Problém s PC, nejdou spustit aplikace (+ log HJT) Vyřešeno

[dawy]

Zdravím, mám s PC problém, instaloval jsem hry CoD 4 a Battlefield 2, pak najednou nejdou spustit téměř žádné aplikace, hází to různé chyby


PC jsem následně pročistil programem CCleaner, nic se nezměnilo

tady je log s HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:58, on 15.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dolsrvcbar2.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
M:\Software\BSplayer\bsplayer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\svchost.exe
M:\Software\FirefoxPortable_3.0.3\FirefoxPortable.exe
M:\Software\FirefoxPortable_3.0.3\App\firefox\firefox.exe
C:\Documents and Settings\David\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=92&bd=all&pf=cmdt
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6354485301
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Dolphin CBar Service 2 (DolphinCBarSrv2) - Dolphin Oceanic Ltd. - C:\WINDOWS\system32\dolsrvcbar2.exe
O23 - Service: Google Update Service (gupdate1ca1bfe2fdb6612) (gupdate1ca1bfe2fdb6612) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 11038 bytes


soubor svchoost.exe, který se spouští ze složky Windows (někdo tvrdil, že by se měl spouštět ze system32) jsem otestoval na virustotalu, zde je výsledek:

Kód: Vybrat vše

http://www.virustotal.com/cs/analisis/20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8-1250413164

U jednotlivých aplikací jsem provedl repair instalaci a bylo to dobré do té doby, než jsem restartoval PC, pak bylo téměř vše znovu nefunkční (po repair instalaci a restartu funguje akorát ICQ, steam a QIP). Když jsem externí disk připojil k druhému PC, poškozená aplikace také nešla spustit

Pokoušel jsem se systém vrátit k bodu obnovy, ale nikdy se to nepodařilo, o přeinstalování celého PC jsem uvažoval, ale ztratil bych tak plno OEM softwaru
Moc prosím o radu

[Reklama]

[pitimir]

Nazdar.

1) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


2) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nic nevyskoci), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

//To pitimir -uprav si prosím podpis , takové věty tady nevedeme( osobní útoky ap.). Viz Pravidla fóra jaro3

[dawy]

Zjišťuji, že i systém je značně zpomalený, takže tam asi bude nějaká havěť
Při spusštění Combofixu jsem nemohl ukončit rezidentní štít AVG, protože uživatelské rozhraní nejde spustit kvůli výše popsanému problému, ale jednotlivé komponenty běží
tady je log z Combofixu:

