Virů jak nastláno...

[hoskinson]

Všechny programy spouštěné s Windows (Net meter,QIP,Meminfo,HDDHealth,ATI,...)jsou spouštěny soubory exe bez ikon (QIP - 6x .exe),když je vymažu a nahradím správnými .exe,po restartu jsou tam zas...Falešné soubory .exe byly vytvořeny včera a dnes.

[pitimir]

Pokial je mne zname, tak tuto haved by mal CF mazat automaticky. Zjavne je tu ale nejaky zadrhel. Axa nam nepodari zvladnut to nasimi silami, napisem autorovi CF.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
RenV::
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip         .exe
c:\program files\QIP\qip        .exe
c:\program files\QIP\qip       .exe
c:\program files\QIP\qip      .exe
c:\program files\QIP\qip     .exe
c:\program files\QIP\qip    .exe
c:\program files\QIP\qip   .exe
c:\program files\QIP\qip  .exe
c:\program files\QIP\qip .exe

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[pitimir]

Pokial je mne zname, tak tuto haved by mal CF mazat automaticky. Zjavne je tu ale nejaky zadrhel. Axa nam nepodari zvladnut to nasimi silami, napisem autorovi CF.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
RenV::
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip         .exe
c:\program files\QIP\qip        .exe
c:\program files\QIP\qip       .exe
c:\program files\QIP\qip      .exe
c:\program files\QIP\qip     .exe
c:\program files\QIP\qip    .exe
c:\program files\QIP\qip   .exe
c:\program files\QIP\qip  .exe
c:\program files\QIP\qip .exe

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[hoskinson]

ComboFix 10-01-02.04 - me 03.01.2010 20:21:45.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.439 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\me\LOCALS~1\Temp\sshnas.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\sshnas.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-03 19:28 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 19:26 . 2009-12-28 19:27 -------- d-----w- c:\program files\Registrar Registry Manager
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-07 13:46 . 2009-12-07 13:49 -------- d-----w- c:\program files\VB Colour Picker
2009-12-07 12:14 . 2010-01-02 11:20 -------- d-----w- c:\program files\trend micro
2009-12-06 12:13 . 2009-12-08 06:53 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-06 11:57 . 2010-01-03 17:10 -------- d-----w- c:\program files\AAALOGO2009.1
2009-12-06 08:02 . 2009-12-06 08:02 -------- d-sh--w- c:\documents and settings\me\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 19:29 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-03 19:29 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 19:29 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-01 21:14 . 2009-12-02 20:09 40960 ----a-w- c:\windows\vsnpstd3.exe
2010-01-01 19:40 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:08 . 2009-12-03 20:08 -------- d-----w- c:\program files\Alcohol Soft
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Nová složka
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-12-01 19:20 . 2009-11-30 19:07 -------- d-----w- c:\program files\WebSite X5 Smart
2009-11-30 20:40 . 2009-11-28 11:05 -------- d-----w- c:\program files\Cobian Backup 9
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:56 . 2009-11-28 14:50 -------- d-----w- c:\program files\ATI Technologies
2009-11-28 14:55 . 2009-11-28 14:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
.

Kód: Vybrat vše

<pre>
c:\program files\ASUS\ASUS Remote\remotecontrolappl  .exe
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip            .exe
c:\program files\QIP\qip           .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 19:28 . 2010-01-03 19:28 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2010-01-03 13:36 . 2010-01-03 13:36 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hddhealth"="c:\program files\HDD Health\hddhealth.exe" [2010-01-03 40960]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2010-01-03 40960]
"MemInfo"="c:\program files\MemInfo\meminfo.exe" [2010-01-03 40960]
"QIP2005"="c:\program files\qip\qip .exe" [2008-07-01 3256320]
"ASUSTeKRCAppl"="c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe" [2010-01-03 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-01-03 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 40960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [21.12.2009 21:58 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-03 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 20:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(300)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-03 20:32:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-03 19:32
ComboFix2.txt 2010-01-03 12:53

Před spuštěním: Volných bajtů: 236 403 515 392
Po spuštění: Volných bajtů: 236 328 968 192

- - End Of File - - A2D3551F645BE09AE62519AAC5DE730F

[pitimir]

Ciastocny uspech, ale cakal som lepsi vysledok...no nic, hodim nejaku konzultaciu s kolegovcami a potom ti dam vediet. Prinajhorsom napiseme sUBsovi (autorovi CF)

[pitimir]

Kolega Tempest poslal nejake info, cize:
Otestuj subor(y) na >>VIRUSTOTALe<<:

Kód: Vybrat vše

c:\program files\HDD Health\hddhealth.exe
c:\program files\NetMeter\NetMeter.exe
c:\program files\MemInfo\meminfo.exe
c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

[hoskinson]

http://www.virustotal.com/cs/analisis/0 ... 1262967453

http://www.virustotal.com/cs/analisis/7 ... 1262967734

http://www.virustotal.com/cs/analisis/2 ... 1262967879

http://www.virustotal.com/cs/analisis/d ... 1262968067

http://www.virustotal.com/cs/analisis/b ... 1262968361



Testoval jsem pravé ....exe s ikonou,ty ....exe,které zlobí ( bez ikony) se objevují a mizí

[pitimir]

Zjavne mam teda neaktualne info, poprosim ta o novy log z CF...

