VIRY.CZ

Zdravím,
už jsem tady dlouho nebyl, nebyla potřeba za což vděčím Vám, rádcům.
Nedávno jsem připojil kamarádův ext.disk a od té doby se můj komp chová podivně. Zapnu jej, vše funguje normálně a za 10 - 15 min zamrzne. Teplej restart nefunguje, čas od času se rozeběhne na krátkou chvilku (páč to zamrzne i při něm), takže restartuju na studeno tlačítkem na bedně. Zachroustá, nabíhaj widle a pak černá obrazovka a komp mlčí. Na tvrdo ho vypnu čudlem a po chvilce zase zapnu. Naběhnou widle, vyskočí uvítací obrazovka a vše je ok. Pak běží třeba dva dny v kuse bez záseku. Dnes se mi teda poprvý kousnul i po téhleté anabázi a trvalo to docela dlouho, než sem ho přesvědčil ke spolupráci. Jako AVG používám NOD32 a rezidentštít.
V hw by to být nemělo. V BIOSu funguje vše jak má. Na systémdisku je 6gb místa a to by pro XP sp3 mělo stačit, ne?
přihodil jsem log z RSIT i UPM, al musel jsem to zabalit, páč to má moc. Event. to můžu dát po částech

Myšák

Ještě poprosím o log z ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

a firewall taky vypnout? a co net, odpojit?

FW také vypnout, net můžete nechat připojený, konzolu pro zotavení neinstalujte.