ComboFix 09-08-10.06 - David 16.08.2009 10:59.1.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3579.2952 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-765280498-1167273204-3509494611-500
c:\windows\Installer\37302080.msi
c:\windows\svchost.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
L:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 09:05 . 2009-08-16 09:05 118784 ----a-w- c:\windows\system32\chg.exe
2009-08-16 06:29 . 2009-08-16 06:29 -------- d-----w- c:\program files\HD Tune
2009-08-15 20:46 . 2009-08-15 20:46 -------- d-----w- c:\documents and settings\David\Data aplikacÝ
2009-08-15 20:38 . 2009-02-27 11:43 989720 ----a-w- c:\windows\system32\heciudlg.exe
2009-08-15 20:38 . 2009-08-15 20:38 -------- d-----w- C:\Intel
2009-08-15 20:37 . 2009-08-15 20:37 -------- d-----w- C:\swsetup
2009-08-15 20:33 . 2009-08-15 20:33 -------- d-----w- c:\program files\MSECache
2009-08-15 20:31 . 2009-08-15 20:42 -------- d-----w- c:\program files\ICQ6.5
2009-08-15 20:26 . 2008-02-22 14:53 676224 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-15 16:56 . 2009-08-15 16:56 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-15 14:50 . 2009-08-15 14:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-15 14:50 . 2009-08-15 14:50 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-15 14:49 . 2009-08-15 14:49 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-15 13:43 . 2009-08-15 13:53 -------- d-----w- c:\windows\system32\NtmsData
2009-08-15 11:00 . 2009-08-15 11:00 -------- d-sh--w- c:\windows\ftpcache
2009-08-15 10:36 . 2009-08-15 10:37 -------- d-----w- c:\program files\Jabbim
2009-08-14 14:29 . 2009-08-14 14:29 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-13 15:48 . 2009-08-16 07:31 -------- d-----w- c:\program files\Cheat Engine
2009-08-13 15:48 . 2007-12-26 15:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-08-13 15:48 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-08-13 10:26 . 2009-08-13 10:26 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-08-13 10:26 . 2002-02-27 16:50 197120 ----a-w- c:\windows\patchw32.dll
2009-08-12 04:47 . 2009-07-10 13:28 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 13:03 . 2009-08-16 08:40 -------- d-----w- c:\program files\Steam
2009-08-10 18:56 . 2009-08-10 18:56 31232 ----a-w- c:\windows\system32\drivers\Uplink.sys
2009-08-10 09:53 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-08-10 09:53 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-08-10 09:49 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-08-10 09:21 . 2009-08-15 14:50 -------- d-----w- c:\program files\Nokia
2009-08-10 09:18 . 2009-08-10 09:18 -------- d-----w- c:\program files\DIFX
2009-08-10 09:18 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-08-10 09:18 . 2009-08-15 20:38 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 18:46 . 2009-08-06 18:46 -------- d--h--w- c:\windows\PIF
2009-08-06 15:46 . 2009-08-06 15:46 -------- d-sh--w- c:\documents and settings\David\IECompatCache
2009-08-06 11:19 . 2009-08-06 11:19 4096 ----a-w- c:\windows\d3dx.dat
2009-08-06 08:48 . 2009-08-06 08:48 -------- d-----w- c:\program files\3DO
2009-08-06 08:45 . 2009-08-06 08:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-06 08:44 . 2009-08-10 09:53 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-06 08:43 . 1998-10-29 14:45 342016 ----a-w- c:\windows\IsUninst.exe
2009-08-03 16:21 . 2009-08-03 16:21 1497600 ----a-w- c:\windows\system32\cpuz147.exe
2009-08-02 13:30 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-02 13:30 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-02 13:30 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-02 13:30 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-01 12:44 . 2009-08-01 12:44 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-01 12:44 . 2009-08-01 12:44 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-01 12:44 . 2009-08-01 12:44 -------- d-----w- c:\windows\system32\Futuremark
2009-08-01 12:44 . 2004-10-25 18:02 21664 ----a-w- c:\windows\system32\drivers\Entech.sys
2009-08-01 12:44 . 2004-06-22 13:44 5632 ----a-w- c:\windows\system32\drivers\Entech64.sys
2009-08-01 12:44 . 2001-11-19 17:05 3972 ----a-w- c:\windows\system32\drivers\PciBus.sys
2009-08-01 12:43 . 2009-08-01 12:43 -------- d-----w- c:\program files\Futuremark
2009-07-31 20:58 . 2009-07-31 21:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-31 14:34 . 1998-02-06 20:37 334848 ----a-w- c:\windows\uninst.exe
2009-07-31 12:51 . 2009-07-31 12:51 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-31 12:51 . 2009-07-31 12:51 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-29 07:15 . 2002-10-17 13:14 49024 ----a-w- c:\windows\system32\drivers\sisidex.sys
2009-07-29 07:15 . 2002-08-20 15:19 9472 ----a-w- c:\windows\system32\drivers\sisperf.sys
2009-07-29 07:15 . 1998-01-23 10:19 339968 ----a-w- c:\windows\IsUn0405.exe
2009-07-29 07:15 . 2009-07-29 07:15 -------- d-----w- c:\documents and settings\David\WINDOWS
2009-07-28 18:28 . 2009-07-28 18:28 2373193 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-28 16:28 . 2009-07-28 16:28 -------- d-----w- c:\windows\wb
2009-07-27 11:57 . 2009-07-27 11:58 -------- d-----w- c:\program files\Prime95
2009-07-26 11:10 . 2009-07-26 11:10 -------- d-sh--w- c:\documents and settings\Veve\IECompatCache
2009-07-26 11:09 . 2009-07-26 11:09 -------- d-sh--w- c:\documents and settings\Veve\PrivacIE
2009-07-26 11:02 . 2009-07-26 11:02 -------- d-sh--w- c:\documents and settings\Veve\IETldCache
2009-07-26 08:04 . 2009-07-26 08:04 -------- d-sh--w- c:\documents and settings\David\PrivacIE
