Prosím o kontrolu logu

[jimmy3]

Díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:26, on 26.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIA\RAID\vialogsv.exe
D:\Programy\QIP\qip.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 6727 bytes

[Reklama]

[pitimir]

Ahoj, ake mas problemy?

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

[jimmy3]

Počítač se mi poslední dobou nějak spomalil, pročistil jsem ho ccleanerem, defragmentoval disk ale pořád stejný

DDS (Ver_09-09-24.01) - NTFSx86
Run by Milan at 14:17:42,50 on so 26.09.2009
Internet Explorer: 7.0.5730.13
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1043 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Documents and Settings\Milan\Plocha\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
IE: Download Using &BitSpirit - c:\program files\bitspirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-28 603904]
R2 VRAID Log Service;VRAID Log Service;c:\program files\via\raid\vialogsv.exe [2009-8-21 52888]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]

=============== Created Last 30 ================

2009-09-21 16:09 <DIR> --d----- c:\windows\system32\xlive
2009-09-21 16:09 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-19 16:43 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-09-19 16:43 <DIR> --d----- c:\program files\Microsoft WSE
2009-09-19 16:16 <DIR> --dshr-- c:\windows\system32\Cerberus
2009-09-18 18:15 <DIR> --d----- c:\program files\common files\BitSpirit
2009-09-18 16:39 <DIR> --d----- C:\Downloads
2009-08-28 20:12 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-08-28 20:12 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-08-28 20:12 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-08-28 20:12 <DIR> --d----- c:\docume~1\milan\dataap~1\TuneUp Software
2009-08-28 20:12 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\TuneUp Software
2009-08-28 20:12 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-08-28 20:12 <DIR> --dsh--- c:\docume~1\alluse~1\dataap~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-27 15:54 327,168 a------- c:\windows\IsUninst.exe

==================== Find3M ====================

2009-09-25 13:58 428,750 a------- c:\windows\system32\perfh005.dat
2009-09-25 13:58 77,872 a------- c:\windows\system32\perfc005.dat
2009-08-27 13:01 189,104 a------- c:\windows\system32\PnkBstrB.exe
2009-08-27 12:53 139,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 11:27 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-08-26 15:24 22,328 a------- c:\docume~1\milan\dataap~1\PnkBstrK.sys
2009-08-26 15:24 682,280 a------- c:\windows\system32\pbsvc.exe
2009-08-22 10:36 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-21 19:59 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-21 19:31 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-21 19:07 21,812 a------- c:\windows\system32\emptyregdb.dat
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-05 11:01 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-29 06:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 06:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 21:04 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-02 19:25 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-07-02 19:24 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-07-02 19:07 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-07-02 19:06 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-07-02 19:05 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-07-02 19:05 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-07-02 19:05 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-07-02 19:05 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-07-02 19:04 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-07-02 19:02 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-07-02 18:56 3,014,272 a------- c:\windows\system32\ati3duag.dll
2009-07-02 18:54 11,698,176 a------- c:\windows\system32\atioglxx.dll
2009-07-02 18:44 2,139,904 a------- c:\windows\system32\ativvaxx.dll
2009-07-02 18:44 887,724 a------- c:\windows\system32\ativva6x.dat
2009-07-02 18:31 49,664 a------- c:\windows\system32\atimpc32.dll
2009-07-02 18:31 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-07-02 18:28 487,424 a------- c:\windows\system32\atikvmag.dll
2009-07-02 18:27 45,056 a------- c:\windows\system32\aticalrt.dll
2009-07-02 18:26 45,056 a------- c:\windows\system32\aticalcl.dll
2009-07-02 18:26 151,552 a------- c:\windows\system32\atiadlxx.dll
2009-07-02 18:26 17,408 a------- c:\windows\system32\atitvo32.dll
2009-07-02 18:25 3,248,128 a------- c:\windows\system32\aticaldd.dll
2009-07-02 18:24 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-07-02 18:20 651,264 a------- c:\windows\system32\ati2cqag.dll
2009-07-02 12:12 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-29 18:00 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 17:59 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 17:59 17,408 a------- c:\windows\system32\corpol.dll
2006-01-31 11:02 581,632 a--shr-- c:\windows\system32\cerberus\plugin.dat
2006-06-12 12:43 804,352 a--shr-- c:\windows\system32\cerberus\Winmlogon.exe

============= FINISH: 14:18:02,28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-24.01)

Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21.8.2009 19:12:23
System Uptime: 26.9.2009 7:37:13 (7 hours ago)

