31 . 2005-02-11 21:46 371,712 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-04-15 00:31 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-04-15 00:31 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-04-15 00:31 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-04-15 00:29 . 2008-04-15 00:29 <DIR> d-------- C:\Program Files\Wireless Console 2
2008-04-15 00:29 . 2005-10-17 17:09 987,136 --a------ C:\WINDOWS\system32\wcourier.exe
2008-04-15 00:29 . 2003-02-21 20:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-15 00:27 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-04-15 00:27 . 2005-07-12 19:00 51,328 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-04-15 00:27 . 2005-07-14 12:14 27,904 --a------ C:\WINDOWS\system32\drivers\risdptsk.sys
2008-04-15 00:26 . 2008-04-16 20:56 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-15 00:26 . 2008-04-15 00:26 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-15 00:26 . 2008-04-15 00:26 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-15 00:25 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-15 00:25 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-04-15 00:24 . 2008-04-15 00:24 <DIR> d-------- C:\Program Files\Realtek
2008-04-15 00:22 . 2008-04-15 00:22 <DIR> d-------- C:\WINDOWS\Motorola
2008-04-15 00:20 . 2008-04-15 00:20 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-15 00:20 . 2008-04-15 00:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 00:20 . 2005-11-16 10:08 78,976 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-15 00:18 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-15 00:16 . 2008-04-15 00:17 <DIR> d-------- C:\WINDOWS\nview
2008-04-15 00:16 . 2006-04-27 04:48 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-15 00:16 . 2008-04-16 20:56 50,868 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-15 00:16 . 2006-04-27 04:48 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-15 00:15 . 2008-04-15 01:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-15 00:15 . 2006-04-27 12:36 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-15 00:08 . 2006-01-20 06:44 862,340 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2008-04-15 00:01 . 1997-04-22 12:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 10:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 06:42 --------- d-----w C:\Program Files\ESET
2008-04-14 23:12 --------- d-----w C:\Program Files\PowerQuest
2008-04-14 23:09 --------- d-----w C:\Program Files\Ahead
2008-04-14 23:08 --------- d-----w C:\Program Files\Verdict Free
2008-04-14 23:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-14 23:04 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-14 23:04 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-14 23:04 --------- d-----w C:\Program Files\ICQLite
2008-04-14 23:04 --------- d-----w C:\Program Files\Audacity
2008-04-14 23:03 --------- d-----w C:\Documents and Settings\bil208\Data aplikací\ICQLite
2008-04-14 23:02 --------- d-----w C:\Program Files\Lame
2008-04-14 23:02 --------- d-----w C:\Program Files\GoldWave
2008-04-14 23:00 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-14 23:00 --------- d-----w C:\Program Files\ACD Systems
2008-04-14 23:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-04-14 21:45 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 04:48 7561216]
"nwiz"="nwiz.exe" [2006-04-27 04:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 04:48 86016]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 06:34 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 08:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-15 01:04 917504]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 MMIOPORT;MMIOPORT;C:\WINDOWS\system32\drivers\MMIOPORT.sys [2000-03-02 13:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-16 21:01:00
ComboFix-quarantined-files.txt 2008-04-16 19:00:58
Adresářů: 7, Volných bajtů: 15,566,700,544
Adresářů: 9, Volných bajtů: 15,620,308,992
Zkusil jsme ComboFix. Nevidite v nem uz neco prosim vas?ComboFix 08-04-15.8 - bil208 2008-04-16 20:59:30.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.630 [GMT 2:00]
Running from: C:\Documents and Settings\bil208\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 20:30 . 2008-04-15 20:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 20:17 . 2005-04-19 21:05 516,096 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-04-15 20:17 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-04-15 20:17 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-04-15 20:17 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-04-15 20:17 . 2008-04-15 20:17 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-04-15 12:35 . 2008-04-15 12:35 390 --a------ C:\WINDOWS\ODBC.INI
2008-04-15 12:33 . 2008-04-15 12:34 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-15 12:05 . 2008-04-15 12:05 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\AdobeUM
2008-04-15 09:32 . 2008-04-15 09:32 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\ACD Systems
2008-04-15 08:10 . 2008-04-15 08:24 1,593 --a------ C:\WINDOWS\VPNUnInstall.MIF
2008-04-15 08:04 . 2008-04-15 08:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-15 08:04 . 2008-04-15 08:04 <DIR> d-------- C:\Program Files\Cisco Systems
2008-04-15 08:04 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-04-15 08:04 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-04-15 08:04 . 2008-04-15 08:12 1,593 --a------ C:\WINDOWS\VPNInstall.MIF
2008-04-15 00:59 . 2008-04-15 00:59 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-15 00:58 . 2008-04-15 00:58 <DIR> d-------- C:\Program Files\Winamp