[hoskinson]

ComboFix 10-01-02.04 - me 08.01.2010 19:49:58.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.538 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\WEBELE~1\WEBGra~1.exe
c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-08 do 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 17:28 . 2010-01-08 18:53 -------- d-----w- c:\program files\WEB ELEMENTS
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-04 19:19 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 16:05 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-04 19:20 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-04 19:20 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 21:14 . 2009-12-02 20:09 40960 ----a-w- c:\windows\vsnpstd3.exe
2010-01-01 19:40 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:56 . 2009-11-28 14:50 -------- d-----w- c:\program files\ATI Technologies
2009-11-28 14:55 . 2009-11-28 14:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
.

Kód: Vybrat vše

<pre>
c:\program files\ASUS\ASUS Remote\remotecontrolappl  .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip                   .exe
c:\program files\QIP\qip                  .exe
c:\program files\QIP\qip                 .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-08 15:32 . 2010-01-08 15:32 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\qip\qip .exe" [2010-01-08 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-01-08 40960]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-01-08 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 40960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"ASUSTeKRCAppl"=c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
"QIP2005"=c:\program files\QIP\qip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"Adobe_Reader"=c:\program files\internet explorer\wmpscfgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 19:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1872)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-08 19:56:28
ComboFix-quarantined-files.txt 2010-01-08 18:56
ComboFix2.txt 2010-01-03 19:32
ComboFix3.txt 2010-01-03 12:53

Před spuštěním: Volných bajtů: 236 537 647 104
Po spuštění: Volných bajtů: 236 492 427 264

- - End Of File - - 52F5B0BF910C93B66B368200E9ADB94D

[pitimir]

Budes mat problem s preinstalovanim niektorych programov? Konkretne sa to tyka suborov od ATI - mas totizto patchnute niektore subory...

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
File::
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\internet explorer\wmpscfgs.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=-
"Adobe_Reader"=-

RenV::
c:\program files\ASUS\ASUS Remote\remotecontrolappl  .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip                   .exe
c:\program files\QIP\qip                  .exe
c:\program files\QIP\qip                 .exe

RegNull::
[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[hoskinson]

ComboFix 10-01-02.04 - me 09.01.2010 10:54:15.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.561 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\ATI Technologies\ATI.ACE\cli.exe"
"c:\program files\internet explorer\wmpscfgs.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-09 do 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 17:28 . 2010-01-08 18:53 -------- d-----w- c:\program files\WEB ELEMENTS
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-09 09:54 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?­
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?­

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 10:02 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-09 09:54 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-09 09:54 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 17:10 . 2009-12-06 11:57 -------- d-----w- c:\program files\AAALOGO2009.1
2010-01-01 21:14 . 2009-12-02 20:09 40960 ----a-w- c:\windows\vsnpstd3.exe
2010-01-01 19:40 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-08 06:53 . 2009-12-06 12:13 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-07 13:49 . 2009-12-07 13:46 -------- d-----w- c:\program files\VB Colour Picker
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:56 . 2009-11-28 14:50 -------- d-----w- c:\program files\ATI Technologies
2009-11-28 14:55 . 2009-11-28 14:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
.

Kód: Vybrat vše

<pre>
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\QIP\qip                   .exe
c:\program files\QIP\qip                  .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-09 06:56 . 2010-01-09 06:56 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat
+ 2010-01-09 10:01 . 2010-01-09 10:01 16384 c:\windows\Temp\Perflib_Perfdata_608.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\qip\qip .exe" [2010-01-09 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-01-09 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\Load.exe [2005-9-22 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"ASUSTeKRCAppl"=c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
"QIP2005"=c:\program files\QIP\qip .exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
"Adobe_Reader"=c:\program files\internet explorer\wmpscfgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys [6.1.2010 16:46 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-08 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 11:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2320)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-09 11:05:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-09 10:05
ComboFix2.txt 2010-01-08 18:56
ComboFix3.txt 2010-01-03 19:32
ComboFix4.txt 2010-01-03 12:53

Před spuštěním: Volných bajtů: 236 563 988 480
Po spuštění: Volných bajtů: 236 537 085 952

- - End Of File - - A3367276BEF2C133450B302D83D1DA89

[hoskinson]

...od ATI mám CD...

[pitimir]

Dobre, potom to zrejme budes musiet preinstalovat...teraz ta ale poprosim o toto (trochu sme pokrocili ):

1) Otestuj subor(y) na >>VIRUSTOTALe<<:

Kód: Vybrat vše

c:\windows\vsnpstd3.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.


2) Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:

Kód: Vybrat vše

:filefind
qip*.exe

Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.

[hoskinson]

http://www.virustotal.com/cs/analisis/9 ... 1263041878




SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 14:00 on 09/01/2010 by me (Administrator - Elevation successful)

========== filefind ==========

Searching for "qip*.exe"
C:\Program Files\QIP\qip .exe --a--- 40960 bytes [10:02 09/01/2010] [10:02 09/01/2010] 721212E9DFCA7EFDA22CCEEDA36628EF
C:\Program Files\QIP\qip .exe --a--- 40960 bytes [10:02 09/01/2010] [12:35 09/01/2010] 721212E9DFCA7EFDA22CCEEDA36628EF
C:\Program Files\QIP\qip.exe --a--- 40960 bytes [15:58 07/01/2010] [15:34 08/01/2010] 721212E9DFCA7EFDA22CCEEDA36628EF

-=End Of File=-

[hoskinson]

ATI odinstalovat nebo až potom??