Prosim o kontrolu logu, dekuji

[pifosaurus]

Prikladam log


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Terminator
VirusTotal Uploader 2.0
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 18
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[motji]

Jestli máte zapnutý rezidentní štít u windows defender a spyware terminátora, jeden vypněte.


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[pifosaurus]

System Tray neukazuje, ze bych mel nejaky rezidentni stit zapnuty. Residentni stit (pokud to je ten, co kontroluje system v "real time" ) Spyware terminatora mam v jeho nastaveni vypnuty. O tom, ze mam Windows defender ani nevim Nicmene udelam tu vec s Combofix a o chvili sem dam log.

[motji]

Já jsem vycházela z toho, co mi napsal Security chceck. Počkám na log

[pifosaurus]

Ja teda nevim, proc mi v tom logu nejakym zpusobem figuruje Spy Bot S&D, kdyz jsem ho nedavno odinstalovaval...


ComboFix 10-02-26.01 - Tomeek 26.02.2010 21:48:50.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2573 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomeek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomeek\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-25 10:32 . 2010-02-25 10:32 -------- d-----w- c:\program files\totalcmd
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\UC.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\RAR.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\LHA.PIF
2010-02-25 10:32 . 2007-09-14 06:02 545 ----a-w- c:\windows\ARJ.PIF
2010-02-25 02:00 . 2010-02-25 02:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-02-24 17:59 . 2010-02-24 18:00 -------- d-----w- c:\program files\Batch Picture Resizer
2010-02-24 06:44 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-24 06:44 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-23 21:06 . 2010-02-23 21:06 -------- d-----w- c:\program files\VirusTotalUploader2
2010-02-23 16:23 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 16:22 . 2010-02-23 16:22 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-20 13:20 . 2010-02-26 15:16 -------- d-----w- c:\program files\trend micro
2010-02-20 13:20 . 2010-02-20 13:21 -------- d-----w- C:\rsit
2010-02-18 04:34 . 2010-02-18 04:34 -------- d-----w- c:\windows\Sun
2010-02-16 17:43 . 2010-02-16 17:45 -------- d-----w- C:\TRANSLAT
2010-02-14 18:28 . 2010-02-17 13:02 -------- d-----w- c:\program files\Ray Adams
2010-02-14 12:45 . 2010-02-14 12:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-14 00:02 . 2010-02-14 00:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 21:45 . 2010-02-02 11:24 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-13 21:45 . 2010-02-02 11:18 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-13 21:44 . 2010-02-15 16:07 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-13 16:28 . 2010-02-14 12:40 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-13 16:17 . 2010-02-13 16:17 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-13 16:12 . 2010-02-13 16:12 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-02-13 16:12 . 2010-02-13 16:12 44 ----a-w- c:\windows\system32\statistics.dat
2010-02-13 16:12 . 2010-02-13 16:12 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-02-13 16:12 . 2010-02-13 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-11 23:09 . 2010-02-11 23:09 -------- d-sh--w- c:\documents and settings\Tomeek\PrivacIE
2010-02-11 20:41 . 2010-02-11 20:42 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-02-11 19:41 . 2010-02-11 19:41 -------- d-----w- c:\windows\system32\xlive
2010-02-11 19:03 . 2010-02-11 19:03 -------- d-----w- c:\program files\Common Files\Java
2010-02-11 19:03 . 2010-02-11 19:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-11 19:03 . 2010-02-11 19:03 -------- d-----w- c:\program files\Java
2010-02-11 18:59 . 2010-02-25 10:58 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-02-11 00:24 . 2010-02-11 00:24 -------- d-----w- c:\program files\Crawler
2010-02-11 00:24 . 2010-02-11 00:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-11 00:24 . 2010-02-12 11:26 -------- d-----w- c:\program files\Spyware Terminator
2010-02-11 00:02 . 2010-02-24 05:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-09 08:10 . 2010-02-25 05:45 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-09 08:10 . 2010-02-09 08:10 -------- d-----w- c:\program files\Nero
2010-02-08 18:35 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-08 18:35 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-08 18:35 . 2010-02-08 18:35 -------- d-----w- c:\program files\Microsoft Works
2010-02-08 18:34 . 2010-02-08 18:34 -------- d-----w- c:\program files\Microsoft.NET
2010-02-08 18:33 . 2010-02-08 18:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-08 18:32 . 2010-02-08 18:32 -------- d-----r- C:\MSOCache