Motherboard: MSI | | MS-7043
Processor: Intel(R) Celeron(R) CPU 3.06GHz | Socket-1 | 3079/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 10,965 GiB free.
D: is FIXED (NTFS) - 446 GiB total, 44,61 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Zvukové zařízení na sběrnici High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&328FFEB8&0&0001
Manufacturer:
Name: Zvukové zařízení na sběrnici High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&328FFEB8&0&0001
Service:

==== System Restore Points ===================

RP30: 20.9.2009 19:53:29 - Kontrolní bod systému
RP31: 21.9.2009 16:09:48 - Nainstalováno rozhraní DirectX
RP32: 21.9.2009 16:10:16 - Nainstalováno RESIDENT EVIL 5.
RP33: 21.9.2009 16:44:09 - Installed Red Faction Guerrilla
RP34: 22.9.2009 17:06:48 - Kontrolní bod systému
RP35: 22.9.2009 18:01:37 - Removed NVIDIA PhysX
RP36: 23.9.2009 16:48:31 - Installed Driver: Parallel Lines
RP37: 23.9.2009 16:57:40 - Nainstalováno rozhraní DirectX
RP38: 1.3.1999 0:37:14 - Kontrolní bod systému
RP39: 24.9.2009 17:52:30 - Kontrolní bod systému
RP40: 24.9.2009 18:25:33 - Removed Opera 10.00.
RP41: 24.9.2009 18:25:42 - Installed Opera 10.00.
RP42: 25.9.2009 19:01:00 - Kontrolní bod systému
RP43: 25.9.2009 19:43:47 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3 - Czech
Advanced SystemCare 3
Agere Systems PCI Soft Modem
Aktualizace systému Windows XP (KB968389)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)
ATI Catalyst Control Center
ATI Display Driver
µTorrent CZ 1.8.4 (build 16150)
BitSpirit v3.5.0.256 Stable
Call of Duty(R) - World at War(TM)
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Colin McRae Rally 2005
Counter-Strike: Source
Driver: Parallel Lines
DVD Shrink 3.2
ESET NOD32 Antivirus
EVEREST Ultimate Edition v5.02
FlatOut2
GamePark
GTA San Andreas
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ICQ6.5
IrfanView (remove only)
Java(TM) 6 Update 15
K-Lite Codec Pack 5.0.5 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MSXML 4.0 SP2 (KB954430)
Need for Speed™ Most Wanted
Need for Speed™ SHIFT
Need for Speed™ Undercover
Nero 8
neroxml
Opera 10.00
Platform
PunkBuster Services
QIP 2005 8090
Red Faction Guerrilla
RESIDENT EVIL 5
SHOUTcast Source DSP 1.9.0 (remove only)
Skype™ 4.1
Softarová utilita ATI - Odinstalovat
The KMPlayer (remove only)
The Sims™ 3
Total Commander (Remove or Repair)
TuneUp Utilities 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCRedistSetup
VIA Platforma Ovladače zařízení
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
WinRAR

==== Event Viewer Messages From Past Week ========

22.9.2009 16:01:59, Informace: Windows File Protection [64005] - Chráněný systémový soubor uxtheme.dll nebyl obnoven na původní platnou verzi, protože obnovení souboru prováděné programem Ochrana souborů systému Windows bylo zrušeno uživatelem Milan. Verze nesprávného souboru je 6.0.2900.5512.

==== End Of File ===========================

[pitimir]

Stiahni ComboFix.

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
dRunOnce: [nltide_2]
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[jimmy3]