2008-04-15 00:57 . 2008-04-15 00:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-15 00:57 . 2008-04-15 00:57 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\vlc
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Program Files\Skype
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-15 00:56 . 2008-04-15 00:56 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\Skype
2008-04-15 00:55 . 2008-04-15 00:55 <DIR> d-------- C:\Program Files\PSPad editor
2008-04-15 00:55 . 2008-04-15 00:55 <DIR> d-------- C:\Documents and Settings\bil208\Data aplikací\PSpad
2008-04-15 00:55 . 2008-04-15 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2008-04-15 00:54 . 2008-04-15 00:54 <DIR> d-------- C:\Program Files\Opera
2008-04-15 00:53 . 2008-04-15 00:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-15 00:53 . 2008-04-15 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-04-15 00:53 . 2006-04-06 20:11 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Program Files\CDex_140b9
2008-04-15 00:52 . 2008-04-15 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-15 00:50 . 2008-04-15 00:51 <DIR> d-------- C:\Programy
2008-04-15 00:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 00:33 . 2008-04-16 21:00 162 --a------ C:\ASWL2K.ini
2008-04-15 00:31 . 2008-04-15 00:31 <DIR> d-------- C:\Program Files\ASUS
2008-04-15 00:31 . 2005-02-11 21:46 371,712 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-04-15 00:31 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-04-15 00:31 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-04-15 00:31 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-04-15 00:29 . 2008-04-15 00:29 <DIR> d-------- C:\Program Files\Wireless Console 2
2008-04-15 00:29 . 2005-10-17 17:09 987,136 --a------ C:\WINDOWS\system32\wcourier.exe
2008-04-15 00:29 . 2003-02-21 20:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-15 00:27 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll
2008-04-15 00:27 . 2005-07-12 19:00 51,328 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys
2008-04-15 00:27 . 2005-07-14 12:14 27,904 --a------ C:\WINDOWS\system32\drivers\risdptsk.sys
2008-04-15 00:26 . 2008-04-16 20:56 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-15 00:26 . 2008-04-15 00:26 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-15 00:26 . 2008-04-15 00:26 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-15 00:25 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-15 00:25 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-04-15 00:24 . 2008-04-15 00:24 <DIR> d-------- C:\Program Files\Realtek
2008-04-15 00:22 . 2008-04-15 00:22 <DIR> d-------- C:\WINDOWS\Motorola
2008-04-15 00:20 . 2008-04-15 00:20 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-15 00:20 . 2008-04-15 00:31 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-15 00:20 . 2005-11-16 10:08 78,976 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-15 00:18 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-15 00:16 . 2008-04-15 00:17 <DIR> d-------- C:\WINDOWS\nview
2008-04-15 00:16 . 2006-04-27 04:48 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-15 00:16 . 2008-04-16 20:56 50,868 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-15 00:16 . 2006-04-27 04:48 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-15 00:15 . 2008-04-15 01:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-15 00:15 . 2006-04-27 12:36 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-15 00:08 . 2006-01-20 06:44 862,340 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2008-04-15 00:01 . 1997-04-22 12:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 10:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-15 06:42 --------- d-----w C:\Program Files\ESET
2008-04-14 23:12 --------- d-----w C:\Program Files\PowerQuest
2008-04-14 23:09 --------- d-----w C:\Program Files\Ahead
2008-04-14 23:08 --------- d-----w C:\Program Files\Verdict Free
2008-04-14 23:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-14 23:04 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-14 23:04 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-14 23:04 --------- d-----w C:\Program Files\ICQLite
2008-04-14 23:04 --------- d-----w C:\Program Files\Audacity
2008-04-14 23:03 --------- d-----w C:\Documents and Settings\bil208\Data aplikací\ICQLite
2008-04-14 23:02 --------- d-----w C:\Program Files\Lame
2008-04-14 23:02 --------- d-----w C:\Program Files\GoldWave
2008-04-14 23:00 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-14 23:00 --------- d-----w C:\Program Files\ACD Systems
2008-04-14 23:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-04-14 21:45 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 11:24 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 04:48 7561216]
"nwiz"="nwiz.exe" [2006-04-27 04:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 04:48 86016]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 06:34 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 08:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06 3144800]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-15 01:04 917504]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 MMIOPORT;MMIOPORT;C:\WINDOWS\system32\drivers\MMIOPORT.sys [2000-03-02 13:16]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:00:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-04-16 21:01:00
ComboFix-quarantined-files.txt 2008-04-16 19:00:58
Adresářů: 7, Volných bajtů: 15,566,700,544
Adresářů: 9, Volných bajtů: 15,620,308,992
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 120 hostů