ComboFix 11-05-15.04 - Owner 16.05.2011 18:39:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2559.1418 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
G:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-16 do 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 15:23 . 2011-05-16 15:23 -------- d-----w- c:\program files\trend micro
2011-05-16 15:23 . 2011-05-16 15:24 -------- d-----w- C:\rsit
2011-05-16 14:56 . 2011-05-16 14:58 -------- d-----w- c:\program files\Ultimate Process Manager
2011-05-16 10:22 . 2011-05-16 10:22 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-12 22:35 . 2011-05-12 22:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\4A Games
2011-05-06 15:01 . 2011-05-06 15:01 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Reallusion
2011-05-04 19:49 . 2011-05-04 19:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Activision
2011-05-04 12:43 . 2011-05-04 12:43 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Carambis
2011-05-04 11:11 . 2007-04-16 22:05 5632000 ----a-w- c:\windows\system32\RLVirtualCamera.ocx
2011-05-04 11:11 . 2007-03-19 14:00 31616 ----a-w- c:\windows\system32\drivers\RLVrtAuCbl.sys
2011-05-04 11:11 . 2011-05-04 11:11 -------- d-----w- c:\program files\Common Files\Reallusion
2011-05-04 11:11 . 2011-05-04 11:11 -------- d-----w- c:\program files\Reallusion
2011-05-04 11:09 . 2008-01-14 12:08 141312 ----a-w- c:\windows\system32\SP7302.ax
2011-05-04 11:09 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2011-05-04 11:09 . 2011-05-04 11:09 -------- d-----w- c:\program files\Common Files\iLook 310
2011-05-04 10:20 . 2011-05-16 15:57 -------- d-----w- c:\windows\Album
2011-05-04 10:19 . 2008-04-23 12:05 47616 ----a-w- c:\windows\system32\Remove.exe
2011-05-04 10:19 . 2011-05-04 12:48 -------- d-----w- c:\program files\Common Files\i-Look 110
2011-05-04 10:19 . 2011-05-04 11:09 -------- d-----w- c:\windows\PixArt
2011-04-28 14:36 . 2011-04-28 14:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\vsosdk
2011-04-19 18:28 . 2005-04-29 02:01 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-04-19 18:28 . 2005-04-29 02:00 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-04-19 18:28 . 2005-04-29 02:00 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-04-19 18:28 . 2005-04-29 02:00 270336 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-04-19 18:28 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-04-19 18:27 . 2011-04-19 18:27 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-04-19 18:27 . 2011-04-19 18:27 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-04-19 18:25 . 2011-04-19 18:25 65536 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.url_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 65536 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\readme.txt_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 45056 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.exe1_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 45056 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.exe_722A4F8307C64D5AB553265BF6508EC4_1.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 10:25 . 2009-10-23 17:44 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-16 10:22 . 2009-10-23 17:44 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-16 10:16 . 2009-10-23 17:44 138056 -c--a-w- c:\documents and settings\Owner\Data aplikací\PnkBstrK.sys
2011-05-16 10:16 . 2009-10-19 15:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-07 05:33 . 2008-10-31 15:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-10-22 13:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-10-22 13:36 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
------- Sigcheck -------
.
[-] 2008-10-22 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 10:28 97064 ----a-w- d:\program files\Nero 8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-12-12 132392]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Steam"="d:\program files\steam\steam.exe" [2010-11-22 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-24 16859136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2008-04-24 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2008-04-24 1970176]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NBKeyScan"="d:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"KBDriver"="d:\program files\Keyboard Driver\OEMDriver.exe" [2006-07-25 151552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
"NetSoftware"="d:\program files\NetSoftware\Starter.exe" [2011-01-04 156672]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"SecurDisc"="d:\program files\Nero 8\InCD\NBHGui.exe" [2008-08-08 2049320]
"InCD"="d:\program files\Nero 8\InCD\InCD.exe" [2008-08-08 1083176]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SetPointII.lnk - d:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]
VideoCam Suite 2.0.lnk - d:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-7-17 185688]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Games\\Codemasters\\DiRT\\DiRT.exe"=
"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\Nero 8\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Nero 8\\Nero ShowTime\\ShowTime.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\Ostatní\\fLEŠKA 512\\tycoon hra\\TTDLOADW.OVL"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Games\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\MPSMC__T.EXE"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"d:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"g:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"g:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"g:\\Program Files\\Graphisoft\\ArchiCAD 14\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Program Files\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"g:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"g:\\Program Files\\Deep Silver\\Rush For Berlin\\RushForBerlin.exe"=
"g:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"g:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"g:\\Program Files\\Battlefields online\\BFP4f.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13007:TCP"= 13007:TCP:BitComet 13007 TCP
"13007:UDP"= 13007:UDP:BitComet 13007 UDP
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2008 19:19 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 35168]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero 8\InCD\NBHRegInCDSrv.exe [8.8.2008 12:28 53032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.12.2010 22:09 101904]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [31.10.2008 17:33 38176]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [4.5.2011 13:11 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.11.2009 19:03 135664]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.11.2009 19:03 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 17:03]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 17:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{44589A14-0628-4CD2-87DF-89474DA21A8E} - d:\program files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\ipg7adql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: VýzkumNetMonitor: gemgecko@gemius.com - d:\program files\NetSoftware\gemgecko
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-1682526488-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-861567501-1682526488-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:79,62,29,0d,45,a1,91,c3,68,a8,db,65,98,d2,4a,8b,c3,e1,96,6e,ec,
38,2b,db,9d,05,d7,25,08,47,51,34,49,6f,35,d4,87,e7,8b,a5,bc,0a,b4,3e,df,a8,\
"rkeysecu"=hex:aa,81,d5,40,f8,58,50,13,f6,36,68,ed,3d,25,94,be
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-05-16 18:43:53
ComboFix-quarantined-files.txt 2011-05-16 16:43
.
Před spuštěním: 7 814 152 192
Po spuštění: Volných bajtů: 12 422 279 168
.
- - End Of File - - 514662BD3E7E09B298D1A69218D1DD36

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\winsys2.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tzn, aby se výsledný textový soubor na ploše jmenoval CFScript.txt?

jo a mam zase vypnout residenta a FW?

kukmil píše:Tzn, aby se výsledný textový soubor na ploše jmenoval CFScript.txt?

Ano.

kukmil píše:jo a mam zase vypnout residenta a FW?