2010-02-08 18:13 . 2010-02-08 18:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-08 18:13 . 2010-02-08 18:33 -------- d-----w- c:\windows\ShellNew
2010-02-08 18:13 . 2010-02-08 18:13 -------- d-----w- c:\program files\Common Files\L&H
2010-02-04 13:21 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-04 12:18 . 2010-02-04 15:28 -------- d-----w- c:\program files\ICQ6.5
2010-02-03 21:30 . 2010-02-03 21:30 -------- d-----w- c:\program files\BSplayer
2010-02-03 21:30 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-03 21:22 . 2006-01-04 14:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-02-03 21:22 . 2008-08-05 19:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-02-03 21:22 . 2010-02-03 21:22 319488 ----a-w- c:\windows\HideWin.exe
2010-02-03 20:59 . 2010-02-03 20:59 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-03 20:59 . 2010-02-03 22:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-03 20:58 . 2010-02-03 20:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-03 20:58 . 2010-02-03 20:58 -------- d-sh--w- c:\documents and settings\Tomeek\IETldCache
2010-02-03 20:56 . 2010-02-03 20:56 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-03 20:46 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-03 20:45 . 2010-02-03 20:45 -------- d-----w- c:\windows\ie8updates
2010-02-03 20:45 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-03 20:45 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-03 20:45 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-03 20:45 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-03 20:45 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-03 20:45 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-03 20:45 . 2010-02-03 20:45 -------- dc-h--w- c:\windows\ie8
2010-02-03 20:26 . 2010-02-03 20:26 -------- d-----w- c:\program files\MSBuild
2010-02-03 20:26 . 2010-02-04 17:36 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-03 20:26 . 2010-02-03 20:26 -------- d-----w- c:\program files\Reference Assemblies
2010-02-03 20:25 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-03 20:25 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-02-03 20:16 . 2010-02-03 20:16 -------- d-s---w- c:\documents and settings\Tomeek\UserData
2010-02-03 20:13 . 2010-02-03 20:13 -------- d-----w- c:\program files\Gigabyte
2010-02-03 20:13 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-03 19:59 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-03 19:59 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-03 19:57 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-03 19:57 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-03 19:57 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-03 19:57 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-03 19:57 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-03 19:57 . 2009-12-09 10:11 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-03 19:57 . 2009-12-09 10:11 2068224 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-03 19:57 . 2009-12-09 10:11 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-03 19:56 . 2010-02-03 19:56 0 ----a-w- c:\windows\nsreg.dat
2010-02-03 19:56 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-03 19:56 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-03 19:56 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-03 19:56 . 2010-02-25 02:04 -------- d--h--w- c:\windows\$hf_mig$
2010-02-03 19:54 . 2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
2010-02-03 19:52 . 2009-06-10 06:16 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2010-02-03 19:50 . 2010-02-03 19:50 -------- d-----w- c:\windows\system32\Lang
2010-02-03 19:45 . 2010-02-03 19:45 -------- d-----w- C:\ATI
2010-02-03 19:44 . 2006-08-07 13:07 208896 ------w- c:\windows\system32\nvuide.exe
2010-02-03 19:43 . 2008-04-13 23:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-02-03 19:43 . 2008-04-13 23:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-02-03 19:43 . 2008-04-13 23:47 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2010-02-03 19:43 . 2008-04-13 23:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-02-03 19:43 . 2008-04-13 23:15 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-02-03 19:43 . 2008-04-13 23:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-02-03 19:41 . 2008-06-19 15:27 9715200 ----a-w- c:\windows\RTLCPL.EXE
2010-02-03 19:41 . 2008-10-13 17:26 4879360 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-03 19:41 . 2008-10-09 13:54 17021440 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-03 19:41 . 2008-09-30 15:38 2168320 ----a-w- c:\windows\MicCal.exe
2010-02-03 19:41 . 2010-02-03 21:22 -------- d-----w- c:\program files\Realtek
