Procesor

[sxewarrior]

Nazdar, tak zapol som PC a obvykle nacitava vsetko tak minutku a teraz to trvalo tak desat minut nez nacitalo vsetky programy, avast bol preruseny v cinnosti, niektore programy nesli ani spusit, napr. Ati grafarna ovladac, qip, takmer vsetky programy ohlasovali daku chybu pri spusteni, vytazenie procesora je 100 % vzdy ked sa pozrem na jeho chod. Cely pc bol primrznuty a oneskoreny o dost.

[sxewarrior]

Logfile of random's system information tool 1.06 (written by random/random)
Run by marek at 2009-12-22 19:27:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (7%) free of 78 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:01, on 22.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\marek\Desktop\Malware,cistenie,killer loger\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
O1 - Hosts: ˙ţ127.0.0.1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: siszyd32.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP8095\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979}: NameServer = 193.93.72.10,193.93.72.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

--
End of file - 8001 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Steam"=c:\program files\valve\steam\steam.exe [2009-10-24 1217808]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-13 323392]

C:\Documents and Settings\marek\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
siszyd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\deathmatch classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\ricochet\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hl.exe"="C:\Program Files\Non Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hlds.exe"="C:\Program Files\Non Steam\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Non Steam\hltv.exe"="C:\Program Files\Non Steam\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\xampp\apache\bin\apache.exe"="C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\QIP8080\qip.exe"="C:\Program Files\QIP8080\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP8082\qip.exe"="C:\Program Files\QIP8082\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\QIP8092\qip.exe"="C:\Program Files\QIP8092\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Disabled:Trillian"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP8095\qip.exe"="C:\Program Files\QIP8095\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Documents and Settings\marek\Desktop\sc_serv.exe"="C:\Documents and Settings\marek\Desktop\sc_serv.exe:*:Enabled:sc_serv"
"C:\Documents and Settings\marek\Desktop\RADIO\SHOUTcast\sc_serv.exe"="C:\Documents and Settings\marek\Desktop\RADIO\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
"C:\Program Files\QIP8095\QIP\qip.exe"="C:\Program Files\QIP8095\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd7,5\TOTALCMD.EXE"="C:\Program Files\totalcmd7,5\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6464e4e-dc20-11de-a8dd-00e04cc0d781}]
shell\AutoRun\command - I:\9g86.exe
shell\open\command - I:\9g86.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9cbb7cc-2c0b-11dd-a306-00e04cc0d781}]
shell\AutoRun\command - H:\AutoTransfer.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-12-22 12:36:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-22 01:03:20 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat
2009-12-10 22:41:26 ----D---- C:\Program Files\totalcmd7,5
2009-12-10 22:41:26 ----A---- C:\WINDOWS\d.ini

======List of files/folders modified in the last 1 months======

2009-12-22 19:27:54 ----D---- C:\Program Files\trend micro
2009-12-22 19:27:30 ----D---- C:\WINDOWS\Prefetch
2009-12-22 19:26:46 ----D---- C:\Documents and Settings\marek\Application Data\DNA
2009-12-22 19:23:45 ----D---- C:\WINDOWS\Temp
2009-12-22 19:23:19 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 18:57:13 ----D---- C:\WINDOWS
2009-12-22 18:56:39 ----D---- C:\Program Files\DNA
2009-12-22 18:31:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-22 18:15:22 ----D---- C:\Program Files\MyDefrag v4.2.5
2009-12-22 12:34:55 ----D---- C:\WINDOWS\Minidump
2009-12-22 01:03:56 ----D---- C:\WINDOWS\system32\drivers
2009-12-22 01:03:20 ----D---- C:\WINDOWS\system32
2009-12-17 18:03:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-17 18:00:36 ----A---- C:\WINDOWS\wincmd.ini
2009-12-17 17:53:05 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-11 11:33:39 ----D---- C:\Documents and Settings\marek\Application Data\Web Page Maker
2009-12-11 11:24:43 ----D---- C:\Program Files\Non Steam
2009-12-11 10:43:04 ----D---- C:\Program Files\Graffiti Studio 2.0
2009-12-10 22:41:26 ----RD---- C:\Program Files
2009-12-06 18:28:52 ----A---- C:\WINDOWS\win.ini
2009-11-26 19:00:22 ----SHD---- C:\WINDOWS\Installer
2009-11-26 19:00:16 ----SHD---- C:\Config.Msi
2009-11-26 18:59:59 ----D---- C:\Program Files\Vstplugins
2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-08 3968]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ayd1h1t5;ayd1h1t5; C:\WINDOWS\system32\drivers\ayd1h1t5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-06 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\Program Files\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 mysql;mysql; C:\Program Files\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 XAMPP;XAMPP Service; C:\Program Files\xampp\service.exe [2007-12-21 60928]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]

