Prosim o pomoc - vir na ext.disku

[Sachtikus]

Ahoj,
mel jsem zavirovany externi disk, prisel jsem na to, kdyz se na nem soubory -zahadne- presouvaly a slozky menily nazev a byly neviditelne. Myslel jsem, ze se soubory ztratily, ale pak se zase obejevily a zde se, ze je to spise virem, nez diskem.
Prosim o pomoc a kontrolu materskeho komplu, prevenci a jeslti jsem si tam neco napretahl.

Avira mi tam nasla tyto spyware a vir. Antivir se napoprve ani nedojel, ale sam se ukoncil, to jsem odmazal prvni tri nalezy, ale na-podruve uz test dojel a nasel vir.
TR/Smalltrojan.ELLI
BDS/Pcclient.580
TR/Agent.26703
Begin scan in 'G:\' <VAMPIRELORD>
G:\Zaloha2\Download\Topaz_Adjust_v2.6_virus_virus_www.DotNXT.com\Topaz Adjust v2.6\serial\Crack_ExTRA.zip
[NOTE] The file was deleted!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:41, on 25.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Zaloha\Programs\AdAware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Zaloha\Programs\Razer\razerhid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Zaloha\Programs\Razer\razertra.exe
D:\Zaloha\Programs\Razer\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
D:\Zaloha\Programs\QIP8080\qip.exe
D:\Zaloha\Programs\Opera\Opera.exe
D:\Zaloha\Programs&Hijack\HijackThis.exe
D:\Zaloha\Programs\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Diamondback] D:\Zaloha\Programs\Razer\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Zaloha\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Zaloha\Programs\AdAware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c994e9b4a2be28) (gupdate1c994e9b4a2be28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 7244 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Sachtikus]

Este taka myslim ze dolezi ta otazka? Nemohol by som ho teraz naformatovat? Potom uz budu tieto ukony zbytocne? Ci nie? Ci je lepsie toto porobit pre isottu a potom naformatovat?

[jaro3]

Jasně naformátuj , jestli tam nemáš nic důležitého , je to nejlepší způsob. Na to co jsem psal můžeš zapomenout..

[Sachtikus]

Ospravedlnujem sa ze si musel toho tolko pisat. Skusim ho naformatovat teda. Existuej sposob ako nejako zregenerovat disk? Taky cisty hnedp o naforamtovani myslim.

[jaro3]

Zregenerovat je co?

[Sachtikus]

Takze tu je log z Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1802
Windows 5.1.2600 Service Pack 2

25.2.2009 21:57:17
mbam-log-2009-02-25 (21-57-17).txt

Typ skenu: Rychlý sken
Objektu skenováno: 60741
Uplynulý cas: 3 minute(s), 45 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Vypni rez. ochranu u Aviry+ deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Sachtikus]