2009-07-25 20:15 . 2009-07-25 20:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-25 18:46 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-25 18:46 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-25 18:45 . 2009-07-25 18:45 -------- d-sh--w- c:\documents and settings\David\IETldCache
2009-07-25 16:21 . 2009-07-25 16:21 -------- d-----w- c:\windows\ie8updates
2009-07-25 16:21 . 2009-07-30 12:18 -------- d-----w- c:\program files\Seznam.cz
2009-07-25 16:21 . 2009-07-25 16:22 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-25 16:19 . 2009-07-25 16:21 -------- dc-h--w- c:\windows\ie8
2009-07-25 16:18 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-25 16:18 . 2009-07-03 16:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 16:18 . 2009-07-03 16:59 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-24 17:52 . 2006-03-23 17:53 114688 ----a-w- c:\windows\Lavish.dll
2009-07-24 17:47 . 2009-08-15 21:24 -------- d-----w- c:\program files\InnerSpace
2009-07-21 11:13 . 2009-07-21 11:13 -------- d-----w- c:\windows\system32\xlive
2009-07-21 07:53 . 2009-07-21 07:53 -------- d-----w- c:\windows\Sun
2009-07-20 17:09 . 2009-07-28 18:28 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-20 17:09 . 2009-07-28 18:28 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-20 17:09 . 2009-07-28 18:28 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-20 16:52 . 2009-08-06 08:44 -------- d-----w- c:\windows\system32\LogFiles
2009-07-20 12:48 . 2009-07-20 12:48 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-19 07:32 . 2009-07-19 07:32 772608 ----a-w- c:\windows\iun6002.exe
2009-07-19 07:32 . 2009-08-15 17:01 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-18 19:57 . 2009-07-18 19:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-18 19:55 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-18 19:55 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-18 19:55 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-18 19:55 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-18 19:55 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-18 19:55 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-18 19:55 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-18 19:55 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-18 19:55 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-18 19:55 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-18 19:52 . 2009-07-18 19:52 -------- d-----w- c:\windows\Logs
2009-07-18 19:33 . 2009-07-18 19:33 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-18 18:05 . 2009-08-15 14:47 -------- d-----w- c:\program files\QIP
2009-07-17 19:04 . 2009-07-17 19:04 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 08:43 . 2006-05-04 22:29 83742 ----a-w- c:\windows\system32\perfc005.dat
2009-08-16 08:43 . 2006-05-04 22:29 441086 ----a-w- c:\windows\system32\perfh005.dat
2009-08-16 07:31 . 2009-08-13 15:48 -------- d-----w- c:\program files\Cheat Engine
2009-08-15 22:11 . 2009-06-30 07:31 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-15 22:11 . 2009-06-30 07:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 22:11 . 2009-06-30 07:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-15 22:11 . 2009-06-30 07:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 22:11 . 2009-06-30 07:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 20:53 . 2009-06-30 10:13 -------- d-----w- c:\program files\VIEWDIO
2009-08-15 20:38 . 2009-06-30 06:25 -------- d-----w- c:\program files\Intel
2009-08-15 16:44 . 2009-06-30 06:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 14:48 . 2009-06-30 07:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 09:52 . 2009-08-10 09:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-08-10 09:52 . 2009-08-10 09:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-05 09:01 . 2004-08-17 22:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 16:55 . 2009-06-30 09:20 -------- d-----w- c:\program files\ZoomText 9.1
2009-07-17 19:04 . 2004-08-17 22:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 22:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:00 . 2009-07-08 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 16:57 . 2009-07-08 16:57 -------- d-----r- c:\program files\Skype
2009-07-08 16:57 . 2009-07-08 16:57 -------- d-----w- c:\program files\Common Files\Skype
2009-07-03 16:59 . 2004-08-17 22:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 08:08 . 2009-07-01 08:08 701 ----a-w- c:\windows\unins000.dat
2009-07-01 08:08 . 2002-02-10 00:00 72819 ----a-w- c:\windows\unins000.exe
2009-06-30 15:08 . 2009-06-30 15:08 -------- d-----w- c:\program files\microsoft frontpage
2009-06-30 13:39 . 2009-06-30 07:15 -------- d-----w- c:\program files\Common Files\Nero
2009-06-30 13:37 . 2009-06-30 13:37 -------- d-----w- c:\program files\Nero
2009-06-30 13:12 . 2009-06-30 09:24 4 ----a-w- c:\windows\vx86036.dat
2009-06-30 09:51 . 2009-06-30 09:51 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 09:22 . 2009-06-30 09:22 -------- d-----w- c:\program files\VW
2009-06-30 09:22 . 2009-06-30 06:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 08:43 . 2009-06-30 07:35 -------- d-----w- c:\program files\Canon
2009-06-30 08:42 . 2009-06-30 08:42 -------- d--h--w- c:\program files\CanonBJ
2009-06-30 08:34 . 2009-06-30 08:34 -------- d-----w- c:\program files\InterVideo
2009-06-30 08:34 . 2009-06-30 08:34 -------- d-----w- c:\program files\Common Files\InterVideo
2009-06-30 08:29 . 2006-05-04 22:16 4018 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-06-30 08:29 . 2006-05-04 22:16 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 08:01 . 2009-06-30 07:23 -------- d-----w- c:\program files\Microsoft Works
2009-06-30 07:49 . 2009-06-30 07:46 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2009-06-30 07:48 . 2009-06-30 07:48 -------- d-----w- c:\program files\Common Files\ABBYY
2009-06-30 07:42 . 2009-06-30 07:42 -------- d-----w- c:\program files\Acapela Group
2009-06-30 07:33 . 2009-06-30 07:33 -------- d-----w- c:\program files\GALOP
2009-06-30 07:31 . 2009-06-30 07:31 -------- d-----w- c:\program files\AVG
2009-06-30 07:22 . 2009-06-30 07:22 -------- d-----w- c:\program files\Microsoft.NET
2009-06-30 07:07 . 2009-06-30 06:27 -------- d-----w- c:\program files\HPQ
2009-06-30 07:07 . 2009-06-30 06:23 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-30 06:39 . 2009-06-30 06:39 -------- d-----w- c:\program files\Windows Sidebar
2009-06-30 06:37 . 2009-06-30 06:37 -------- d-----w- c:\program files\Zástupci programů
2009-06-30 06:33 . 2009-06-30 06:33 1974 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dc7900 Convertible Minitower_YB_0Comp_QCZC910_EU_48_I3032h_SHP_V_B786G1 v01.08_T080825_WXP2_L405_M3580_J160_7Intel_8Pentium III Xeon_92.66_#090630_N808610DE_(KP719AV)_X_CD6_Z_2_G10DE042F.MRK
2009-06-30 06:31 . 2009-06-30 06:31 -------- d-----w- c:\program files\Altiris
2009-06-30 06:30 . 2009-06-30 06:30 -------- d-----w- c:\program files\Compaq
2009-06-30 06:29 . 2009-06-30 06:29 -------- d-----w- c:\program files\Common Files\ActivIdentity
2009-06-30 06:29 . 2009-06-30 06:29 -------- d-----w- c:\program files\ActivIdentity
2009-06-30 06:28 . 2006-05-04 22:16 14440 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-30 06:26 . 2009-06-30 06:26 -------- d-----w- c:\program files\Common Files\postureAgent
2009-06-30 06:26 . 2009-06-30 06:26 -------- d-----w- c:\program files\Common Files\Intel
2009-06-30 06:25 . 2009-06-30 06:25 -------- d-----w- c:\program files\Analog Devices
2009-06-30 06:24 . 2009-06-30 06:24 -------- d-----w- c:\program files\Java
2009-06-30 06:24 . 2009-06-30 06:24 -------- d-----w- c:\program files\Common Files\Java
2009-06-30 06:19 . 2009-06-30 06:19 -------- d-----w- c:\program files\MSBuild
2009-06-30 06:18 . 2009-06-30 06:18 -------- d-----w- c:\program files\Reference Assemblies
2009-06-16 14:40 . 2004-08-17 22:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-24 19:24 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2009-06-30 15:03 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 22:49 81408 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 22:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-04 05:59 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 22:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-17 22:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 12:20 . 2009-06-30 09:20 163840 ----a-w- c:\windows\system32\Ai2XOR.dll
2009-05-26 12:20 . 2009-06-30 09:20 58368 ----a-w- c:\windows\system32\Ai2d91.dll
2009-05-26 12:20 . 2009-06-30 09:20 15872 ----a-w- c:\windows\system32\Ai2Ldr.dll
2009-05-26 11:50 . 2009-06-30 09:20 7680 ----a-w- c:\windows\system32\drivers\Ai2sXP.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"Steam"="c:\program files\Steam\Steam.exe" [2009-08-15 1217784]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13586432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 561152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 607016]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2003-11-25 203264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-27 15:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-27 15:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 22:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"m:\\hry\\MotoGP URT 3\\motogp.exe"=
"m:\\hry\\Far Cry 2\\bin\\FarCry2.exe"=
"m:\\hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"m:\\hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"m:\\hry\\FlatOut Ultimate Carnage\\Fouc.exe"=
"m:\\hry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"m:\\Software\\BitComet v1.13\\BitComet.exe"=
"m:\\Software\\uTorrent\\uTorrent.exe"=
"m:\\Software\\FirefoxPortable_3.0.3\\App\\Firefox\\firefox.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\counter-strike beta\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\raghod\\team fortress classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5071:UDP"= 5071:UDP:Express Talk Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [30.6.2009 9:31 12552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [30.6.2009 16:56 24064]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [30.6.2009 11:20 7680]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.6.2009 9:31 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.6.2009 9:31 108552]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [11.7.2008 14:44 191872]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16.5.2008 15:31 759072]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27.11.2007 17:42 185896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30.6.2009 15:00 297752]
R2 DolphinCBarSrv2;Dolphin CBar Service 2;c:\windows\system32\dolsrvcbar2.exe [30.6.2009 8:40 258048]
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [18.7.2003 3:55 18848]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [30.6.2009 8:26 2054680]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [30.6.2009 17:08 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [30.6.2009 16:53 44800]
S2 gupdate1ca1bfe2fdb6612;Google Update Service (gupdate1ca1bfe2fdb6612);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Uplink;Uplink;c:\windows\system32\drivers\Uplink.sys [10.8.2009 20:56 31232]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [30.6.2009 17:02 57344]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{0DB2C469-B42A-4B7D-844F-3910AE2B8BC8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 11:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll

- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\Crypserv.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-08-16 11:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-16 09:09

Před spuštěním: Volných bajtů: 93 916 606 464
Po spuštění: Volných bajtů: 95 841 480 704

377 --- E O F --- 2009-08-16 07:36





tady první log z GMERu:

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-16 11:16:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateKey [0xB6AEBF2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateValueKey [0xB6AEC2E6]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB9C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs fslx.sys (FSL System Driver/Altiris, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----





a tady druhý log z GMERu:


GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-16 11:29:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwClose [0xB6AEB7F8]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwCreateKey [0xB6AEB114]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwDeleteKey [0xB6AEB8BA]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwDeleteValueKey [0xB6AEBB0A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwDuplicateObject [0xB6AEC712]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateKey [0xB6AEBF2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateValueKey [0xB6AEC2E6]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwFlushKey [0xB6AEB892]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwLoadKey [0xB6AEC5A4]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwOpenKey [0xB6AEAD76]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryKey [0xB6AEC038]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwQueryValueKey [0xB6AEC428]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwRenameKey [0xB6AEC7A2]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwSetValueKey [0xB6AEBD62]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwUnloadKey [0xB6AEC624]

INT 0x62 ? 8AB9DBF8
INT 0x63 ? 8AB9DBF8
INT 0x63 ? 8AB9DBF8
INT 0x63 ? 8AB9DBF8
INT 0x63 ? 8AB9DBF8
INT 0x63 ? 8AB9DBF8
INT 0x73 ? 8A0AAF00
INT 0x73 ? 8A0AAF00
INT 0x73 ? 8A0AAF00
INT 0x73 ? 8A0AAF00
INT 0x82 ? 8AB9DBF8
INT 0x84 ? 8A0AAF00
INT 0x84 ? 8A0AAF00
INT 0x84 ? 8A0AAF00
INT 0x84 ? 8A0AAF00
INT 0x94 ? 8A0AAF00
INT 0x94 ? 8A0AAF00
INT 0x94 ? 8A0AAF00

