přesně jak jsi psal pc nenaběhlo musel jsem jít přes restart zde je nový log
ComboFix 09-10-28.08 - rizo 29.10.2009 20:25.13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1603 [GMT 1:00]
Spuštěný z: c:\documents and settings\rizo\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\rizo\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091029-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\restor32a.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\restor32a.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.
2009-10-29 18:18 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-29 18:18 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-29 18:18 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-29 18:18 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-29 18:18 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-29 18:18 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-29 18:18 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-29 18:18 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-29 18:18 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-29 18:18 . 2009-10-29 18:18 -------- d-----w- c:\program files\Alwil Software
2009-10-29 16:52 . 2009-10-29 16:52 -------- d-----w- c:\program files\Lavalys
2009-10-23 20:37 . 2009-10-23 20:37 -------- d-----w- c:\windows\Performance
2009-10-17 17:29 . 2009-10-17 17:29 -------- d-----w- C:\DVDVideoSoft
2009-10-09 17:50 . 2009-10-09 17:54 -------- d-----w- c:\program files\ARAR
2009-10-08 19:47 . 2009-10-08 19:47 -------- d-----w- c:\program files\LS
2009-10-06 20:02 . 2009-10-24 20:44 -------- d-----w- c:\program files\Movie Joiner
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 19:21 . 2009-08-29 08:16 -------- d-----w- c:\program files\Spyware Terminator
2009-10-29 17:18 . 2008-12-11 18:08 -------- d-----w- c:\program files\Xilisoft
2009-10-29 17:16 . 2008-11-06 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 07:47 . 2009-06-14 18:47 -------- d-----w- c:\program files\Steam
2009-10-27 17:39 . 2009-02-19 19:46 8 ----a-w- c:\windows\system32\nvModes.dat
2009-10-25 23:45 . 2006-03-02 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 23:45 . 2006-03-02 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-09-28 17:21 . 2009-09-28 17:14 -------- d-----w- c:\program files\Allway Sync
2009-09-25 14:56 . 2009-09-25 12:32 -------- d-----w- c:\program files\Cobian Backup 9
2009-09-25 11:34 . 2009-09-25 11:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-21 16:32 . 2009-09-21 16:25 -------- d-----w- c:\program files\Common Files\Totem Shared
2009-09-21 16:29 . 2009-09-21 16:28 3 ----a-w- c:\windows\sbacknt.bin
2009-09-21 16:28 . 2009-09-21 16:28 152904 ----a-w- c:\windows\system32\vghd.scr
2009-09-19 20:49 . 2008-11-06 16:16 -------- d-----w- c:\program files\CyberLink
2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 15:01 . 2009-09-08 15:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-08 14:59 . 2009-09-08 14:59 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:16 . 2009-08-29 08:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-29 07:31 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:30 . 2008-12-16 19:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:30 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:24 . 2008-11-06 14:43 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-11-06 14:43 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-11-06 14:43 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-11-06 14:43 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-11-06 14:43 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-09-09 12:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2009-09-09 12:02 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 18:23 . 2008-11-06 14:43 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2006-06-15 19:33 . 2009-01-21 14:24 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2009-01-21 14:24 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2009-01-21 14:24 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2009-01-21 14:24 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2009-01-21 14:23 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2009-01-21 14:24 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2009-01-21 14:23 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2009-01-21 14:23 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2009-01-21 14:23 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2009-01-21 14:23 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\vghd.scr ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 152904
Created time: 2009-09-21 16:28
Modified time: 2009-09-21 16:28
MD5: A6006F67C6C98804A9A908723FFD368A
SHA1: E4A188131E93EDD2B77EF9D78463DF15076DE52D
((((((((((((((((((((((((((((( SnapShot@2009-10-29_19.07.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 19:32 . 2009-10-29 19:32 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
+ 2009-10-29 19:32 . 2009-10-29 19:32 16384 c:\windows\temp\Perflib_Perfdata_5c4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-23 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Uninstall0001"="c:\program files\Common Files\Totem Shared\Uninstall0001\upd.exe" [2009-09-21 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-23 16050688]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-7 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\risa0\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.10.2009 19:18 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.8.2009 9:16 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2009 19:18 20560]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [5.1.2009 14:48 16616]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [6.11.2008 16:01 35840]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [6.11.2008 17:08 1171456]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5.6.2009 14:42 79888]
S3 VBoxTAP;VirtualBox TAP Adapter;c:\windows\system32\drivers\VBoxTAP.sys [6.11.2008 17:32 47184]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [6.11.2008 17:32 31824]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.google.cz/uInternet Settings,ProxyOverride = *.local
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} -
hxxp://www.myheritage.cz/Genoogle/Compo ... eQuery.dllFF - ProfilePath - c:\documents and settings\rizo\Data aplikací\Mozilla\Firefox\Profiles\kfs9wbh6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.cz/FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-29 20:32
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spoq.sys hal.dll >>UNKNOWN [0x8A3C9938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netatapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9E22B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9E22B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9E22B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9E22B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9E22B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9E22B40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-117609710-527237240-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:c2,8d,00,bb,ab,5b,cd,33,9e,e9,0a,35,fa,ee,fb,82,d3,03,be,1d,ae,
99,07,ee,c5,54,12,27,56,54,38,13,01,4e,80,16,e2,ee,94,44,4b,59,6d,40,f9,8a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(1056)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2009-10-29 20:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-29 19:36
ComboFix2.txt 2009-10-29 19:10
Před spuštěním: Volných bajtů: 64 941 936 640
Po spuštění: Volných bajtů: 64 890 241 024
- - End Of File - - B7B79192B7FEAED55056C5BCF339E9D6