Log z Combofix

ComboFix 09-02-25.02 - s 2009-02-26 10:15:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.258 [GMT 1:00]
Running from: d:\zaloha\Download\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mpg4c32.dll
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\s\Data aplikací\SUPERAntiSpyware.com
2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-02-26 01:37 . 2009-02-26 01:37 <DIR> d-------- c:\documents and settings\s\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\documents and settings\a\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 21:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 20:12 . 2009-02-25 20:12 <DIR> d-------- c:\documents and settings\a\Data aplikací\DivX
2009-02-25 19:31 . 2009-02-25 19:31 <DIR> d-------- c:\program files\CCleaner
2009-02-25 15:30 . 2009-02-25 15:30 <DIR> d-------- c:\documents and settings\a\Data aplikací\GRETECH
2009-02-24 20:14 . 2009-02-24 20:14 <DIR> d-------- c:\documents and settings\s\WINDOWS
2009-02-24 17:56 . 2003-06-19 00:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-02-24 17:56 . 2009-02-24 17:56 382 --a------ c:\windows\ODBC.INI
2009-02-24 17:54 . 2009-02-24 17:54 <DIR> d-------- c:\program files\Microsoft Works
2009-02-24 17:53 . 2009-02-24 17:54 <DIR> d-------- c:\windows\SHELLNEW
2009-02-24 13:52 . 2009-02-24 13:53 <DIR> d-------- c:\documents and settings\s\Data aplikací\Mask Pro 4.0
2009-02-23 20:51 . 2004-08-17 15:49 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 20:51 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 20:51 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-23 11:36 . 2009-02-23 11:36 <DIR> d--hs---- c:\windows\ftpcache
2009-02-23 09:11 . 2009-02-25 11:26 <DIR> d-------- c:\documents and settings\s\Data aplikací\Nik Software
2009-02-23 08:48 . 2009-02-23 08:48 <DIR> d-------- c:\documents and settings\s\Data aplikací\DivX
2009-02-22 21:36 . 2009-02-22 21:36 <DIR> d-------- c:\documents and settings\s\Data aplikací\HDRsoft
2009-02-22 17:43 . 2009-02-26 09:50 19,155 --a------ c:\windows\system32\oodbs.lor
2009-02-22 14:43 . 2009-02-22 14:43 <DIR> d-------- c:\program files\Common Files\Canon
2009-02-22 14:07 . 2009-02-22 14:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 14:07 . 2009-02-22 14:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-22 14:06 . 2009-02-22 14:06 <DIR> d-------- c:\program files\Java
2009-02-22 13:53 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 13:48 . 2009-02-26 01:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-22 13:35 . 2009-02-25 12:29 <DIR> d-------- c:\documents and settings\s\Data aplikací\uTorrent
2009-02-22 13:31 . 2009-02-22 13:33 <DIR> d-------- c:\program files\Google
2009-02-22 13:25 . 2009-02-22 13:25 <DIR> d-------- c:\documents and settings\s\Data aplikací\GRETECH
2009-02-22 13:25 . 2009-02-22 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\GRETECH
2009-02-22 13:22 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-22 13:22 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-22 13:17 . 2009-02-22 13:17 <DIR> d-------- c:\documents and settings\a\Data aplikací\ATI
2009-02-22 13:14 . 2009-02-25 19:03 <DIR> d-------- c:\documents and settings\a\Plocha
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> d--h----- c:\documents and settings\a\Okolní tiskárny
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> d--h----- c:\documents and settings\a\Okolní síť
2009-02-22 13:14 . 2009-02-22 13:16 <DIR> dr------- c:\documents and settings\a\Oblíbené položky
2009-02-22 13:14 . 2003-12-30 17:55 <DIR> d--h----- c:\documents and settings\a\Šablony
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> dr------- c:\documents and settings\a\Nabídka Start
2009-02-22 13:14 . 2009-02-22 13:15 <DIR> dr------- c:\documents and settings\a\Dokumenty
2009-02-22 13:14 . 2009-02-25 21:34 <DIR> dr-h----- c:\documents and settings\a\Data aplikací
2009-02-22 13:14 . 2009-02-22 13:14 <DIR> d-------- c:\documents and settings\a
2009-02-22 12:29 . 2008-10-30 14:10 117,120 --a------ c:\windows\system32\drivers\Rtnicxp.sys
2009-02-22 12:29 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvusmb.exe
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvumctl.exe
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvuide.exe
2009-02-22 12:23 . 2004-06-18 02:30 1,217 --a------ c:\windows\system32\nvmctl.nvu
2009-02-22 12:23 . 2004-06-18 02:30 789 --a------ c:\windows\system32\nvsmb.nvu
2009-02-22 12:23 . 2004-03-21 02:30 464 --a------ c:\windows\system32\nvide.nvu
2009-02-22 12:22 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvugart.exe
2009-02-22 12:22 . 2004-04-27 15:22 2,124 --a------ c:\windows\system32\nvgart.nvu
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\Realtek AC97