ComboFix 09-09-25.01 - Milan 26.09.2009 19:56.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1117 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Milan\LOCALS~1\Temp\server.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-26 do 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-21 14:09 . 2009-09-21 14:09 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-21 14:09 . 2009-09-21 14:09 -------- d-----w- c:\windows\system32\xlive
2009-09-19 14:43 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-09-19 14:43 . 2009-09-19 14:43 -------- d-----w- c:\program files\Microsoft WSE
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-sh--r- c:\windows\system32\Cerberus
2009-09-18 16:15 . 2009-09-18 16:15 -------- d-----w- c:\program files\Common Files\BitSpirit
2009-09-18 14:39 . 2009-09-18 14:39 -------- d-----w- C:\Downloads
2009-08-28 18:12 . 2009-08-28 18:12 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-28 18:12 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-28 18:12 . 2009-08-28 18:12 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-28 18:12 . 2009-08-28 18:12 -------- d-----w- c:\program files\TuneUp Utilities 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 11:58 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-09-25 11:58 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-09-24 16:25 . 2009-08-21 17:40 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-23 14:48 . 2009-08-21 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 16:15 . 2009-08-21 18:33 -------- d-----w- c:\program files\BitSpirit
2009-08-28 18:34 . 2009-08-21 17:38 -------- d-----w- c:\program files\ESET
2009-08-27 11:01 . 2009-08-21 19:39 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 10:53 . 2009-08-21 19:39 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 09:27 . 2009-08-21 19:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-26 13:24 . 2009-08-26 13:24 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-26 08:51 . 2009-08-26 08:51 -------- d-----w- c:\program files\MCS Studios
2009-08-25 14:21 . 2009-08-22 20:09 -------- d-----w- c:\program files\Winamp
2009-08-24 10:27 . 2009-08-24 10:25 -------- d-----w- c:\program files\ICQ6.5
2009-08-24 10:26 . 2009-08-24 10:26 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-24 08:52 . 2009-08-24 08:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-23 10:57 . 2009-08-21 18:30 -------- d-----w- c:\program files\totalcmd
2009-08-22 20:22 . 2009-08-22 20:22 -------- d-----w- c:\program files\IrfanView
2009-08-22 20:15 . 2009-08-21 17:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-22 16:28 . 2009-08-22 16:28 -------- d-----w- c:\program files\Common Files\Skype
2009-08-22 16:28 . 2009-08-22 16:28 -------- d-----r- c:\program files\Skype
2009-08-22 14:00 . 2009-08-22 14:00 -------- d-----w- c:\program files\MSXML 4.0
2009-08-22 09:40 . 2009-08-22 09:40 -------- d-----w- c:\program files\IObit
2009-08-22 09:14 . 2009-08-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro
2009-08-22 08:56 . 2009-08-22 08:56 -------- d-----w- c:\program files\Lavalys
2009-08-22 08:36 . 2009-08-22 08:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 08:36 . 2009-08-22 08:36 -------- d-----w- c:\program files\Java
2009-08-21 21:11 . 2009-08-21 21:11 -------- d-----w- c:\program files\MSBuild
2009-08-21 21:11 . 2009-08-21 21:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 19:24 . 2009-08-21 19:24 -------- d-----w- c:\program files\Zaparit
2009-08-21 19:23 . 2009-08-21 19:23 -------- d-----w- c:\program files\GamePark
2009-08-21 18:35 . 2009-08-21 18:34 -------- d-----w- c:\program files\uTorrent
2009-08-21 18:31 . 2009-08-21 18:31 -------- d-----w- c:\program files\CCleaner
2009-08-21 18:29 . 2009-08-21 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-21 18:28 . 2009-08-21 18:26 -------- d-----w- c:\program files\The KMPlayer
2009-08-21 18:25 . 2009-08-21 18:25 -------- d-----w- c:\program files\DVD Shrink
2009-08-21 18:13 . 2009-08-21 18:13 -------- d-----w- c:\program files\NeroInstall.bak
2009-08-21 18:12 . 2009-08-21 18:10 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 18:10 . 2009-08-21 18:10 -------- d-----w- c:\program files\Nero
2009-08-21 18:02 . 2009-08-21 18:02 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-21 18:02 . 2009-08-21 18:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-21 17:59 . 2009-08-21 17:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-21 17:29 . 2009-08-21 17:29 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-21 17:28 . 2009-08-21 17:28 -------- d-----w- c:\program files\ATI Technologies
2009-08-21 17:28 . 2009-08-21 17:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 17:21 . 2009-08-21 17:19 -------- d-----w- c:\program files\VIA
2009-08-21 17:10 . 2009-08-21 17:10 -------- d-----w- c:\program files\microsoft frontpage
2009-08-21 17:07 . 2009-08-21 17:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-21 17:07 . 2009-08-21 17:07 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-22 09:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-22 09:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 04:36 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-08-08 15:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-02 17:49 . 2009-07-02 17:49 4125696 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 17:25 . 2009-07-02 17:25 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-02 17:24 . 2009-07-02 17:24 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-02 17:07 . 2009-07-02 17:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-02 17:06 . 2009-07-02 17:06 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-02 17:05 . 2009-07-02 17:05 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-02 17:05 . 2009-07-02 17:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-02 17:04 . 2009-07-02 17:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-02 17:02 . 2009-07-02 17:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-02 16:56 . 2009-07-02 16:56 3014272 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-02 16:54 . 2009-07-02 16:54 11698176 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-02 16:44 . 2009-07-02 16:44 2139904 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-02 16:44 . 2009-07-02 16:44 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-02 16:44 . 2009-07-02 16:44 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-02 16:28 . 2009-07-02 16:28 487424 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-02 16:26 . 2009-07-02 16:26 151552 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-02 16:26 . 2009-07-02 16:26 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-02 16:25 . 2009-07-02 16:25 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-02 16:24 . 2009-07-02 16:24 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-02 16:20 . 2009-07-02 16:20 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-02 10:12 . 2009-08-21 17:28 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-06-29 16:00 . 2008-08-08 15:43 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2008-08-08 15:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2008-08-08 15:43 17408 ----a-w- c:\windows\system32\corpol.dll
2006-01-31 09:02 . 2006-01-31 09:02 581632 --sha-r- c:\windows\system32\Cerberus\plugin.dat
2006-06-12 10:43 . 2006-06-12 10:43 804352 --sha-r- c:\windows\system32\Cerberus\Winmlogon.exe
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaWmp.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"d:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"d:\\Hry\\Red Faction Guerrilla\\rfg.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [28.8.2009 20:12 603904]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [21.8.2009 19:19 52888]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0F343NNE-4I4A-880W-AJ62-8KRYY516L4RD}]
c:\windows\system32\Cerberus\Winmlogon.exe Restart
.
Obsah adresáře 'Naplánované úlohy'

2009-09-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 20:00
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(300)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-09-26 20:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-26 18:02

Před spuštěním: Volných bajtů: 11 000 971 264
Po spuštění: Volných bajtů: 11 011 911 680

239 --- E O F --- 2009-09-25 17:44

[pitimir]

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\ICQ6Toolbar
c:\program files\DAEMON Tools Toolbar

Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-

Reboot::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[jimmy3]

Tak jsem to udělal a po naběhnutí systému se mi nezobrazil nový log a nikde ho nemůžu najít

[pitimir]

Daj novy log z ComboFixu...uvidime, ci je to prec alebo nie.

[jimmy3]

ComboFix 09-09-25.01 - Milan 27.09.2009 21:03.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1071 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-27 do 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 18:08 . 2009-09-27 18:08 -------- d-----w- c:\windows\LastGood
2009-09-27 18:08 . 2009-09-27 18:08 -------- d-----w- c:\program files\EA Sports
2009-09-21 14:09 . 2009-09-21 14:09 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-21 14:09 . 2009-09-21 14:09 -------- d-----w- c:\windows\system32\xlive
2009-09-19 14:43 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-09-19 14:43 . 2009-09-19 14:43 -------- d-----w- c:\program files\Microsoft WSE
2009-09-19 14:16 . 2009-09-19 14:16 -------- d-sh--r- c:\windows\system32\Cerberus
2009-09-18 16:15 . 2009-09-18 16:15 -------- d-----w- c:\program files\Common Files\BitSpirit
2009-09-18 14:39 . 2009-09-18 14:39 -------- d-----w- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 11:58 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-09-25 11:58 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-09-24 16:25 . 2009-08-21 17:40 -------- d-----w- c:\program files\Opera 10 Beta
2009-09-23 14:48 . 2009-08-21 17:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 16:15 . 2009-08-21 18:33 -------- d-----w- c:\program files\BitSpirit
2009-08-28 18:34 . 2009-08-21 17:38 -------- d-----w- c:\program files\ESET
2009-08-28 18:12 . 2009-08-28 18:12 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-28 18:12 . 2009-08-28 18:12 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-28 18:12 . 2009-08-28 18:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-27 11:01 . 2009-08-21 19:39 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 10:53 . 2009-08-21 19:39 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 09:27 . 2009-08-21 19:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-26 13:24 . 2009-08-26 13:24 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-26 08:51 . 2009-08-26 08:51 -------- d-----w- c:\program files\MCS Studios
2009-08-25 14:21 . 2009-08-22 20:09 -------- d-----w- c:\program files\Winamp
2009-08-24 10:27 . 2009-08-24 10:25 -------- d-----w- c:\program files\ICQ6.5
2009-08-24 08:52 . 2009-08-24 08:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-23 10:57 . 2009-08-21 18:30 -------- d-----w- c:\program files\totalcmd
2009-08-22 20:22 . 2009-08-22 20:22 -------- d-----w- c:\program files\IrfanView
2009-08-22 20:15 . 2009-08-21 17:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-22 16:28 . 2009-08-22 16:28 -------- d-----w- c:\program files\Common Files\Skype
2009-08-22 16:28 . 2009-08-22 16:28 -------- d-----r- c:\program files\Skype
2009-08-22 14:00 . 2009-08-22 14:00 -------- d-----w- c:\program files\MSXML 4.0
2009-08-22 09:40 . 2009-08-22 09:40 -------- d-----w- c:\program files\IObit
2009-08-22 09:14 . 2009-08-22 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Trend Micro
2009-08-22 08:56 . 2009-08-22 08:56 -------- d-----w- c:\program files\Lavalys
2009-08-22 08:36 . 2009-08-22 08:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 08:36 . 2009-08-22 08:36 -------- d-----w- c:\program files\Java
2009-08-21 21:11 . 2009-08-21 21:11 -------- d-----w- c:\program files\MSBuild