2010-02-03 19:41 . 2008-06-19 15:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-03 19:41 . 2010-02-14 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 19:41 . 2008-08-25 15:17 528384 ----a-w- c:\windows\RtlExUpd.dll
2010-02-03 19:40 . 2010-02-03 19:40 -------- d-----w- c:\program files\DIFX
2010-02-03 19:40 . 2010-02-24 05:52 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-03 19:40 . 2006-06-18 22:59 43008 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-02-03 19:40 . 2006-07-11 13:38 110592 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-02-03 19:40 . 2006-06-29 07:40 208896 ----a-w- c:\windows\system32\nvunrm.exe
2010-02-03 19:39 . 2006-08-29 15:27 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-03 19:39 . 2010-02-14 12:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-03 19:18 . 2008-04-14 07:51 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-02-03 19:17 . 2009-08-26 08:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 20:31 . 2010-02-13 20:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 23:54 . 2001-10-25 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2010-02-10 23:54 . 2001-10-25 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2010-02-03 22:59 . 2010-02-03 19:46 -------- d-----w- c:\program files\ATI
2010-02-03 21:13 . 2010-02-03 19:46 -------- d-----w- c:\program files\ATI Technologies
2010-02-03 19:46 . 2010-02-03 19:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-03 19:21 . 2010-02-03 18:14 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-02-03 19:21 . 2010-02-03 18:14 2740 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-02-03 19:00 . 2010-02-03 18:14 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-02-03 18:39 . 2010-02-03 18:39 -------- d-----w- c:\program files\ESET
2010-02-03 18:15 . 2010-02-03 18:15 -------- d-----w- c:\program files\microsoft frontpage
2010-02-03 18:12 . 2010-02-03 18:12 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-02 18:00 . 2010-02-13 20:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-31 16:50 . 2001-10-25 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2010-02-03 18:12 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2001-10-25 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 21:02 . 2010-02-03 18:59 4525056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-12-11 20:45 . 2010-02-03 19:46 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-11 20:44 . 2010-02-03 19:46 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-11 20:43 . 2010-02-03 19:46 3620864 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-11 20:41 . 2010-02-03 19:46 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-12-11 20:26 . 2010-02-03 19:46 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-11 20:25 . 2010-02-03 18:59 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2009-12-11 20:25 . 2010-02-03 19:46 13434880 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-11 20:23 . 2010-02-03 18:59 3521408 ----a-w- c:\windows\system32\ati3duag.dll
2009-12-11 20:09 . 2010-02-03 19:46 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-12-11 20:09 . 2010-02-03 19:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-11 20:09 . 2010-02-03 19:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-12-11 20:08 . 2010-02-03 19:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-12-11 20:08 . 2010-02-03 19:46 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-12-11 20:07 . 2010-02-03 18:59 2154752 ----a-w- c:\windows\system32\ativvaxx.dll
2009-12-11 20:07 . 2010-02-03 19:46 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-12-11 20:07 . 2010-02-03 19:46 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-12-11 20:07 . 2010-02-03 19:46 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-12-11 20:05 . 2010-02-03 19:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-12-11 20:01 . 2010-02-03 19:46 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-12-11 19:59 . 2010-02-03 19:46 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-12-11 19:58 . 2010-02-03 19:46 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-12-11 19:57 . 2010-02-03 19:46 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2009-12-11 19:52 . 2010-02-03 18:59 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-12-11 19:50 . 2010-02-03 19:46 64512 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-11 19:50 . 2010-02-03 19:46 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2009-12-11 19:49 . 2010-02-03 19:46 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-12-09 10:11 . 2001-10-25 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2001-10-24 11:46 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-10-25 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 14:23 . 2009-12-02 14:23 149040 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-11-30 22:43 . 2010-02-03 19:46 197982 ----a-w- c:\windows\system32\atiicdxx.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-20_23.35.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 19:20 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2010-02-03 19:20 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-02-23 16:22 . 2010-02-23 16:22 47104 c:\windows\Installer\23212.msi
- 2010-02-08 18:35 . 2010-02-08 18:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 20:17 . 2006-10-26 20:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-26 19:24 . 2006-10-26 19:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24 . 2006-10-26 19:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2001-10-25 12:00 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2001-10-25 12:00 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
- 2009-03-08 03:33 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 03:33 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-02-23 16:22 . 2010-02-23 16:22 272384 c:\windows\Installer\23208.msi
+ 2010-02-23 16:22 . 2010-02-23 16:22 254976 c:\windows\Installer\23201.msi
+ 2010-02-23 16:22 . 2010-02-23 16:22 301056 c:\windows\Installer\231fa.msi
+ 2010-02-08 18:35 . 2010-02-25 02:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-27 14:23 . 2006-10-27 14:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 19:09 . 2006-10-26 19:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09 . 2006-10-26 19:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2010-02-08 18:34 . 2010-02-08 18:34 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-26 19:32 . 2006-10-26 19:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2010-02-25 02:04 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-25 02:04 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-25 02:04 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-25 02:02 . 2010-02-25 02:02 250928 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2007-03-30 21:20 . 2007-03-30 21:20 5800960 c:\windows\Installer\196325f.msp
+ 2008-04-11 17:08 . 2008-04-11 17:08 6302720 c:\windows\Installer\19631ce.msp
+ 2008-04-11 17:48 . 2008-04-11 17:48 6774272 c:\windows\Installer\1963199.msp
+ 2009-02-25 18:08 . 2009-02-25 18:08 8311808 c:\windows\Installer\196317f.msp
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\1963168.msp
+ 2008-05-20 23:45 . 2008-05-20 23:45 5246976 c:\windows\Installer\1963150.msp
+ 2007-06-01 14:54 . 2007-06-01 14:54 9626624 c:\windows\Installer\196311b.msp
+ 2008-10-20 09:18 . 2008-10-20 09:18 6474240 c:\windows\Installer\1963103.msp
+ 2010-02-08 18:35 . 2010-02-25 02:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-08 18:35 . 2010-02-25 02:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-02-08 18:35 . 2010-02-08 18:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-27 14:11 . 2006-10-27 14:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 15:25 . 2006-09-15 15:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 14:03 . 2006-10-27 14:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 19:24 . 2006-10-26 19:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03 . 2006-10-27 14:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 14:18 . 2006-10-27 14:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2008-09-24 11:05 . 2008-09-24 11:05 16381440 c:\windows\Installer\1963247.msp
+ 2008-08-11 10:51 . 2008-08-11 10:51 15916544 c:\windows\Installer\196322f.msp
+ 2008-10-20 09:16 . 2008-10-20 09:16 13211648 c:\windows\Installer\1963217.msp
+ 2008-01-28 17:10 . 2008-01-28 17:10 14201344 c:\windows\Installer\19631fd.msp
+ 2008-08-11 10:49 . 2008-08-11 10:49 22457344 c:\windows\Installer\19631e6.msp
+ 2009-02-25 18:05 . 2009-02-25 18:05 11840000 c:\windows\Installer\19631b2.msp
+ 2009-02-25 18:07 . 2009-02-25 18:07 11646464 c:\windows\Installer\1963133.msp
+ 2006-10-26 20:13 . 2006-10-26 20:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 14:23 . 2006-10-27 14:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:07 . 2006-10-27 14:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-02-11 00:24 2166784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-02-11 00:24 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.UtilitiesSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"sp_rssrv"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"uTorrent"="c:\documents and settings\Tomeek\Dokumenty\Stažené soubory\utorrent-portable\utorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tomeek\\Dokumenty\\Stažené soubory\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.2.2010 1:24 142592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.2.2010 21:56 721904]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]