2009-02-22 12:21 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2009-02-22 12:21 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2009-02-22 12:21 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-02-22 12:08 . 2009-02-22 12:08 60,416 --a------ c:\windows\ALCFDRTM.VER
2009-02-22 12:08 . 2009-02-22 12:08 60,416 --a------ c:\windows\ALCFDRTM.EXE
2009-02-22 12:07 . 2009-02-22 12:07 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-22 12:07 . 2004-07-16 14:19 70,400 --a------ c:\windows\system32\drivers\Rtlnicxp.sys
2009-02-22 11:38 . 2007-03-20 19:05 73,728 --a------ c:\windows\system32\Diamondback.cpl
2009-02-22 11:38 . 2005-04-24 22:43 13,225 --a------ c:\windows\system32\drivers\Razerlow.sys
2009-02-22 11:36 . 2009-02-22 11:36 <DIR> d-------- c:\program files\KYE
2009-02-22 11:36 . 2006-12-08 17:01 547,840 --a------ c:\windows\mHotkey.exe
2009-02-22 11:36 . 2003-07-03 14:21 294,912 --a------ c:\windows\PIC.dll
2009-02-22 11:36 . 2005-02-25 16:54 233,472 --a------ c:\windows\InstIt.exe
2009-02-22 11:36 . 2005-02-25 16:54 24,576 --a------ c:\windows\HKNTDLL.dll
2009-02-22 11:36 . 2005-02-25 16:54 5,280 --a------ c:\windows\hotbtnv.vxd
2009-02-22 11:36 . 2007-01-15 17:37 4,308 --a------ c:\windows\NT4_98.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,306 --a------ c:\windows\2K.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,290 --a------ c:\windows\Other.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,290 --a------ c:\windows\MeXP.reg
2009-02-22 11:36 . 2007-01-11 15:45 490 --a------ c:\windows\Instit.ini
2009-02-22 11:28 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\s\Data aplikací\Uniblue
2009-02-22 11:28 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DriverScanner
2009-02-22 11:25 . 2009-02-22 11:25 <DIR> d-------- c:\documents and settings\s\Data aplikací\ATI
2009-02-22 11:03 . 1996-07-29 12:11 733,296 --a------ c:\documents and settings\s\OPENGL32.DLL
2009-02-22 11:03 . 1996-07-29 12:09 139,712 --a------ c:\documents and settings\s\GLU32.DLL
2009-02-21 22:08 . 2005-04-13 16:54 331,184 --------- c:\windows\system32\difxapi.dll
2009-02-21 22:08 . 2006-10-09 12:58 203,648 --a------ c:\windows\system32\drivers\vinyl97.sys
2009-02-21 22:07 . 2009-02-21 22:07 <DIR> d-------- c:\windows\OPTIONS
2009-02-21 22:07 . 2009-02-21 22:07 <DIR> d-------- c:\documents and settings\s\Data aplikací\InstallShield
2009-02-21 22:01 . 2003-08-05 14:23 266,240 --a------ c:\windows\CMIUninstall.exe
2009-02-21 22:01 . 2002-10-18 15:56 28,672 --a------ c:\windows\CMIRmDriver.dll
2009-02-21 22:01 . 2009-02-21 22:01 92 --a------ c:\windows\CMISETUP.INI
2009-02-21 22:01 . 2009-02-21 22:01 26 --a------ c:\windows\CMCDPLAY.INI
2009-02-21 22:01 . 2009-02-22 12:13 16 --a------ c:\windows\Wininit.ini
2009-02-21 21:45 . 2009-02-21 21:45 <DIR> d-------- c:\documents and settings\s\Data aplikací\Thinstall
2009-02-21 20:57 . 2009-02-21 20:57 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-02-21 20:57 . 2009-02-21 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters
2009-02-21 20:41 . 2009-02-21 20:41 0 --a------ c:\windows\nsreg.dat
2009-02-21 20:34 . 2009-02-21 20:34 <DIR> d-------- c:\windows\MSSecurityNS
2009-02-21 20:34 . 2009-02-21 20:34 <DIR> d-------- c:\windows\MSSecurityNi
2009-02-21 20:29 . 2009-02-21 20:29 <DIR> d-------- c:\program files\Common Files\onOne Software Shared
2009-02-21 20:29 . 2008-11-26 12:12 227,840 --a------ c:\windows\system32\Deco_32.dll
2009-02-21 20:22 . 2009-02-21 20:30 <DIR> d-------- c:\documents and settings\s\Data aplikací\onOne Software
2009-02-21 20:22 . 2009-02-21 20:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-02-21 20:22 . 2009-02-13 12:03 57,344 --a------ c:\windows\system32\ASTSRV.EXE
2009-02-21 20:21 . 2009-02-24 13:49 <DIR> d-------- c:\program files\onOne Software
2009-02-21 20:21 . 2009-02-22 15:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\onOne Software
2009-02-21 20:01 . 2009-02-21 20:01 <DIR> d-------- c:\program files\Bonjour
2009-02-21 19:52 . 2009-02-21 19:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-21 19:24 . 2009-02-21 19:34 <DIR> d-------- c:\documents and settings\s\Data aplikací\Winamp
2009-02-21 19:23 . 2009-02-22 13:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-21 18:58 . 2009-02-21 18:58 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-02-21 18:58 . 2009-02-21 18:58 <DIR> d-------- c:\program files\AVSMedia
2009-02-21 18:52 . 2009-02-21 18:52 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-02-21 18:52 . 2009-02-21 18:52 737,280 --a------ c:\windows\iun6002.exe
2009-02-21 18:50 . 2007-07-09 14:11 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-21 18:46 . 2009-02-21 18:46 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools Pro
2009-02-21 18:46 . 2009-02-21 18:46 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools
2009-02-21 18:45 . 2009-02-21 18:45 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-21 18:45 . 2009-02-21 18:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-21 18:28 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2009-02-21 18:21 . 2009-02-21 19:28 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools Lite
2009-02-21 18:21 . 2008-09-04 17:46 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-21 18:21 . 2009-02-21 18:21 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-21 18:21 . 2008-04-11 19:51 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 10:21 --------- d-----w c:\program files\ATI Technologies
2009-02-21 21:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 19:35 2,004 ----a-w c:\windows\Registration\e10f24f0-652e-11dd-ad8b-0800200c9a66.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-16 00:13 6,536,704 ----a-w c:\windows\system32\tliadjust26.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="d:\zaloha\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"avgnt"="d:\zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Diamondback"="d:\zaloha\Programs\Razer\razerhid.exe" [2007-02-14 147456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 d:\zaloha\Programs\Adobe Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-11-03 11:45 2540800 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 16:24 86016 c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 d:\zaloha\Programs\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2006-12-08 17:01 547840 c:\windows\mHotkey.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Zaloha\\Programs\\QIP8080\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Zaloha\\Programs\\utorrent\\uTorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-02-21 22336]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2003-12-30 9600]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-02-21 45376]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;d:\zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-02-21 68865]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-02-22 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 gupdate1c994e9b4a2be28;Google Update Service (gupdate1c994e9b4a2be28);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:33]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AudioDeck - c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\zaloha\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\s\Data aplikací\Mozilla\Firefox\Profiles\wd53p3n1.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\zaloha\Programs\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: d:\zaloha\Programs\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\zaloha\Programs\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
d:\zaloha\Programs\Mozilla\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 10:20:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="01EC5B743EA368CAA421AF3EBA1227D19B87B4B34EF988D3D234224944FC28FCB21831BF9B6C2057A3EBC6A2F404D7D1E6BA6CE5D03AA1E6B5EF140B18103243B7FBB7D47A86D70949033D109C12921F8C252DE913287309D14C4155AB58C8DE4A8EB68311F6A1C489A57CE7B258A1FADE6D28507F9B197EF8F4BB0B78047E36D626469E06E3A72F9072C50D2A17E0EF671B60AC7B8E46D1AFFD6E91ED67FA7301FDD4FBF49A26363B6EA966ED3442C9DF1C2D19FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794BA7FD869164D6794078AF797D802A2F866CC4EA64B38EFEC793FEF441502114B6380057DFB30145B89AEC189D835BF020323355C699E8FDC563D703E76AB7964823EEEFCC57187A4DE335CAB620AC282C5EB226FADD76894900A4A5FC559F184E71A30F3390CF00D5ABC7C7E0BDB367ACCE3FBC30B28C842379A3B8EF2D7302CAFDFFA67E2F50A8645136BCB1FEAF8EBAFEB4102A9BAD51D4C099674A4D93BE1670417A2068B6087D9A1839C1C5C3D60F6898395651C855BC614C0FC3274712F141D5F32968CD40CCAF837C1353909611F6666AFCEBD25BB8E9C36DA27A403A12C66446ABE9C1F10B9CC094D4FEBB88019CCA5432675D2FC03298302C5C674C9193FC7605C41C61940F4121686C67A50C92F0C89657B84E575E3CBAC819E9FBFBBA902ED80E8AB2B69ECFEB8A97C51690BA37C7DB76E003E2D99445683D1AF9A674D1EB170DFFCD335558E93B8A714E6A9E0EBE0FC4F62D1633E3942A66A26F960F35B8DA6DBC39F98F297496D42EBE7E5C5E237C6831B72456507F3FDD8D87DE40E0CA750F257A1FA2B00C1AFAEDA90F5D180C7DE54EDF3F6C9A035CC6C6F4D23AD99E9CDA16670380CC4A7A030B08901A9F320C0EF712F8CCA0D140C5DE5913C89FC83B645F2A72144F6EA11EF15FBA697830F9A66140111E76560E6C68F7749FB47E5D1A3D2E4F8A8B83D0779831AF50888A9D0AD934A82C859AFBE258E3154859AC620E22F4B77AFC517BE3EC996F48B7047F920046F523729DA29DCDC75DD482E21500F85014A7767B3A4910B281CD63B85E2794DD86620AC006D32C67CD60BCEB2499628318F3EFE915E2C3F0C5943804309DCAAF39A15CDFE87516E052738D97DA3CE3D0A5C6881F3BEAA2F818CCDE625234E2E30BACD0BFD2A48C64FA9E0C3C7ADECBE3FB8FD76E1538DF94B0B17AD121638B88389A2766637089AA2AE35931CE80D79869FAAF927D8B914B09DE4A439FE6683653D92B5E3C9E884C7770D64C80BAE0F9A833E3CD1C1F5C280829EB2072C8C1A5300BE05692CA4F58C3B6365DE7D36F6BA45AC813636EF22076951CF33223EDCCCEF6D30AA60D93542A658D9B4"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-26 10:22:59
ComboFix-quarantined-files.txt 2009-02-26 09:22:54