-----------------EOF-----------------

[motji]

Dobrý večer


Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

[sxewarrior]

ComboFix 09-11-09.01 - marek 23.12.2009 12:11.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1637 [GMT 1:00]
Running from: c:\documents and settings\marek\Desktop\Malware,cistenie,killer loger\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d.ini
c:\windows\system32\skinboxer43.dll

Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\aec.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-22 00:03 . 2009-12-22 00:03 734208 ----a-w- c:\windows\system32\drivers\pworun.sys
2009-12-22 00:03 . 2009-12-22 00:03 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-11 09:16 . 2009-12-11 09:16 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\GHISLER
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\totalcmd7,5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 11:27 . 2008-09-01 08:13 -------- d-----w- c:\program files\DNA
2009-12-23 11:27 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\DNA
2009-12-22 18:27 . 2009-11-10 14:40 -------- d-----w- c:\program files\trend micro
2009-12-22 17:15 . 2009-11-10 19:59 -------- d-----w- c:\program files\MyDefrag v4.2.5
2009-12-22 00:03 . 2009-12-22 00:03 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-22 00:03 . 2009-12-22 00:03 4 ----a-w- c:\documents and settings\marek\Application Data\avdrn.dat
2009-12-11 10:33 . 2009-11-09 16:35 -------- d-----w- c:\documents and settings\marek\Application Data\Web Page Maker
2009-12-11 10:24 . 2008-07-28 13:55 -------- d-----w- c:\program files\Non Steam
2009-12-11 10:23 . 2009-04-10 11:31 476 ----a-w- C:\win32.sys
2009-12-11 09:43 . 2008-10-03 13:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-11-26 17:59 . 2009-02-17 14:08 -------- d-----w- c:\program files\Vstplugins
2009-11-24 23:54 . 2008-05-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-05-17 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-05-17 11:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-17 11:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-17 11:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-05-17 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-05-17 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-05-17 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-05-17 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 08:59 . 2009-05-05 12:17 -------- d-----w- c:\program files\Elaborate Bytes
2009-11-15 23:43 . 2008-05-17 11:26 829168 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 10:18 . 2009-11-15 10:16 -------- d-----w- c:\program files\Common Files\Macromedia
2009-11-15 10:16 . 2009-11-15 10:16 -------- d-----w- c:\program files\Macromedia
2009-11-10 20:32 . 2009-11-10 20:32 117760 ----a-w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com
2009-11-10 20:27 . 2009-11-10 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 19:27 . 2009-11-10 19:27 -------- d-----w- c:\program files\CCleaner
2009-11-10 19:19 . 2009-11-03 21:19 -------- d-----w- c:\documents and settings\marek\Application Data\Desktopicon
2009-11-10 19:07 . 2009-11-10 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\marek\Application Data\Malwarebytes
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 16:15 . 2009-02-02 14:36 -------- d-----w- c:\documents and settings\marek\Application Data\U3
2009-11-10 15:18 . 2008-12-08 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\program files\Web Page Maker
2009-11-09 16:30 . 2009-11-09 16:28 -------- d-----w- c:\program files\wamp
2009-11-07 08:55 . 2009-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 21:56 . 2009-09-07 11:47 -------- d-----w- c:\program files\QIP8095
2009-11-03 21:20 . 2009-11-03 21:19 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-01 14:45 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\BitTorrent
2009-10-31 07:31 . 2009-11-10 19:59 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-28 08:58 . 2009-11-10 19:59 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-27 19:23 . 2009-06-29 10:39 -------- d-----w- c:\program files\Winamp
2009-10-26 16:25 . 2009-10-24 09:58 -------- d-----w- c:\program files\EA Sports
2009-10-25 08:07 . 2009-10-25 08:07 483 ----a-w- c:\windows\eReg.dat
2009-10-24 09:59 . 2009-10-24 09:59 293 ----a-w- c:\windows\EReg072.dat
2003-03-02 00:57 . 2003-03-02 00:57 21019 ----a-w- c:\program files\uninstallBFL
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-24 1217808]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\marek\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
siszyd32.exe [2004-8-4 31744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Non Steam\\hl.exe"=
"c:\\Program Files\\Non Steam\\hlds.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Non Steam\\hltv.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP8080\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\day of defeat\\hl.exe"=
"c:\\Program Files\\QIP8082\\qip.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP8092\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP8095\\qip.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\QIP8095\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd7,5\\TOTALCMD.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.5.2008 12:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 8:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 9:20 201848]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [14.6.2008 18:02 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.5.2008 12:48 20560]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 17:07 101488]
S2 XAMPP;XAMPP Service;c:\program files\xampp\service.exe [21.12.2007 3:01 60928]
S3 KXOUO;KXOUO;c:\docume~1\marek\LOCALS~1\Temp\KXOUO.exe --> c:\docume~1\marek\LOCALS~1\Temp\KXOUO.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6464e4e-dc20-11de-a8dd-00e04cc0d781}]
\Shell\AutoRun\command - I:\9g86.exe
\Shell\open\Command - I:\9g86.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9cbb7cc-2c0b-11dd-a306-00e04cc0d781}]
\Shell\AutoRun\command - H:\AutoTransfer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.qip.ru/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: musicmatch.com\online
TCP: {1C1879CD-9BA0-470B-BC87-E8AC105BE642} = 62.128.126.10,62.168.96.4
TCP: {E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979} = 193.93.72.10,193.93.72.1
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\m9fcc630.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
AddRemove-Totalcmd - c:\program files\totalcmd7