---- Kernel code sections - GMER 1.0.15 ----

? spgt.sys Systém nemůže nalézt uvedený soubor. !
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B904E8AC 5 Bytes JMP 8A0AA4E0
.text am4mrrun.SYS B64C4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text am4mrrun.SYS B64C43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text am4mrrun.SYS B64C43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text am4mrrun.SYS B64C43C9 1 Byte [30]
.text am4mrrun.SYS B64C43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Systém nemůže nalézt uvedený soubor. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spgt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spgt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spgt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spgt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spgt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spgt.sys
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\am4mrrun.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB9C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs fslx.sys (FSL System Driver/Altiris, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP0092 \Device\00000050 spgt.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A1041F8
Device \Driver\usbuhci \Device\USBPDO-1 8A1041F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AB271F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AB271F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AB271F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AB271F8
Device \Driver\usbuhci \Device\USBPDO-2 8A1041F8
Device \Driver\usbehci \Device\USBPDO-3 8A0BA360
Device \Driver\usbuhci \Device\USBPDO-4 8A1041F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8A1041F8
Device \Driver\usbuhci \Device\USBPDO-6 8A1041F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB9E1F8
Device \Driver\usbehci \Device\USBPDO-7 8A0BA360
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E4662A4-821F-4FBD-BCAA-47642F6F4349} 89CD5500
Device \Driver\sptd \Device\2171083842 spgt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB9E1F8
Device \Driver\Cdrom \Device\CdRom0 8A00F500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AB9E1F8
Device \Driver\Cdrom \Device\CdRom1 8A00F500
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-28 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-20 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8AB9E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89CD5500
Device \Driver\USBSTOR \Device\00000085 89BFE500
Device \Driver\USBSTOR \Device\00000085 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetbiosSmb 89CD5500
Device \Driver\USBSTOR \Device\00000086 89BFE500
Device \Driver\USBSTOR \Device\00000086 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000087 89BFE500
Device \Driver\USBSTOR \Device\00000087 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000088 89BFE500
Device \Driver\USBSTOR \Device\00000088 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\00000089 89BFE500
Device \Driver\USBSTOR \Device\00000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A1041F8
Device \Driver\usbuhci \Device\USBFDO-1 8A1041F8
Device \Driver\usbuhci \Device\USBFDO-2 8A1041F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C3B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C3B1F8
Device \Driver\usbehci \Device\USBFDO-3 8A0BA360
Device \Driver\Ftdisk \Device\FtControl 8AB9E1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A1041F8
Device \Driver\usbuhci \Device\USBFDO-5 8A1041F8
Device \Driver\USBSTOR \Device\0000008a 89BFE500
Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-6 8A1041F8
Device \Driver\USBSTOR \Device\0000008b 89BFE500
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-7 8A0BA360
Device \Driver\USBSTOR \Device\0000008c 89BFE500
Device \Driver\USBSTOR \Device\0000008c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\am4mrrun \Device\Scsi\am4mrrun1 8A068500
Device \FileSystem\Cdfs \Cdfs 89BF9500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0xB1 0x1C 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 M:\Software\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1C 0xFC 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x6F 0xF0 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0xB1 0x1C 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 M:\Software\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1C 0xFC 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x6F 0xF0 0x6D ...

---- EOF - GMER 1.0.15 ----


Taky bych chtěl poprosit, aby se k tomu vyjádřil i někdo s více příspěvky (ne, že bych nebyl rád za každé rady)

// Pravidla fóra HJT nedovolují aby, jedno téma řešilo více rádců , bez jejich vzájemné dohody (SZ) jaro3
edit //vím, četl jsem pravidla, taktéž tam bylo o spolehlivých uživatelých, ale už vím, že pitimir má velmi dobré výsledky na jiném fóru, takže se mu omlouvám

[pitimir]

Ide ti o kvalitu ci kvantitu postov?

1) Stiahni ToolBar S&D. Zavri vsetky spustene prehliadace a spust program. Vyber jazyk - v pripade anglictiny stlac E -> Enter. Vyskoci na teba okno, po jeho odkliknuti sa dostanes do dalsieho menu. V nom stlac 2 -> Enter. Pockaj, kym sa neskonci scan a posli vytvoreny log.


2) Otestuj subor(y) na VIRUSTOTALe:

Kód: Vybrat vše

c:\windows\system32\chg.exe
c:\windows\system32\heciudlg.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.


P.S.: Viac mojich postov najdes na jednom nemenvanom fore, ktore si dostal do SS. Snad ti to bude stacit

[dawy]

samozřejmě, že o kvalitu postů

tady je log:


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Systém Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Procesor Intel Pentium III Xeon )
BIOS : Default System BIOS
USER : David ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:89 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:448 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:11 Go (Free:3 Go)
M:\ (Local Disk) - NTFS - Total:298 Go (Free:68 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( ne 16.08.2009|15:58 )
C:\WINDOWS\iun6002.exe

-----------\\ FIX

Deleted! - C:\WINDOWS\iun6002.exe
Deleted! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.seznam.cz/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://search.qip.ru"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Searching for other infections


No other infections found !