Pre-Run: 1 317 105 664
Post-Run: 1,324,605,440

267 --- E O F --- 2009-02-25 09:05:49

[Sachtikus]

Ehm, ten prvy krat sa kerio nevypol takze este raz aj s vypnutym:

ComboFix 09-02-25.02 - s 2009-02-26 10:27:09.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.217 [GMT 1:00]
Running from: d:\zaloha\Download\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\s\Data aplikací\SUPERAntiSpyware.com
2009-02-26 01:47 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-02-26 01:37 . 2009-02-26 01:37 <DIR> d-------- c:\documents and settings\s\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-25 21:34 <DIR> d-------- c:\documents and settings\a\Data aplikací\Malwarebytes
2009-02-25 21:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 21:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 20:12 . 2009-02-25 20:12 <DIR> d-------- c:\documents and settings\a\Data aplikací\DivX
2009-02-25 19:31 . 2009-02-25 19:31 <DIR> d-------- c:\program files\CCleaner
2009-02-25 15:30 . 2009-02-25 15:30 <DIR> d-------- c:\documents and settings\a\Data aplikací\GRETECH
2009-02-24 20:14 . 2009-02-24 20:14 <DIR> d-------- c:\documents and settings\s\WINDOWS
2009-02-24 17:56 . 2003-06-19 00:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-02-24 17:56 . 2009-02-24 17:56 382 --a------ c:\windows\ODBC.INI
2009-02-24 17:54 . 2009-02-24 17:54 <DIR> d-------- c:\program files\Microsoft Works
2009-02-24 17:53 . 2009-02-24 17:54 <DIR> d-------- c:\windows\SHELLNEW
2009-02-24 13:52 . 2009-02-24 13:53 <DIR> d-------- c:\documents and settings\s\Data aplikací\Mask Pro 4.0
2009-02-23 20:51 . 2004-08-17 15:49 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-02-23 20:51 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-23 20:51 . 2001-10-24 12:25 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-02-23 11:36 . 2009-02-23 11:36 <DIR> d--hs---- c:\windows\ftpcache
2009-02-23 09:11 . 2009-02-25 11:26 <DIR> d-------- c:\documents and settings\s\Data aplikací\Nik Software
2009-02-23 08:48 . 2009-02-23 08:48 <DIR> d-------- c:\documents and settings\s\Data aplikací\DivX
2009-02-22 21:36 . 2009-02-22 21:36 <DIR> d-------- c:\documents and settings\s\Data aplikací\HDRsoft
2009-02-22 17:43 . 2009-02-26 09:50 19,155 --a------ c:\windows\system32\oodbs.lor
2009-02-22 14:43 . 2009-02-22 14:43 <DIR> d-------- c:\program files\Common Files\Canon
2009-02-22 14:07 . 2009-02-22 14:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 14:07 . 2009-02-22 14:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-22 14:06 . 2009-02-22 14:06 <DIR> d-------- c:\program files\Java
2009-02-22 13:53 . 2009-02-26 01:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-22 13:48 . 2009-02-26 01:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-22 13:35 . 2009-02-25 12:29 <DIR> d-------- c:\documents and settings\s\Data aplikací\uTorrent
2009-02-22 13:31 . 2009-02-22 13:33 <DIR> d-------- c:\program files\Google
2009-02-22 13:25 . 2009-02-22 13:25 <DIR> d-------- c:\documents and settings\s\Data aplikací\GRETECH
2009-02-22 13:25 . 2009-02-22 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\GRETECH
2009-02-22 13:22 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-22 13:22 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-22 13:17 . 2009-02-22 13:17 <DIR> d-------- c:\documents and settings\a\Data aplikací\ATI
2009-02-22 13:14 . 2009-02-25 19:03 <DIR> d-------- c:\documents and settings\a\Plocha
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> d--h----- c:\documents and settings\a\Okolní tiskárny
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> d--h----- c:\documents and settings\a\Okolní síť
2009-02-22 13:14 . 2009-02-22 13:16 <DIR> dr------- c:\documents and settings\a\Oblíbené položky
2009-02-22 13:14 . 2003-12-30 17:55 <DIR> d--h----- c:\documents and settings\a\Šablony
2009-02-22 13:14 . 2003-12-31 01:50 <DIR> dr------- c:\documents and settings\a\Nabídka Start
2009-02-22 13:14 . 2009-02-22 13:15 <DIR> dr------- c:\documents and settings\a\Dokumenty
2009-02-22 13:14 . 2009-02-25 21:34 <DIR> dr-h----- c:\documents and settings\a\Data aplikací
2009-02-22 13:14 . 2009-02-22 13:14 <DIR> d-------- c:\documents and settings\a
2009-02-22 12:29 . 2008-10-30 14:10 117,120 --a------ c:\windows\system32\drivers\Rtnicxp.sys
2009-02-22 12:29 . 2008-07-16 22:35 9,728 --a------ c:\windows\system32\RtNicProp32.dll
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvusmb.exe
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvumctl.exe
2009-02-22 12:23 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvuide.exe
2009-02-22 12:23 . 2004-06-18 02:30 1,217 --a------ c:\windows\system32\nvmctl.nvu
2009-02-22 12:23 . 2004-06-18 02:30 789 --a------ c:\windows\system32\nvsmb.nvu
2009-02-22 12:23 . 2004-03-21 02:30 464 --a------ c:\windows\system32\nvide.nvu
2009-02-22 12:22 . 2005-03-04 12:31 176,128 --a------ c:\windows\system32\nvugart.exe
2009-02-22 12:22 . 2004-04-27 15:22 2,124 --a------ c:\windows\system32\nvgart.nvu
2009-02-22 12:21 . 2009-02-22 12:21 <DIR> d-------- c:\program files\Realtek AC97
2009-02-22 12:21 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2009-02-22 12:21 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2009-02-22 12:21 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2009-02-22 12:08 . 2009-02-22 12:08 60,416 --a------ c:\windows\ALCFDRTM.VER
2009-02-22 12:08 . 2009-02-22 12:08 60,416 --a------ c:\windows\ALCFDRTM.EXE
2009-02-22 12:07 . 2009-02-22 12:07 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-22 12:07 . 2004-07-16 14:19 70,400 --a------ c:\windows\system32\drivers\Rtlnicxp.sys
2009-02-22 11:38 . 2007-03-20 19:05 73,728 --a------ c:\windows\system32\Diamondback.cpl
2009-02-22 11:38 . 2005-04-24 22:43 13,225 --a------ c:\windows\system32\drivers\Razerlow.sys
2009-02-22 11:36 . 2009-02-22 11:36 <DIR> d-------- c:\program files\KYE
2009-02-22 11:36 . 2006-12-08 17:01 547,840 --a------ c:\windows\mHotkey.exe
2009-02-22 11:36 . 2003-07-03 14:21 294,912 --a------ c:\windows\PIC.dll
2009-02-22 11:36 . 2005-02-25 16:54 233,472 --a------ c:\windows\InstIt.exe
2009-02-22 11:36 . 2005-02-25 16:54 24,576 --a------ c:\windows\HKNTDLL.dll
2009-02-22 11:36 . 2005-02-25 16:54 5,280 --a------ c:\windows\hotbtnv.vxd
2009-02-22 11:36 . 2007-01-15 17:37 4,308 --a------ c:\windows\NT4_98.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,306 --a------ c:\windows\2K.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,290 --a------ c:\windows\Other.reg
2009-02-22 11:36 . 2007-01-15 17:37 4,290 --a------ c:\windows\MeXP.reg
2009-02-22 11:36 . 2007-01-11 15:45 490 --a------ c:\windows\Instit.ini
2009-02-22 11:28 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\s\Data aplikací\Uniblue
2009-02-22 11:28 . 2009-02-22 13:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DriverScanner
2009-02-22 11:25 . 2009-02-22 11:25 <DIR> d-------- c:\documents and settings\s\Data aplikací\ATI
2009-02-22 11:03 . 1996-07-29 12:11 733,296 --a------ c:\documents and settings\s\OPENGL32.DLL
2009-02-22 11:03 . 1996-07-29 12:09 139,712 --a------ c:\documents and settings\s\GLU32.DLL
2009-02-21 22:08 . 2005-04-13 16:54 331,184 --------- c:\windows\system32\difxapi.dll
2009-02-21 22:08 . 2006-10-09 12:58 203,648 --a------ c:\windows\system32\drivers\vinyl97.sys
2009-02-21 22:07 . 2009-02-21 22:07 <DIR> d-------- c:\windows\OPTIONS
2009-02-21 22:07 . 2009-02-21 22:07 <DIR> d-------- c:\documents and settings\s\Data aplikací\InstallShield
2009-02-21 22:01 . 2003-08-05 14:23 266,240 --a------ c:\windows\CMIUninstall.exe
2009-02-21 22:01 . 2002-10-18 15:56 28,672 --a------ c:\windows\CMIRmDriver.dll
2009-02-21 22:01 . 2009-02-21 22:01 92 --a------ c:\windows\CMISETUP.INI
2009-02-21 22:01 . 2009-02-21 22:01 26 --a------ c:\windows\CMCDPLAY.INI
2009-02-21 22:01 . 2009-02-22 12:13 16 --a------ c:\windows\Wininit.ini
2009-02-21 21:45 . 2009-02-21 21:45 <DIR> d-------- c:\documents and settings\s\Data aplikací\Thinstall
2009-02-21 20:57 . 2009-02-21 20:57 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-02-21 20:57 . 2009-02-21 20:57 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\PC Drivers HeadQuarters
2009-02-21 20:41 . 2009-02-21 20:41 0 --a------ c:\windows\nsreg.dat
2009-02-21 20:34 . 2009-02-21 20:34 <DIR> d-------- c:\windows\MSSecurityNS
2009-02-21 20:34 . 2009-02-21 20:34 <DIR> d-------- c:\windows\MSSecurityNi
2009-02-21 20:29 . 2009-02-21 20:29 <DIR> d-------- c:\program files\Common Files\onOne Software Shared
2009-02-21 20:29 . 2008-11-26 12:12 227,840 --a------ c:\windows\system32\Deco_32.dll
2009-02-21 20:22 . 2009-02-21 20:30 <DIR> d-------- c:\documents and settings\s\Data aplikací\onOne Software
2009-02-21 20:22 . 2009-02-21 20:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\FLEXnet
2009-02-21 20:22 . 2009-02-13 12:03 57,344 --a------ c:\windows\system32\ASTSRV.EXE
2009-02-21 20:21 . 2009-02-24 13:49 <DIR> d-------- c:\program files\onOne Software
2009-02-21 20:21 . 2009-02-22 15:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\onOne Software
2009-02-21 20:01 . 2009-02-21 20:01 <DIR> d-------- c:\program files\Bonjour
2009-02-21 19:52 . 2009-02-21 19:52 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-21 19:24 . 2009-02-21 19:34 <DIR> d-------- c:\documents and settings\s\Data aplikací\Winamp
2009-02-21 19:23 . 2009-02-22 13:47 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-02-21 18:58 . 2009-02-21 18:58 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-02-21 18:58 . 2009-02-21 18:58 <DIR> d-------- c:\program files\AVSMedia
2009-02-21 18:52 . 2009-02-21 18:52 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-02-21 18:52 . 2009-02-21 18:52 737,280 --a------ c:\windows\iun6002.exe
2009-02-21 18:50 . 2007-07-09 14:11 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-21 18:46 . 2009-02-21 18:46 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools Pro
2009-02-21 18:46 . 2009-02-21 18:46 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools
2009-02-21 18:45 . 2009-02-21 18:45 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-21 18:45 . 2009-02-21 18:45 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-02-21 18:28 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2009-02-21 18:21 . 2009-02-21 19:28 <DIR> d-------- c:\documents and settings\s\Data aplikací\DAEMON Tools Lite
2009-02-21 18:21 . 2008-09-04 17:46 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-21 18:21 . 2009-02-21 18:21 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-21 18:21 . 2008-04-11 19:51 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 10:21 --------- d-----w c:\program files\ATI Technologies
2009-02-21 21:08 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-21 19:35 2,004 ----a-w c:\windows\Registration\e10f24f0-652e-11dd-ad8b-0800200c9a66.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-16 00:13 6,536,704 ----a-w c:\windows\system32\tliadjust26.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SpybotSD TeaTimer"="d:\zaloha\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"avgnt"="d:\zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Diamondback"="d:\zaloha\Programs\Razer\razerhid.exe" [2007-02-14 147456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 d:\zaloha\Programs\Adobe Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2008-11-03 11:45 2540800 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 16:24 86016 c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 d:\zaloha\Programs\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2006-12-08 17:01 547840 c:\windows\mHotkey.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Zaloha\\Programs\\QIP8080\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Zaloha\\Programs\\utorrent\\uTorrent.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-02-21 22336]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2003-12-30 9600]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-02-21 45376]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2006-07-18 91672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;d:\zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-02-21 68865]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-02-22 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S2 gupdate1c994e9b4a2be28;Google Update Service (gupdate1c994e9b4a2be28);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 13:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\zaloha\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\s\Data aplikací\Mozilla\Firefox\Profiles\wd53p3n1.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\zaloha\Programs\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: d:\zaloha\Programs\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\zaloha\Programs\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\zaloha\Programs\Opera\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
d:\zaloha\Programs\Mozilla\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 10:31:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="01EC5B743EA368CAA421AF3EBA1227D19B87B4B34EF988D3D234224944FC28FCB21831BF9B6C2057A3EBC6A2F404D7D1E6BA6CE5D03AA1E6B5EF140B18103243B7FBB7D47A86D70949033D109C12921F8C252DE913287309D14C4155AB58C8DE4A8EB68311F6A1C489A57CE7B258A1FADE6D28507F9B197EF8F4BB0B78047E36D626469E06E3A72F9072C50D2A17E0EF671B60AC7B8E46D1AFFD6E91ED67FA7301FDD4FBF49A26363B6EA966ED3442C9DF1C2D19FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794BA7FD869164D6794078AF797D802A2F866CC4EA64B38EFEC793FEF441502114B6380057DFB30145B89AEC189D835BF020323355C699E8FDC563D703E76AB7964823EEEFCC57187A4DE335CAB620AC282C5EB226FADD76894900A4A5FC559F184E71A30F3390CF00D5ABC7C7E0BDB367ACCE3FBC30B28C842379A3B8EF2D7302CAFDFFA67E2F50A8645136BCB1FEAF8EBAFEB4102A9BAD51D4C099674A4D93BE1670417A2068B6087D9A1839C1C5C3D60F6898395651C855BC614C0FC3274712F141D5F32968CD40CCAF837C1353909611F6666AFCEBD25BB8E9C36DA27A403A12C66446ABE9C1F10B9CC094D4FEBB88019CCA5432675D2FC03298302C5C674C9193FC7605C41C61940F4121686C67A50C92F0C89657B84E575E3CBAC819E9FBFBBA902ED80E8AB2B69ECFEB8A97C51690BA37C7DB76E003E2D99445683D1AF9A674D1EB170DFFCD335558E93B8A714E6A9E0EBE0FC4F62D1633E3942A66A26F960F35B8DA6DBC39F98F297496D42EBE7E5C5E237C6831B72456507F3FDD8D87DE40E0CA750F257A1FA2B00C1AFAEDA90F5D180C7DE54EDF3F6C9A035CC6C6F4D23AD99E9CDA16670380CC4A7A030B08901A9F320C0EF712F8CCA0D140C5DE5913C89FC83B645F2A72144F6EA11EF15FBA697830F9A66140111E76560E6C68F7749FB47E5D1A3D2E4F8A8B83D0779831AF50888A9D0AD934A82C859AFBE258E3154859AC620E22F4B77AFC517BE3EC996F48B7047F920046F523729DA29DCDC75DD482E21500F85014A7767B3A4910B281CD63B85E2794DD86620AC006D32C67CD60BCEB2499628318F3EFE915E2C3F0C5943804309DCAAF39A15CDFE87516E052738D97DA3CE3D0A5C6881F3BEAA2F818CCDE625234E2E30BACD0BFD2A48C64FA9E0C3C7ADECBE3FB8FD76E1538DF94B0B17AD121638B88389A2766637089AA2AE35931CE80D79869FAAF927D8B914B09DE4A439FE6683653D92B5E3C9E884C7770D64C80BAE0F9A833E3CD1C1F5C280829EB2072C8C1A5300BE05692CA4F58C3B6365DE7D36F6BA45AC813636EF22076951CF33223EDCCCEF6D30AA60D93542A658D9B4"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-26 10:34:11
ComboFix-quarantined-files.txt 2009-02-26 09:34:06
ComboFix2.txt 2009-02-26 09:23:02

Pre-Run: 1 330 954 240
Post-Run: 1,320,943,616

259 --- E O F --- 2009-02-25 09:05:49

[jaro3]

Znáš tyto složky:
c:\documents and settings\s\WINDOWS
c:\windows\MSSecurityNS
c:\windows\MSSecurityNi
??
Pokud ne , tak se podíváme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\documents and settings\s\WINDOWS
c:\windows\MSSecurityNS
c:\windows\MSSecurityNi


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\HKNTDLL.dll
c:\windows\Wininit.ini
:\windows\system32\wininet.dll
Vlož sem pak odkazy výsledků.

[Sachtikus]

Ked som pretiahol subor txt nad combofix tak sa zacal nacitavat taky maly bar a potom sa uz nic nedialo. Na C-cku som ale nasiel txt vytvoreny v tom istom case bug.txt a 6mb zlozku s nazvom 32788R22FWJFW s kopou cfexe suborov, bat cmd... obsah bug.txt:

Killing 'Nircmd.com'

PUSHD "C:\32788R22FWJFW"

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT

VER 1>OsVer

"C:\WINDOWS\system32\Find.exe" "5.2." OsVer

---------- OSVER

IF 1 == 0 GOTO Not_NT

"C:\WINDOWS\system32\Find.exe" "5.1.2" OsVer

---------- OSVER
Microsoft Windows XP [Verze 5.1.2600]

IF 0 == 0 GOTO NT

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\s\Data aplikací
CFLDR=32788R22FWJFW
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDO
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\s
KMD=CF13719.exe
LOGONSERVER=\\EDO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\s\Plocha\ComboFix.exe" "C:\Documents and Settings\s\Plocha\CFScript.txt"
sfxname=C:\Documents and Settings\s\Plocha\ComboFix.exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\s\LOCALS~1\Temp
TMP=C:\DOCUME~1\s\LOCALS~1\Temp
USERDOMAIN=EDO
USERNAME=s
USERPROFILE=C:\Documents and Settings\s
windir=C:\WINDOWS

=============================================


IF NOT DEFINED sfxname GOTO END

IF EXIST C:\cfDebug.cmd DEL /A/F C:\cfDebug.cmd

CALL sfx.cmd

CALL AV.cmd

SET /a AVCount+=1

CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs

FINDSTR -C:"*On-access scanning enabled*" Resident.txt 1>AVChk && (
SED -r "s/AV: (.*) \*On-access .*/* \1/;" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD beep 3000 200
NIRCMD beep 3000 300
IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere with~nComboFix's running. This may lead to unpredictable results or possible~nmachine damage. Please disable these scanners before clicking 'OK'." "Warning !!" "" && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!" ""
)

DEL /Q AVChk?

SET AVCount=

IF EXIST OsVer00 CALL :Vista

IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort

IF EXIST "C:\DOCUME~1\s\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\DOCUME~1\s\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log"

(
SET "FileName=ComboFix"
SET "FilePath=C:\Documents and Settings\s\Plocha\"
)

SET FileName 1>FileName

GREP -isqx "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB

DIR /AD/B C:\* | FINDSTR -IVX ComboFix 1>DirName00

FINDSTR -LIXC:"ComboFix" DirName00 && CALL :NameChk

IF EXIST DirName0? DEL /Q DirName0?

IF EXIST Oldsfxname00 DEL Oldsfxname00

IF EXIST "\ComboFix" DIR /AD "\ComboFix" 1>N_\21240 && (
RD /S/Q "\ComboFix"
IF EXIST "\ComboFix" (
PV -kf *.cfexe
RD /S/Q "\ComboFix"
)
IF EXIST "\ComboFix" (
HANDLE "C:\ComboFix" 1>temp00
SED -R "/.* pid: (\d*) +(\S*):.*/I!d;s//@ECHO.y|Handle -c \2 -p \1/" temp00 1>temp00.bat
CALL temp00.bat
DEL temp00.bat temp00
RD /S/Q "\ComboFix"
)
)
Killing '*.cfexe'

IF EXIST "\ComboFix" RD /S/Q "\ComboFix"

IF EXIST "\ComboFix" GOTO :EOF

Novy log z hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:43, on 26.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Zaloha\Programs\AdAware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Zaloha\Programs\Razer\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
D:\Zaloha\Programs\Razer\razertra.exe
D:\Zaloha\Programs\Razer\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CF30058.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Zaloha\Programs\Opera\opera.exe
D:\Zaloha\Programs\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Diamondback] D:\Zaloha\Programs\Razer\razerhid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Zaloha\Programs\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Zaloha\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Zaloha\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Zaloha\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Zaloha\Programs\AdAware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Zaloha\Programs\Avira\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c994e9b4a2be28) (gupdate1c994e9b4a2be28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 7062 bytes


A linky z VirusTotal:

http://www.virustotal.com/cs/analisis/3 ... 52d7772a92

http://www.virustotal.com/cs/analisis/1 ... 2084292589

http://www.virustotal.com/cs/analisis/e ... a4f27836c4