Ano.

ComboFix 11-05-15.04 - Owner 16.05.2011 22:46:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2559.1439 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-16 do 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 15:23 . 2011-05-16 15:23 -------- d-----w- c:\program files\trend micro
2011-05-16 15:23 . 2011-05-16 15:24 -------- d-----w- C:\rsit
2011-05-16 14:56 . 2011-05-16 14:58 -------- d-----w- c:\program files\Ultimate Process Manager
2011-05-16 10:22 . 2011-05-16 10:22 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-12 22:35 . 2011-05-12 22:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\4A Games
2011-05-06 15:01 . 2011-05-06 15:01 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Reallusion
2011-05-04 19:49 . 2011-05-04 19:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Activision
2011-05-04 12:43 . 2011-05-04 12:43 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Carambis
2011-05-04 11:11 . 2007-04-16 22:05 5632000 ----a-w- c:\windows\system32\RLVirtualCamera.ocx
2011-05-04 11:11 . 2007-03-19 14:00 31616 ----a-w- c:\windows\system32\drivers\RLVrtAuCbl.sys
2011-05-04 11:11 . 2011-05-04 11:11 -------- d-----w- c:\program files\Common Files\Reallusion
2011-05-04 11:11 . 2011-05-04 11:11 -------- d-----w- c:\program files\Reallusion
2011-05-04 11:09 . 2008-01-14 12:08 141312 ----a-w- c:\windows\system32\SP7302.ax
2011-05-04 11:09 . 2006-10-12 09:57 14336 ----a-w- c:\windows\system32\P7302USD.dll
2011-05-04 11:09 . 2011-05-04 11:09 -------- d-----w- c:\program files\Common Files\iLook 310
2011-05-04 10:20 . 2011-05-16 15:57 -------- d-----w- c:\windows\Album
2011-05-04 10:19 . 2008-04-23 12:05 47616 ----a-w- c:\windows\system32\Remove.exe
2011-05-04 10:19 . 2011-05-04 12:48 -------- d-----w- c:\program files\Common Files\i-Look 110
2011-05-04 10:19 . 2011-05-04 11:09 -------- d-----w- c:\windows\PixArt
2011-04-28 14:36 . 2011-04-28 14:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\vsosdk
2011-04-19 18:28 . 2005-04-29 02:01 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-04-19 18:28 . 2005-04-29 02:00 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-04-19 18:28 . 2005-04-29 02:00 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-04-19 18:28 . 2005-04-29 02:00 270336 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-04-19 18:28 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-04-19 18:27 . 2011-04-19 18:27 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-04-19 18:27 . 2011-04-19 18:27 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-04-19 18:25 . 2011-04-19 18:25 65536 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.url_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 65536 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\readme.txt_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 45056 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.exe1_722A4F8307C64D5AB553265BF6508EC4.exe
2011-04-19 18:25 . 2011-04-19 18:25 45056 ----a-r- c:\documents and settings\Owner\Data aplikací\Microsoft\Installer\{722A4F83-07C6-4D5A-B553-265BF6508EC4}\RushForBerlin.exe_722A4F8307C64D5AB553265BF6508EC4_1.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 10:25 . 2009-10-23 17:44 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-16 10:22 . 2009-10-23 17:44 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-16 10:16 . 2009-10-23 17:44 138056 -c--a-w- c:\documents and settings\Owner\Data aplikací\PnkBstrK.sys
2011-05-16 10:16 . 2009-10-19 15:14 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-07 05:33 . 2008-10-31 15:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-03-01 13:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-10-22 13:37 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-03-01 13:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-10-22 13:36 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
------- Sigcheck -------
.
[-] 2008-10-22 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 10:28 97064 ----a-w- d:\program files\Nero 8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-12-12 132392]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Steam"="d:\program files\steam\steam.exe" [2010-11-22 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-24 16859136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2008-04-24 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2008-04-24 1970176]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NBKeyScan"="d:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"KBDriver"="d:\program files\Keyboard Driver\OEMDriver.exe" [2006-07-25 151552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 55824]
"NetSoftware"="d:\program files\NetSoftware\Starter.exe" [2011-01-04 156672]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"SecurDisc"="d:\program files\Nero 8\InCD\NBHGui.exe" [2008-08-08 2049320]
"InCD"="d:\program files\Nero 8\InCD\InCD.exe" [2008-08-08 1083176]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SetPointII.lnk - d:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]
VideoCam Suite 2.0.lnk - d:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-7-17 185688]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Games\\Codemasters\\DiRT\\DiRT.exe"=
"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"f:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"d:\\Program Files\\Nero 8\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Nero 8\\Nero ShowTime\\ShowTime.exe"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\Ostatní\\fLEŠKA 512\\tycoon hra\\TTDLOADW.OVL"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Games\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\MPSMC__T.EXE"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"d:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"g:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"g:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"g:\\Program Files\\Graphisoft\\ArchiCAD 14\\ArchiCAD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Program Files\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"g:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"g:\\Program Files\\Deep Silver\\Rush For Berlin\\RushForBerlin.exe"=
"g:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"g:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"g:\\Program Files\\Battlefields online\\BFP4f.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13007:TCP"= 13007:TCP:BitComet 13007 TCP
"13007:UDP"= 13007:UDP:BitComet 13007 UDP
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [18.5.2007 21:53 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [18.5.2007 21:52 55160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.11.2008 19:19 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 35168]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23.1.2008 10:19 501560]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16 472280]
R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero 8\InCD\NBHRegInCDSrv.exe [8.8.2008 12:28 53032]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.12.2010 22:09 101904]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [31.10.2008 17:33 38176]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [4.5.2011 13:11 31616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.11.2009 19:03 135664]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.11.2009 19:03 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 18:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 17:03]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 17:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{44589A14-0628-4CD2-87DF-89474DA21A8E} - d:\program files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\ipg7adql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: VýzkumNetMonitor: gemgecko@gemius.com - d:\program files\NetSoftware\gemgecko
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - d:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 22:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-1682526488-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-861567501-1682526488-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:79,62,29,0d,45,a1,91,c3,68,a8,db,65,98,d2,4a,8b,c3,e1,96,6e,ec,
38,2b,db,9d,05,d7,25,08,47,51,34,49,6f,35,d4,87,e7,8b,a5,bc,0a,b4,3e,df,a8,\
"rkeysecu"=hex:aa,81,d5,40,f8,58,50,13,f6,36,68,ed,3d,25,94,be
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5280)
d:\program files\Nero 8\InCD\NBHShx.dll
d:\program files\Nero 8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Nero 8\InCD\InCDsrv.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
d:\program files\NetSoftware\NetSoftware.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
d:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
d:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\System32\wudfhost.exe
.
**************************************************************************
.
Celkový čas: 2011-05-16 22:56:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-16 20:56
ComboFix2.txt 2011-05-16 16:43
.
Před spuštěním: Volných bajtů: 12 321 009 664
Po spuštění: Volných bajtů: 12 307 910 656
.
- - End Of File - - 08B91A0A7BD6A997DC08B77FE6B342C2
Nahr nˇ probŘhlo ŁspŘçnŘ

Vše smazáno, log již vypadá čistý. Nastala nějaká změna?

No ještě se to od té doby neseklo. Čím to bylo?

Kromě AdWare jste měl v PC pár trojáků.

No tak pokud jsou pryč, tak mockrát děkuju.
Nemáte ještě nějakou radu jak na to, když si připíchnu cizí ext disk a bojim se, že tam něco je? Dá se to projet taky tim ComboFixem, tak aby se to při tom nestáhlo do počítače?

Použijte spíše FlashDisinfector: http://www.myantispyware.com/2009/01/08 ... oval-tool/ , nebo některý skener. Nemáte zač!