2010-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 17:02]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Tomeek\Data aplikací\Mozilla\Firefox\Profiles\ps53369k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 21:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-02-26 21:53:25
ComboFix-quarantined-files.txt 2010-02-26 20:53
ComboFix2.txt 2010-02-20 23:36

Před spuštěním: 9 640 673 280
Po spuštění: 9 700 966 400

- - End Of File - - D17949C069D3FC364BB1D2381D1F4D71

[motji]

Změnilo se něco, nebo jdem na další testy?

[pifosaurus]

Zrovna zkousim reinstalovat Terminatora a pri instalovani se pokusim vypnout rezidentni ochranu.
Zapomnel jsem jeste napsat, ze po restaru (s Combofix) pri nabehu plochy mi nabehlo okno, kde stalo...a ted si nejsem jisty... System byl obnoven po zavazne chybe Odesilat/ Neodesilat. Uz se mi to parkrat stalo. Ted mi vypadlo presne zneni...Priste si to zapamatuju, slibuji

Jinak se tusim nic nezmenilo

[motji]

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

-POkud by Vám Gmer restartoval počítač nebo se sekl, spustte ho v nouzovém režimu, nebo mi napište

[pifosaurus]

LOG 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-26 22:33:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT spnl.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spnl.sys ZwEnumerateValueKey [0xB9EC6032]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4C41F8
Device \FileSystem\Fastfat \Fat 8A074348

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



LOG 2


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 23:04:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT spnl.sys ZwCreateKey [0xB9EA70E0]
SSDT spnl.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spnl.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT spnl.sys ZwOpenKey [0xB9EA70C0]
SSDT spnl.sys ZwQueryKey [0xB9EC610A]
SSDT spnl.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT spnl.sys ZwSetValueKey [0xB9EC619C]

INT 0x62 ? 8A456BF8
INT 0x63 ? 8A4C5BF8
INT 0x73 ? 8A4C5BF8
INT 0xA4 ? 8A287F00

---- Kernel code sections - GMER 1.0.15 ----

? spnl.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B95D58AC 5 Bytes JMP 8A2874E0
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FB5000, 0x223937, 0xE8000020]
.text awpge2qf.SYS B8F68386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awpge2qf.SYS B8F683AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awpge2qf.SYS B8F683C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text awpge2qf.SYS B8F683C9 1 Byte [30]
.text awpge2qf.SYS B8F683C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spnl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spnl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spnl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spnl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spnl.sys
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\awpge2qf.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4C41F8
Device \FileSystem\Fastfat \FatCdrom 8A074348
Device \Driver\PCI_PNP1362 \Device\00000043 spnl.sys
Device \Driver\sptd \Device\3612510112 spnl.sys
Device \Driver\usbohci \Device\USBPDO-0 8A2BE1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4C61F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4C61F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4C61F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4C61F8
Device \Driver\usbehci \Device\USBPDO-1 8A2D81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{598DA575-BB7E-44E3-AADD-EBF7FC075E47} 8A22E500
Device \Driver\nvata \Device\00000063 8A4C51F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4571F8
Device \Driver\Cdrom \Device\CdRom0 8A2D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4571F8
Device \Driver\nvata \Device\00000065 8A4C51F8
Device \Driver\Cdrom \Device\CdRom1 8A2D41F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4571F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [B9DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A22E500
Device \Driver\NetBT \Device\NetbiosSmb 8A22E500
Device \Driver\usbohci \Device\USBFDO-0 8A2BE1F8
Device \Driver\usbehci \Device\USBFDO-1 8A2D81F8
Device \Driver\nvata \Device\NvAta0 8A4C51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1AA320
Device \Driver\nvata \Device\NvAta1 8A4C51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1AA320
Device \Driver\Ftdisk \Device\FtControl 8A4571F8
Device \Driver\awpge2qf \Device\Scsi\awpge2qf1 89FA3500
Device \Driver\awpge2qf \Device\Scsi\awpge2qf1Port4Path0Target0Lun0 89FA3500
Device \FileSystem\Fastfat \Fat 8A074348