2009-08-21 21:11 . 2009-08-21 21:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-21 19:24 . 2009-08-21 19:24 -------- d-----w- c:\program files\Zaparit
2009-08-21 19:23 . 2009-08-21 19:23 -------- d-----w- c:\program files\GamePark
2009-08-21 18:35 . 2009-08-21 18:34 -------- d-----w- c:\program files\uTorrent
2009-08-21 18:31 . 2009-08-21 18:31 -------- d-----w- c:\program files\CCleaner
2009-08-21 18:29 . 2009-08-21 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-21 18:28 . 2009-08-21 18:26 -------- d-----w- c:\program files\The KMPlayer
2009-08-21 18:25 . 2009-08-21 18:25 -------- d-----w- c:\program files\DVD Shrink
2009-08-21 18:13 . 2009-08-21 18:13 -------- d-----w- c:\program files\NeroInstall.bak
2009-08-21 18:12 . 2009-08-21 18:10 -------- d-----w- c:\program files\Common Files\Nero
2009-08-21 18:10 . 2009-08-21 18:10 -------- d-----w- c:\program files\Nero
2009-08-21 18:02 . 2009-08-21 18:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-21 17:59 . 2009-08-21 17:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-21 17:29 . 2009-08-21 17:29 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-21 17:28 . 2009-08-21 17:28 -------- d-----w- c:\program files\ATI Technologies
2009-08-21 17:28 . 2009-08-21 17:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 17:21 . 2009-08-21 17:19 -------- d-----w- c:\program files\VIA
2009-08-21 17:10 . 2009-08-21 17:10 -------- d-----w- c:\program files\microsoft frontpage
2009-08-21 17:07 . 2009-08-21 17:07 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-21 17:07 . 2009-08-21 17:07 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:01 . 2008-04-14 06:51 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-22 09:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-22 09:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 04:36 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 06:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:04 . 2008-04-14 06:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-08-08 15:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-02 17:49 . 2009-07-02 17:49 4125696 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-02 17:25 . 2009-07-02 17:25 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-07-02 17:24 . 2009-07-02 17:24 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-02 17:07 . 2009-07-02 17:07 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-07-02 17:06 . 2009-07-02 17:06 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-07-02 17:05 . 2009-07-02 17:05 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-02 17:05 . 2009-07-02 17:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-07-02 17:05 . 2009-07-02 17:05 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-07-02 17:04 . 2009-07-02 17:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-07-02 17:02 . 2009-07-02 17:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-07-02 16:56 . 2009-07-02 16:56 3014272 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-02 16:54 . 2009-07-02 16:54 11698176 ----a-w- c:\windows\system32\atioglxx.dll
2009-07-02 16:44 . 2009-07-02 16:44 2139904 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-02 16:44 . 2009-07-02 16:44 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-02 16:44 . 2009-07-02 16:44 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-02 16:28 . 2009-07-02 16:28 487424 ----a-w- c:\windows\system32\atikvmag.dll
2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-07-02 16:26 . 2009-07-02 16:26 151552 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-02 16:26 . 2009-07-02 16:26 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-07-02 16:25 . 2009-07-02 16:25 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-02 16:24 . 2009-07-02 16:24 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-07-02 16:20 . 2009-07-02 16:20 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-02 10:12 . 2009-08-21 17:28 593920 ------w- c:\windows\system32\ati2sgag.exe
2006-01-31 09:02 . 2006-01-31 09:02 581632 --sha-r- c:\windows\system32\Cerberus\plugin.dat
2006-06-12 10:43 . 2006-06-12 10:43 804352 --sha-r- c:\windows\system32\Cerberus\Winmlogon.exe
.