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 12:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\marek\Start Menu\Programs\Startup\siszyd32.exe 31744 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89BA61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89ba61f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2496)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-23 12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-23 11:31

Pre-Run: 5 745 233 920 bytes free
Post-Run: 5 726 224 384 voľných bajtov

- - End Of File - - 02CEB435668139297F8F34E34DF36690

[motji]

Combofix máte starý, má ukončenou platnost, musíte stahnout nový

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochuComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Driver::
KXOUO
pworun
Collect::
c:\windows\system32\drivers\pworun.sys
c:\windows\system32\fjhdyfhsn.bat
c:\docume~1\marek\LOCALS~1\Temp\KXOUO.exe
I:\9g86.exe
c:\documents and settings\marek\Start Menu\Programs\Startup\siszyd32.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6464e4e-dc20-11de-a8dd-00e04cc0d781}]
Extra::
DDS::
uStart Page = hxxp://start.qip.ru/
Firefox::
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\m9fcc630.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

používáte virtuální jednotky - daemon, alcohol?

doporučuji odinstalovat
c:\program files\DNA\btdna.exe


Dejte soubor otestovat na http://www.virustotal.com

C:\win32.sys

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

[sxewarrior]

T cleaner ukazuje trojana na tej stránke na stiahnutie ako ten program, avast mi ho nedovoli stiahnut , tak ako?

[motji]

vypněte na chvilku antivir nebo ho nestahujte, je to falešná detekce

[sxewarrior]

takze log z combofixu :

ComboFix 09-12-22.09 - marek 23.12.2009 20:14:43.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1534 [GMT 1:00]
Running from: c:\documents and settings\marek\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\marek\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

file zipped: c:\documents and settings\marek\Start Menu\Programs\Startup\siszyd32.exe
file zipped: c:\windows\system32\drivers\pworun.sys
file zipped: c:\windows\system32\fjhdyfhsn.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\marek\Application Data\avdrn.dat
c:\documents and settings\marek\Application Data\Desktopicon
c:\documents and settings\marek\My Documents\cc_20091110_203556.reg
c:\documents and settings\marek\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\drivers\pworun.sys
c:\windows\system32\fjhdyfhsn.bat