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A047500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0x1D 0x89 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x46 0x78 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x89 0x4C 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0x1D 0x89 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x46 0x78 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x89 0x4C 0xD9 ...

---- EOF - GMER 1.0.15 ----

[motji]

Já Vás ještě trošku potrápím

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

[pifosaurus]

To jste me teda poradne potrapila
Takze: Daemon se mi nepodarilo odinstalovat (uprostred odinstalace se to vzdy seklo - i v nouzaku), tak jsem proste tu slozku proste odstranil pomoci delete.
Pouzil jsem uspesne spdt
S tim Gmer to bylo horsi
Zde jsou logy z normalne spusteneho systemu:

1)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-26 23:27:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


2) Nejsem si jist, jestli to dojelo do konce...dole prestaly behat soubory, ktere ten program projizdel a na tlacitko Stop se uz nedalo kliknout. System se zacal sekat, jen nekolik minut mi trvalo, nez jsem log ulozil - naprosto zpomalene PC. Pri zavreni mi to napsalo, ze stale skenuje...to uz byl uplny konec, nedalo se nic delat - nasledoval tvrdy restart.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 23:42:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB920C000, 0x223937, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)


Zde mate logy z nouzoveho rezimu:
1) log byl prazdny

2) V nouzovem rezimu to poprve dojelo v poradku, ale kdyz jsem chtel log ulozit, tak konec - zase se PC seklo a pomohl jen tvrdy restart. Vsiml jsem si, ze program vydetekoval vsechny soubory behem prvni minuty. Spustil jsem tedy program v nouzaku podruhe, ale po dvou minutach jsem skenovani ukoncil a log zdarne ulozil:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 00:39:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdipow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0x1D 0x89 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x46 0x78 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x89 0x4C 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0x1D 0x89 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0A 0x46 0x78 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x80 0x89 0x4C 0xD9 ...

---- EOF - GMER 1.0.15 ----



Zde zasilam MBR log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

[motji]

otestujte na www.virustotal.com
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys

Já Vás ale ještě potrápím , můžete v Gmeru zkusit záložku Devices?

Něco se mi v tom prvním Gmeru nelíbí, mohlo to být od daemona, ale taky ne, a já to ted potřebuju prověřit.

[pifosaurus]

Dobry den,
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys je cisty
C:\WINDOWS\system32\DRIVERS\atapi.sys je pozitivni: http://www.virustotal.com/cs/analisis/b ... 1267278749


Klidne potrapte? ale nejak tomu nerozumim: můžete v Gmeru zkusit záložku Devices?

asi jste mela namysli zrusit? Nebo otestovat jen Devices?

[motji]

Myslela jsem otestovat jen devices.
S počítačem to vypadá jak?

[pifosaurus]

Aha:-) S pocitacem to vypada porad stejne...dnes, kdyz jsem ho spoustel, najel poradne az tak napotreti. Ono to ze zacatku vypada v pohode, objevi se mi plocha, ikonky, nabekne antivirak, vsechny ikonky vpravo dole u hodin....dokonce se i da hybat s mysi A najednou se to proste sekne.

Nicmene prikladam prvni log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-27 15:22:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


A druhy log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 15:23:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tomeek\LOCALS~1\Temp\uxtdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----