------- Sigcheck -------

[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-26_18.00.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-27 18:08 . 2005-12-05 16:07 61136 c:\windows\LastGood\system32\xinput9_1_0.dll
+ 2009-09-27 18:08 . 2007-04-04 16:53 81768 c:\windows\LastGood\system32\xinput1_3.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-29 03:18 . 2005-03-29 03:18 136980 c:\windows\system32\Cerberus\logs.dat
+ 2009-09-27 18:24 . 2009-09-27 18:24 105014 c:\windows\Installer\{11202615-E557-4ECF-9B86-F59C81E52909}\fifapc.exe
- 2009-09-23 14:58 . 2009-09-23 14:58 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-27 18:08 . 2008-03-05 13:56 3786760 c:\windows\LastGood\system32\D3DX9_37.dll
+ 2009-09-27 18:08 . 2007-07-19 16:14 3727720 c:\windows\LastGood\system32\d3dx9_35.dll
+ 2009-09-27 18:08 . 2007-05-16 14:45 3497832 c:\windows\LastGood\system32\d3dx9_34.dll
+ 2009-09-27 18:08 . 2007-03-12 14:42 3495784 c:\windows\LastGood\system32\d3dx9_33.dll
+ 2009-09-27 18:08 . 2006-11-29 11:06 3426072 c:\windows\LastGood\system32\d3dx9_32.dll
+ 2009-09-27 18:08 . 2006-09-28 14:05 2414360 c:\windows\LastGood\system32\d3dx9_31.dll
+ 2009-09-27 18:08 . 2006-03-31 10:40 2388176 c:\windows\LastGood\system32\d3dx9_30.dll
+ 2009-09-27 18:08 . 2006-02-03 06:43 2332368 c:\windows\LastGood\system32\d3dx9_29.dll
+ 2009-09-27 18:08 . 2005-12-05 16:09 2323664 c:\windows\LastGood\system32\d3dx9_28.dll
+ 2009-09-27 18:08 . 2005-07-22 17:59 2319568 c:\windows\LastGood\system32\d3dx9_27.dll
+ 2009-09-27 18:08 . 2005-05-26 13:34 2297552 c:\windows\LastGood\system32\d3dx9_26.dll
+ 2009-09-27 18:08 . 2005-03-19 00:19 2337488 c:\windows\LastGood\system32\d3dx9_25.dll
+ 2009-09-27 18:08 . 2005-02-05 17:45 2222800 c:\windows\LastGood\system32\d3dx9_24.dll
+ 2009-09-27 18:24 . 2009-09-27 18:24 4369408 c:\windows\Installer\{11202615-E557-4ECF-9B86-F59C81E52909}\EAregister.exe
- 2009-09-23 14:58 . 2009-09-23 14:58 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:08 . 2009-09-27 18:08 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-23 14:58 . 2009-09-23 14:58 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:24 . 2009-09-27 18:24 11366400 c:\windows\Installer\aee88f.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Call of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaWmp.exe"=
"d:\\Hry\\Call of Duty 5\\CoDWaW.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"d:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"d:\\Hry\\Red Faction Guerrilla\\rfg.exe"=
"d:\\Hry\\Counter-Strike Source\\hl2.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [28.8.2009 20:12 603904]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [21.8.2009 19:19 52888]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0F343NNE-4I4A-880W-AJ62-8KRYY516L4RD}]
c:\windows\system32\Cerberus\Winmlogon.exe Restart
.
Obsah adresáře 'Naplánované úlohy'

2009-09-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 21:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2009-09-27 21:08
ComboFix-quarantined-files.txt 2009-09-27 19:08
ComboFix2.txt 2009-09-26 18:02

Před spuštěním: 2 115 252 224
Po spuštění: 2 085 998 592

269 --- E O F --- 2009-09-25 17:44

[pitimir]

Podla mna OK :)

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /u

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa tu nachadza navod.

[jimmy3]

To pročištění pc pomohlo, ted je mnohem rychlejší díky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:12, on 27.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programy\QIP\qip.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe

--
End of file - 5367 bytes

[pitimir]

1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

2) Updatuj Adobe Reader (poslednu verziu najdes tu).


3) Pouzi JavaRa, mas staru Javu.


4) Asi najdolezitejsi krok - doinstaluj antispyware a firewall.