1 - "C:\ToolBar SD\TB_1.txt" - ne 16.08.2009|15:59 - Option : [2]

-----------\\ Scan completed at 15:59:54,40



a tady výsledek na virustotal:
soubor cg.exe v system32 jsem nemohl najít, i když jsem zobrazil skryté soubory a složky a systémové soubory a složky.

c:\windows\system32\heciudlg.exe:
http://www.virustotal.com/cs/analisis/d ... 1250431985

[pitimir]

Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.

[dawy]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2635
Windows 5.1.2600 Service Pack 3

16.8.2009 22:16:50
mbam-log-2009-08-16 (22-16-50).txt

Typ skenu: Úplný sken (C:\|D:\|M:\|)
Objektu skenováno: 351452
Uplynulý cas: 1 hour(s), 14 minute(s), 12 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
M:\hry\Fifa 09 - instalace\Keygen\rld-fi9k.exe (Malware.Packer) -> Quarantined and deleted successfully.

[pitimir]

Stiahni MWAV. Spust ho a riad sa instrukciami. Aktualizuj ho a nastav parametre.

Po scane skopiruj log zo spodneho okna.

[dawy]

nemohl jsem smazat java cache, protože mi to házelo stejnou chybu jako programy v úvodním postu, ze spodního okna sem vkládám jenom položky file a object, položky o zamknutých souborech a registry sem nevkládám

Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "XP Police Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "XP Police Antivirus Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "RegSort Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Spyware.ExpressKeylog Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.

File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.
File C:\Qoobox\Quarantine\C\WINDOWS\svchost.exe.vir infected by "Win32.Jeefo.B (DB)" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D3.tmp\System.Speech.dll infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken.

Po restartu proběhl ještě jeden scan, ale ten se automaticky vypnul, takže z něj nemám log, jediné, co vím, že tam bylo nalezeno cca 38 infikovaných souborů, většina nebo všechny exe, hlavně se jednalo o spustitelné soubory aplikací, které nemůžu spistit a jsou přejmenovány např: Autorun.exe.15971779, setup.exe.97225433, SudokuPortable.exe.17182753 a zde výsledek na virustotal jednoho z těchto souborů
http://www.virustotal.com/cs/analisis/4 ... 1250521466

[pitimir]

Po restartu proběhl ještě jeden scan, ale ten se automaticky vypnul, takže z něj nemám log, jediné, co vím, že tam bylo nalezeno cca 38 infikovaných souborů, většina nebo všechny exe, hlavně se jednalo o spustitelné soubory aplikací, které nemůžu spistit a jsou přejmenovány např: Autorun.exe.15971779, setup.exe.97225433, SudokuPortable.exe.17182753 a zde výsledek na virustotal jednoho z těchto souborů
http://www.virustotal.com/cs/analisis/4 ... 1250521466

Toto mi este raz prosim ta vysvetli, nejaky som dnes vecer pripeceny :)

[dawy]

provedl jsem scan pomocí MWAV a pak jsem cca 1 hodinu dělal na PC, potom jsem PC vypnul. Když jsem znovu PC spustil, tak se spustil znovu program MWAV a prováděl scan všech souborů vázaných na spuštění (dělka testu cca 10minut), vyskočilo okno, že byla nalezena infekce a že si mám program koupit. Test pokračoval a všimnul jsem si pár infikovaných souborů, které MWAV našel, pak test skončil a MWAV se zavřel(žádný log, nic). Když jsem se kouknul na jeden ze souborů, který měl být infikován, měl novou koncovku. Jelikož se jednalo o spouštěcí soubor, tak si pamatuji, jaká byla koncovka předtím, příklad:
původní název souboru: SudokuPortable.exe
nový název souboru: SudokuPortable.exe.17182753

když jsem tento soubor dal na virustotal, tak jsem se nestačil divit:
http://www.virustotal.com/cs/analisis/4 ... 1250521466

[pitimir]

Aha, tak tomuto uz chapem :)

Stiahni CureIt. Spust, updatuj. Zvol kompletny scan. Posli screenshot toho, co program najde (vsetko LIEC, co nepojde, napis).