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KXOUO
-------\Service_KXOUO


((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-11 09:16 . 2009-12-11 09:16 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\GHISLER
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\totalcmd7,5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 19:24 . 2008-09-01 08:13 -------- d-----w- c:\program files\DNA
2009-12-23 19:24 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\DNA
2009-12-22 18:27 . 2009-11-10 14:40 -------- d-----w- c:\program files\trend micro
2009-12-22 17:15 . 2009-11-10 19:59 -------- d-----w- c:\program files\MyDefrag v4.2.5
2009-12-22 00:03 . 2009-12-22 00:03 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:33 . 2009-11-09 16:35 -------- d-----w- c:\documents and settings\marek\Application Data\Web Page Maker
2009-12-11 10:24 . 2008-07-28 13:55 -------- d-----w- c:\program files\Non Steam
2009-12-11 10:23 . 2009-04-10 11:31 476 ----a-w- C:\win32.sys
2009-12-11 09:43 . 2008-10-03 13:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-11-26 17:59 . 2009-02-17 14:08 -------- d-----w- c:\program files\Vstplugins
2009-11-24 23:54 . 2008-05-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-05-17 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-05-17 11:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-17 11:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-17 11:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-05-17 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-05-17 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-05-17 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-05-17 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 08:59 . 2009-05-05 12:17 -------- d-----w- c:\program files\Elaborate Bytes
2009-11-15 23:43 . 2008-05-17 11:26 829168 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 10:18 . 2009-11-15 10:16 -------- d-----w- c:\program files\Common Files\Macromedia
2009-11-15 10:16 . 2009-11-15 10:16 -------- d-----w- c:\program files\Macromedia
2009-11-10 20:32 . 2009-11-10 20:32 117760 ----a-w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com
2009-11-10 20:27 . 2009-11-10 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 19:27 . 2009-11-10 19:27 -------- d-----w- c:\program files\CCleaner
2009-11-10 19:07 . 2009-11-10 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\marek\Application Data\Malwarebytes
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 16:15 . 2009-02-02 14:36 -------- d-----w- c:\documents and settings\marek\Application Data\U3
2009-11-10 15:18 . 2008-12-08 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\program files\Web Page Maker
2009-11-09 16:30 . 2009-11-09 16:28 -------- d-----w- c:\program files\wamp
2009-11-07 08:55 . 2009-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 21:56 . 2009-09-07 11:47 -------- d-----w- c:\program files\QIP8095
2009-11-03 21:20 . 2009-11-03 21:19 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-01 14:45 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\BitTorrent
2009-10-31 07:31 . 2009-11-10 19:59 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-28 08:58 . 2009-11-10 19:59 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-27 19:23 . 2009-06-29 10:39 -------- d-----w- c:\program files\Winamp
2009-10-26 16:25 . 2009-10-24 09:58 -------- d-----w- c:\program files\EA Sports
2009-10-25 08:07 . 2009-10-25 08:07 483 ----a-w- c:\windows\eReg.dat
2009-10-24 09:59 . 2009-10-24 09:59 293 ----a-w- c:\windows\EReg072.dat
2003-03-02 00:57 . 2003-03-02 00:57 21019 ----a-w- c:\program files\uninstallBFL
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-24 1217808]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\marek\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Non Steam\\hl.exe"=
"c:\\Program Files\\Non Steam\\hlds.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Non Steam\\hltv.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP8080\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\day of defeat\\hl.exe"=
"c:\\Program Files\\QIP8082\\qip.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP8092\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP8095\\qip.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\QIP8095\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd7,5\\TOTALCMD.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.9.2008 15:09 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.5.2008 12:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 8:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 9:20 201848]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [14.6.2008 18:02 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.5.2008 12:48 20560]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 17:07 101488]
S2 XAMPP;XAMPP Service;c:\program files\xampp\service.exe [21.12.2007 3:01 60928]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: musicmatch.com\online
TCP: {1C1879CD-9BA0-470B-BC87-E8AC105BE642} = 62.128.126.10,62.168.96.4
TCP: {E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979} = 193.93.72.10,193.93.72.1
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\m9fcc630.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89BA61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> 0x89ba61f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3bbc3
PacketIndicateHandler -> NDIS.sys @ 0xf7b29a0b
SendHandler -> NDIS.sys @ 0xf7b3db31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3968)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\xampp\mysql\bin\mysqld-nt.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-23 20:31:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-23 19:31
ComboFix2.txt 2009-12-23 11:31

Pre-Run: 7 033 528 320 bytes free
Post-Run: 6 902 988 800 bytes free

- - End Of File - - 5F7E5B9A2CFF42E47A580E133522E6C0

[sxewarrior]

Mám pocit že Deamon je nainštalovaný ale nepoužívaný v PC.
- súbor DNA odinštalovaný ...
ešte otestovať súbor win32

http://www.virustotal.com/analisis/270f ... 1261597227

[motji]

Jak to vypadá s počítačem ted?

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[sxewarrior]

tak zatial sa mi zda že sa to zlepšilo s tým procesorom, že to ide plynulejšie
- odinstalovane deamon, prebehol test SPTD
- prave prebiehaju logy z Gmer, ale trva to trosku dlhsie ako 10 minút

[sxewarrior]

Gmer prvý log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-23 21:27:11
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\marek\LOCALS~1\Temp\uxtdypog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs LF30XP.sys

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat LF30XP.sys

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[sxewarrior]

mbr pri zadani kodu nič nerobi, vyhodi sa tabulka chyba a že sa asi nenachadza na ploche pritom tam je..

[motji]

Zkuste tento příkaz

"%userprofile%\desktop\mbr" -t

[motji]

Ještě se zeptám, tento soubor jste dával přímo na disk C Vy?
C:\win32.sys

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka zkopírujte

Kód: Vybrat vše

:filefind
win32.sys

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem