Po odstranění virů jede počítač stále pomalu.

Zpráva

sashaZabluduu · #1 Příspěvek od **sashaZabluduu** » 24 úno 2010 19:06

Ahoj,

asi před týdnem jsem zjistil, že mám několik virů. I když pravidelně PC kontroluju a do t´doby nic, nejspíš mi tam všechny nalezly naráz.

Odstranil jsem (teda doufám) některé avirou a pak jsem projel kontrolou MBAM - hlavní problém (nenajel mi win, pouze černá obrazovka) jsem vyřešil. Ta obrazovka od té doby však nenajela ještě jednou či dvakrát, počítač tedy není v nejlepším pořádku.

Měl bych zmínit, že mi jede dost pomalu. Další věc, která se mi nelíbí, je, že se mi Mozilla firefox často trhá, v pravidelných intervalech - to mi však dělá už měsíc.

Prosím vás o radu, zde přikládám Hijackthis log.

Předem díky za reakce,

Tomáš Z.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:01, on 24.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\zeezo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Users\zeezo\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PTimer] "C:\Program Files\Sprinx Systems\Sprinx PTimer\PTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\xnpq.tmp\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\xnpq.tmp\svchost.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{471CF5F2-849C-40C9-A596-525E49E23672}: NameServer = 192.168.223.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{55DEB3BA-311B-413C-AEFA-AD69A31A6600}: NameServer = 192.168.225.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9783 bytes

#2 Příspěvek od **motji** » 24 úno 2010 19:13

Dobrý večer

Poprosím o log ze Rsitu, viz můj podpis
Nenašel by jste ještě log, co mbam našel? Měl by být uložen v záložce protokoly.

sashaZabluduu · #3 Příspěvek od **sashaZabluduu** » 24 úno 2010 19:37

Zde přikládám log z MBAMu, snad je to on..

Jinak, vše co mi našel MBAM jsem smazal (možná to nebyl dobrý krok, ale pomohlo to).

Hned se vrhnu na RSIT.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3754
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.17184

18.2.2010 14:47:58
mbam-log-2010-02-18 (14-47-58).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107772
Uplynulý čas: 6 minute(s), 44 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\system32\sshnas21.VIR (Trojan.Downloader) -> Quarantined and deleted successfully.

sashaZabluduu · #4 Příspěvek od **sashaZabluduu** » 24 úno 2010 19:42

RSIT log:

(Mám spuštěnou Mozzilu s prací, kterou bych nerad odkřížkoval, snad to nevadí.)

Logfile of random's system information tool 1.06 (written by random/random)
Run by zeezo at 2010-02-24 19:40:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 13 GB (11%) free of 119 GB
Total RAM: 3070 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:29, on 24.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\zeezo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\zeezo\Desktop\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Users\zeezo\Desktop\zeezo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PTimer] "C:\Program Files\Sprinx Systems\Sprinx PTimer\PTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\xnpq.tmp\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\xnpq.tmp\svchost.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{471CF5F2-849C-40C9-A596-525E49E23672}: NameServer = 192.168.223.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{55DEB3BA-311B-413C-AEFA-AD69A31A6600}: NameServer = 192.168.225.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9886 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-08-28 655360]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-18 7737344]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"IFXSPMGT"=C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-16 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
"eyeBeam SIP Client"= []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-12-12 289584]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"PTimer"=C:\Program Files\Sprinx Systems\Sprinx PTimer\PTimer.exe [2007-12-07 856936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\ASScrProlog.exe [2008-04-04 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\ASScrPro.exe [2008-04-04 33136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos]
C:\Windows\system32\sshnas21.dll,AttachConsoleA []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneDaemon]
C:\Users\zeezo\Desktop\iPhone_Pc_Suite_by_iSpazio\iPhone PC Suite\PhoneDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTimer]
C:\Program Files\SPRINX\PTimer\PTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROUA3O12PW]
C:\Users\zeezo\AppData\Local\Temp\Fhs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]
C:\Users\zeezo\AppData\Local\Temp\Fhh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-10 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE [2007-08-14 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pandion.lnk]
C:\PROGRA~1\Pandion\Pandion.exe [2006-01-11 993792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zeezo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2554964A.lnk]
C:\Users\zeezo\AppData\Local\Temp\arcotray.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f81342-a45f-11de-b67a-001fc6451571}]
shell\AutoRun\command - F:\setup.exe /autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f2ac639-f6bb-11de-b91f-0040f4b6e3fa}]
shell\AutoRun\command - G:\EmDesk.exe
shell\EmDesk\command - G:\EmDesk.exe

======List of files/folders created in the last 1 months======

2010-02-24 19:40:24 ----D---- C:\rsit
2010-02-21 17:01:22 ----D---- C:\Users\zeezo\AppData\Roaming\Opera
2010-02-21 16:53:35 ----D---- C:\Program Files\Opera
2010-02-18 14:13:30 ----D---- C:\Users\zeezo\AppData\Roaming\Malwarebytes
2010-02-18 14:13:23 ----D---- C:\ProgramData\Malwarebytes
2010-02-18 14:13:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 13:39:01 ----D---- C:\_OTM
2010-02-17 13:16:55 ----D---- C:\Windows\MSSecurityNS
2010-02-17 13:16:55 ----D---- C:\Windows\MSSecurityNi
2010-02-12 11:18:35 ----D---- C:\Users\zeezo\AppData\Roaming\Publish Providers
2010-02-12 11:10:38 ----D---- C:\ProgramData\Sony
2010-02-12 10:59:14 ----D---- C:\Users\zeezo\AppData\Roaming\Sony
2010-02-12 10:35:19 ----D---- C:\Program Files\Sony
2010-02-11 16:27:14 ----D---- C:\Program Files\Logitech Touch Mouse Server
2010-02-10 20:17:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 20:17:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 20:17:25 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 20:17:25 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 20:17:25 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 20:17:25 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 20:17:25 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 20:17:24 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 20:17:24 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 20:17:24 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 20:17:24 ----A---- C:\Windows\system32\avifil32.dll
2010-02-08 12:59:26 ----D---- C:\Program Files\Sprinx Systems
2010-01-25 20:06:20 ----A---- C:\Windows\eNK.ini

======List of files/folders modified in the last 1 months======

2010-02-24 19:40:30 ----D---- C:\Windows\Prefetch
2010-02-24 19:40:29 ----D---- C:\Windows\Temp
2010-02-24 18:57:52 ----D---- C:\Windows\winsxs
2010-02-24 18:57:11 ----D---- C:\Windows\system32\catroot2
2010-02-24 18:57:11 ----D---- C:\Windows\system32\catroot
2010-02-24 12:40:06 ----A---- C:\Windows\NeroDigital.ini
2010-02-24 12:25:00 ----D---- C:\Program Files\Mozilla Firefox
2010-02-24 12:24:39 ----D---- C:\Users\zeezo\AppData\Roaming\uTorrent
2010-02-24 12:20:28 ----D---- C:\Windows\system32\drivers
2010-02-24 07:50:34 ----D---- C:\Windows
2010-02-21 16:53:39 ----SHD---- C:\Windows\Installer
2010-02-21 16:53:35 ----RD---- C:\Program Files
2010-02-19 10:02:33 ----A---- C:\Windows\system32\acovcnt.exe
2010-02-18 14:49:21 ----D---- C:\Windows\Setup
2010-02-18 14:18:43 ----D---- C:\Windows\System32
2010-02-18 14:13:23 ----HD---- C:\ProgramData
2010-02-18 13:53:19 ----D---- C:\Windows\Debug
2010-02-18 13:48:42 ----D---- C:\Windows\pss
2010-02-18 13:39:04 ----D---- C:\Windows\Tasks
2010-02-18 13:33:40 ----D---- C:\Windows\system32\Tasks
2010-02-12 11:11:17 ----RSD---- C:\Windows\assembly
2010-02-12 03:24:24 ----D---- C:\Program Files\Windows Mail
2010-02-12 03:04:26 ----D---- C:\ProgramData\Microsoft Help
2010-02-07 12:47:21 ----D---- C:\Windows\inf
2010-02-07 12:47:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-30 23:24:59 ----D---- C:\Program Files\Google
2010-01-28 12:27:36 ----D---- C:\Program Files\Meric
2010-01-28 12:27:21 ----N---- C:\Windows\Setup1.exe
2010-01-28 12:27:20 ----A---- C:\Windows\ST6UNST.EXE
2010-01-28 12:22:33 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-01-23 39080]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-20 3478528]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-18 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-08-28 1019136]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-18 45624]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-18 45696]
S3 aafsawf0;aafsawf0; C:\Windows\system32\drivers\aafsawf0.sys []
S3 ao3havaa;ao3havaa; C:\Windows\system32\drivers\ao3havaa.sys []
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-18 40448]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\Windows\system32\drivers\AVerFx2hbtv.sys [2007-08-16 220672]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-18 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SIS162u;%sis162.Service.DispName%; C:\Windows\system32\DRIVERS\sis162u.sys [2004-05-28 154112]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\Windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-12-20 643072]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2007-02-26 677408]
R2 IFXTCS;Trusted Platform Core Service; C:\Windows\system32\ifxtcs.exe [2007-02-22 849440]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-02-22 140832]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-24 188416]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-26 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-18 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#5 Příspěvek od **motji** » 24 úno 2010 20:10

Měl jste tam rootkity. Ráda bych to ještě prověřila, jestli tam něco nezůstalo

. Takže combofix spustte až budete mít ukončenou svoji práci, uložené vše v Mozille a podobně, počítač se restartuje

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

sashaZabluduu · #6 Příspěvek od **sashaZabluduu** » 24 úno 2010 23:53

Dobrý večer,

pře dokončením comboFixu (trval celý přes půl hodiny!) mi vyskočila chyba s hlášením , nevím přesně co a druhá chyba s něčím jako 0x001822145..tak nějak) - tyhle dvě chyby byly jakoby mezi restartem (na chvíli zčernala obrazovka). Poté se mi objevila také chyba s virem, ten jsem se pokusil avirou smazat.

Zde je log:

ComboFix 10-02-24.01 - zeezo 24.02.2010 23:26:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2057 [GMT 1:00]
Spuštěný z: c:\users\zeezo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2516701040-127558009-1632579882-1001
c:\$recycle.bin\S-1-5-21-2516701040-127558009-1632579882-1002
c:\users\zeezo\Documents\cc_20100128_122401.reg
c:\windows\system32\twain_32.dll

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-24 do 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 22:36 . 2010-02-24 22:39 -------- d-----w- c:\users\zeezo\AppData\Local\temp
2010-02-24 22:36 . 2010-02-24 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-24 18:40 . 2010-02-24 18:40 -------- d-----w- C:\rsit
2010-02-21 16:01 . 2010-02-21 16:01 -------- d-----w- c:\users\zeezo\AppData\Local\Opera
2010-02-21 15:53 . 2010-02-21 15:53 -------- d-----w- c:\program files\Opera
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\users\zeezo\AppData\Roaming\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 12:39 . 2010-02-18 12:39 -------- d-----w- C:\_OTM
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNS
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNi
2010-02-15 18:01 . 2010-02-15 18:01 -------- d-----w- c:\users\zeezo\.jenny
2010-02-12 10:18 . 2010-02-12 10:18 -------- d-----w- c:\users\zeezo\AppData\Roaming\Publish Providers
2010-02-12 10:10 . 2010-02-12 10:10 -------- d-----w- c:\programdata\Sony
2010-02-12 09:59 . 2010-02-24 19:10 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\users\zeezo\AppData\Local\Sony
2010-02-12 09:35 . 2010-02-12 10:10 -------- d-----w- c:\program files\Sony
2010-02-11 15:27 . 2010-02-11 15:27 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-08 11:59 . 2010-02-08 11:59 -------- d-----w- c:\program files\Sprinx Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 22:42 . 2009-10-05 09:46 -------- d-----w- c:\users\zeezo\AppData\Roaming\uTorrent
2010-02-24 22:38 . 2008-04-04 09:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-24 22:37 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-24 22:25 . 2009-09-12 13:06 101592 ----a-w- c:\users\zeezo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 12:56 . 2010-02-18 12:56 2131336 ----a-w- c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-02-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 02:04 . 2008-04-04 06:18 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 11:47 . 2007-04-21 11:18 610786 ----a-w- c:\windows\system32\perfh005.dat
2010-02-07 11:47 . 2007-04-21 11:18 121156 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 22:24 . 2009-09-26 01:51 -------- d-----w- c:\program files\Google
2010-01-28 11:27 . 2009-09-13 16:02 -------- d-----w- c:\program files\Meric
2010-01-28 11:27 . 2009-09-13 16:02 249856 ------w- c:\windows\Setup1.exe
2010-01-28 11:27 . 2009-09-13 16:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:21 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 15:26 . 2010-01-18 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-01-14 10:12 . 2009-10-03 11:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 16:33 . 2009-12-05 11:47 -------- d-----w- c:\users\zeezo\AppData\Roaming\VSO
2010-01-09 10:47 . 2009-09-14 09:57 -------- d-----w- c:\program files\XTB-Trader
2010-01-06 22:06 . 2009-10-02 11:49 -------- d-----w- c:\program files\XMind
2010-01-06 15:51 . 2009-09-18 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\users\zeezo\AppData\Roaming\DAEMON Tools
2010-01-06 15:39 . 2010-02-24 12:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 12:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30 . 2010-02-24 12:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 23:24 . 2008-04-04 06:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 22:04 . 2010-01-04 22:04 -------- d-----w- c:\users\zeezo\AppData\Roaming\gtk-2.0
2009-12-30 10:08 . 2009-09-13 17:30 -------- d-----w- c:\users\zeezo\AppData\Roaming\ICQ
2009-12-28 18:51 . 2009-11-06 11:35 -------- d-----w- c:\program files\ICQ6.5
2009-12-11 11:43 . 2010-02-10 19:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:17 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:17 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-08 11:28 . 2009-09-12 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-10 19:17 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:17 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:17 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:17 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:17 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:17 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:17 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:17 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 12:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-13 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-12 289584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pandion.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
backup=c:\windows\pss\Pandion.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^zeezo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2554964A.lnk]
path=c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk
backup=c:\windows\pss\2554964A.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-04 09:03 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-04 09:04 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,8d,14,20,5b,40,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [4.4.2008 9:37 15416]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 18:38 108289]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.9.2009 10:18 188416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 2:51 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 4:45 904192]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [17.9.2009 10:19 220672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [12.9.2009 16:40 218112]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [18.9.2009 15:23 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000Core.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000UA.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {471CF5F2-849C-40C9-A596-525E49E23672} = 192.168.223.223
TCP: {55DEB3BA-311B-413C-AEFA-AD69A31A6600} = 192.168.225.225
FF - ProfilePath - c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\zeezo\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-eyeBeam SIP Client - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-LosAlamos - c:\windows\system32\sshnas21.dll
MSConfigStartUp-PhoneDaemon - c:\users\zeezo\Desktop\iPhone_Pc_Suite_by_iSpazio\iPhone PC Suite\PhoneDaemon.exe
MSConfigStartUp-PTimer - c:\program files\SPRINX\PTimer\PTimer.exe
MSConfigStartUp-ROUA3O12PW - c:\users\zeezo\AppData\Local\Temp\Fhs.exe
MSConfigStartUp-TOY5KNQ8OC - c:\users\zeezo\AppData\Local\Temp\Fhh.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\zeezo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2010-02-24 23:47:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-24 22:47

Před spuštěním: Volných bajtů: 13 322 424 320
Po spuštění: Volných bajtů: 13 247 721 472

- - End Of File - - AEAA9B10C36AAEA952F1D3EDE57F0333

#7 Příspěvek od **motji** » 25 úno 2010 00:00

Jaká chyba s virem?

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

sashaZabluduu · #8 Příspěvek od **sashaZabluduu** » 25 úno 2010 14:00

Ahoj,

STPD: nebylo možné ztmáčknout "Uninstall" - nejdřív jsem to tedy nainstaloval a poté odinstaloval.
GMER: kontrolu jsem udělal - podle návodu, nejrpve hned po startu programu jsem uložil log a další po kontrole, oba logy vkládám sem.
a konečně MBR: Ten jsem stáhl, ale jak mi píšete start, spustit...), nefunguje to, píše mi to chybu : "C:/zeezo/plocha/ odkazuje na umístění, které již není k dispozici. Umístění může být na pevném disku......atd..pokud stále nejde umístění najít, je možno, že bylo přesunuto jinam.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-25 11:33:38
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\zeezo\AppData\Local\Temp\fwlcypow.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859231F8
Device \FileSystem\fastfat \Fat 9D7D51F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

----------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 13:48:26
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\zeezo\AppData\Local\Temp\fwlcypow.sys

---- System - GMER 1.0.15 ----

SSDT 9F28445C ZwCreateThread
SSDT 9F284448 ZwOpenProcess
SSDT 9F28444D ZwOpenThread
SSDT 9F284457 ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E8CD0
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E80E8
INT 0x51 ? 84F91BF8
INT 0x52 ? 867B9F00
INT 0x72 ? 867B9F00
INT 0x72 ? 867B9F00
INT 0xA2 ? 84F91BF8
INT 0xB2 ? 84F91BF8
INT 0xB3 ? 867B9F00
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E83D8
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829D4AA4
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829D401C
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E81C0
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E8B40
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E86D4
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E9100
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829E936C

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 826C4984 4 Bytes [5C, 44, 28, 9F]
.text ntkrnlpa.exe!KeSetEvent + 3F1 826C4B54 4 Bytes [48, 44, 28, 9F]
.text ntkrnlpa.exe!KeSetEvent + 40D 826C4B70 4 Bytes [4D, 44, 28, 9F]
.text ntkrnlpa.exe!KeSetEvent + 621 826C4D84 4 Bytes [57, 44, 28, 9F]
? System32\Drivers\spic.sys Systém nemůže nalézt uvedenou cestu. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9040D000, 0x1E6984, 0xE8000020]
.text USBPORT.SYS!DllUnload 90B0741B 5 Bytes JMP 867B94E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!DialogBoxParamW 75D010B0 5 Bytes JMP 6E31C129 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!DialogBoxIndirectParamW 75D02EF5 5 Bytes JMP 6E4E8AAC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!DialogBoxParamA 75D18152 5 Bytes JMP 6E4E8A51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!DialogBoxIndirectParamA 75D1847D 5 Bytes JMP 6E4E8B07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!MessageBoxIndirectA 75D2D4D9 5 Bytes JMP 6E4E89ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!MessageBoxIndirectW 75D2D5D3 5 Bytes JMP 6E4E8989 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!MessageBoxExA 75D2D639 5 Bytes JMP 6E4E892F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4176] USER32.dll!MessageBoxExW 75D2D65D 5 Bytes JMP 6E4E88D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060B6D6] \SystemRoot\System32\Drivers\spic.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060B042] \SystemRoot\System32\Drivers\spic.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060B800] \SystemRoot\System32\Drivers\spic.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060B0C0] \SystemRoot\System32\Drivers\spic.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060B13E] \SystemRoot\System32\Drivers\spic.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [04E42030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[4176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [04E420B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[4176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [04E42000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[4176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [04E44C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859231F8
Device \FileSystem\fastfat \FatCdrom 9D7D51F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000041 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 859201F8
Device \Driver\usbohci \Device\USBPDO-0 8676A1F8
Device \Driver\usbohci \Device\USBPDO-1 8676A1F8
Device \Driver\usbohci \Device\USBPDO-2 8676A1F8
Device \Driver\usbohci \Device\USBPDO-3 8676A1F8
Device \Driver\usbohci \Device\USBPDO-4 8676A1F8
Device \Driver\usbehci \Device\USBPDO-5 867521F8
Device \Driver\netbt \Device\NetBT_Tcpip_{B6842C58-D90E-4562-A7C6-44CB115AA9EE} 87639500
Device \Driver\netbt \Device\NetBT_Tcpip_{BF829697-9230-409D-8E8A-2565A506C2E9} 87639500
Device \Driver\volmgr \Device\HarddiskVolume1 859201F8
Device \Driver\volmgr \Device\HarddiskVolume2 859201F8
Device \Driver\cdrom \Device\CdRom0 8676F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859201F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 859221F8
Device \Driver\atapi \Device\Ide\IdePort0 859221F8
Device \Driver\atapi \Device\Ide\IdePort1 859221F8
Device \Driver\atapi \Device\Ide\IdePort2 859221F8
Device \Driver\atapi \Device\Ide\IdePort3 859221F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87639500
Device \Driver\Smb \Device\NetbiosSmb 8762C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 867741F8
Device \Driver\usbohci \Device\USBFDO-0 8676A1F8
Device \Driver\usbohci \Device\USBFDO-1 8676A1F8
Device \Driver\usbohci \Device\USBFDO-2 8676A1F8
Device \Driver\usbohci \Device\USBFDO-3 8676A1F8
Device \Driver\usbohci \Device\USBFDO-4 8676A1F8
Device \Driver\usbehci \Device\USBFDO-5 867521F8
Device \FileSystem\fastfat \Fat 9D7D51F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

Device \FileSystem\cdfs \Cdfs A19461F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc62cfa7f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc62cfa7f
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fc62cfa7f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...

---- EOF - GMER 1.0.15 ----

#9 Příspěvek od **motji** » 25 úno 2010 14:03

Používáte nějaký emulátor mechanik, daemon nebo alcohol? Odinstaloval jste ho nejdřív?

Mbr.exe zkuste spustit s tímto příkazem, ale jen pokud máte odinstalované ty virtuálky

"%userprofile%\desktop\mbr" -t

sashaZabluduu · #10 Příspěvek od **sashaZabluduu** » 25 úno 2010 14:19

Daemon jsem odinstaloval, alcohol ani žádnou další podobnou virtuál. mechaniku nepoužívám.

Spuštění MBR už se povedlo, log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll >>UNKNOWN [0x859221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x859221f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

#11 Příspěvek od **motji** » 25 úno 2010 14:24

Právěže v Gmeru je vidět driver, který virtuální jednotky vytvářejí

spic.sys
Hákuje atapi.sys, a tím mi zkresluje výsledky, já si pak myslím, že atapi je nepadené. Opravdu nic takového nemáte?

sashaZabluduu · #12 Příspěvek od **sashaZabluduu** » 25 úno 2010 14:33

Znovu jsem to kontroloval a opravdu tu nic takového nemám. Po odinstalování Daeomna jsem nerestartoval PC, může to být tím? (Nechci to rovnou zkoušet - ten samý problém jako včera, že bych nerad zavřel mozzilu. Pokud to ale jinak nepůjde, restartuji.)

#13 Příspěvek od **motji** » 25 úno 2010 14:35

Musíte počítač restartovat, jinak se změna neprojeví

.
A pro jistotu, při skenu gmerem mějte pro jistotu vše co potřebujete uložené, protože občas se pc restartuje.

Takže až budete moci, počítač restartujte a poprosím znovu o sken z Mbr a Gmeru

sashaZabluduu · #14 Příspěvek od **sashaZabluduu** » 25 úno 2010 17:22

Posílám nový log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll ataport.SYS pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

Za chvíli pošlu log z GMER.

#15 Příspěvek od **motji** » 25 úno 2010 20:37

Tohle už vypadá líp

, ještě uvidíme, co gmer

VIRY.CZ

Po odstranění virů jede počítač stále pomalu.

Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.