PC - NOD32 hlásí vir Kriptik.ABX trojan

Fiška · Příspěvekod **Fiška** » 01 pro 2009 12:13

Žádám o radu.Včera se mi přes nod32 dostalo do PC pár trojanů.Některé z nich NOD vyléčil , bohužel u některých píše , že nejdou léčit.

C:\Windows\system32\drivers\atapi.sys
C:\Windows\system32\Drivers\atapi.sys
+
u C:\Windows\system32\dllcache\atapi.sys píše nod , že soubor byl vyléčen ale při znovuspuštění systému hod opět objeví a znovu ukládá do karantény.
PC se zatím jinak zvlášť neprojevuje.

Log HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:11, on 1.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\DOCUME~1\LUK~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lukáš\Plocha\instalace programku\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... lmate_5730
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: algqeh32.exe
O4 - Startup: ukssys32.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Data aplikací\Partner\partner.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 14508 bytes

Tímto díky za případné rady.

Reklama

pitimir · Příspěvekod **pitimir** » 02 pro 2009 20:48

Gratulujem, stal si sa majitelom krasneho rootkitu. Hned na zaciatok upozornenie - odstranovanie bude narocne.

A teraz k veci:

1) Stiahni >>tento<< subor na plochu.
Skopiruj do poznamkoveho bloku:

Kód: Vybrat vše

@echo off
"%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v
notepad report.txt
del %0
exit

Uloz ako antiTDL3.bat (typ vsetky subory) na plochu. Otvor dvojklikom. Spusti sa program, po skonceni scanu stlac lubovolnu klavesu. Otvori sa ti textovy dokument (report.txt), jeho obsah mi sem skopiruj.

2) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

Fiška · Příspěvekod **Fiška** » 04 pro 2009 17:43

Zdravím , omlouvám se za to časové spoždění ale teď tak trochu nestíhám.
Takže k věci.
První program který ste mi doporučil jsem bohužel nedokázal rozchodit , neboť windows vypíše do konzole že cesta k souboru není platná (a to i přesto , že jsem při druhém pokusu zkusil nastavit cestu přímo jen pro můj pc)

Naopak ComboFix to projel v pohodě a nod32 již při startu žádný vir nehlásí a to ani po prověření počítače.
Zde přikládám log a ještě jednou díky za rady.

ComboFix 09-12-03.05 - Lukáš 04.12.2009 15:08.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.2414 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
c:\windows\Suyin.reg
c:\windows\system32\Ijl11.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\system volume information\_restore{22292590-DA98-4CEB-914A-93359EF28E7E}\RP147\A0031657.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-04 do 2009-12-04 )))))))))))))))))))))))))))))))
.

2009-12-03 16:04 . 2009-12-03 14:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-03 14:49 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-03 14:46 . 2009-12-03 14:46 -------- d-----w- c:\program files\Lavasoft
2009-11-30 20:41 . 2009-11-30 20:41 -------- d-----w- c:\program files\IObit
2009-11-30 20:06 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-30 20:06 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-30 20:06 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-30 20:06 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-30 20:06 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-30 20:05 . 2009-11-30 20:16 -------- d-----w- c:\program files\Trojan Remover
2009-11-30 20:01 . 2009-11-30 20:01 -------- d-----w- c:\program files\Alwil Software
2009-11-25 09:39 . 2009-11-28 12:41 -------- d-----w- c:\program files\CamStudio
2009-11-24 15:43 . 2009-11-24 21:52 -------- d-----w- C:\Shoty
2009-11-24 13:50 . 2009-11-27 13:58 189 ----a-w- c:\windows\tmpcpyis.bat
2009-11-24 13:50 . 2009-11-27 13:58 122 ----a-w- c:\windows\tmpdelis.bat
2009-11-24 13:50 . 2009-11-24 13:50 26 ----a-w- c:\windows\winstart.bat
2009-11-24 13:45 . 1996-07-06 14:00 297472 ----a-w- c:\windows\uninst.exe
2009-11-24 11:17 . 2009-11-24 15:48 -------- d-----w- c:\program files\Oldgames
2009-11-20 19:00 . 2009-11-20 19:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-20 18:57 . 2009-11-20 18:57 -------- d-----w- c:\program files\Black Sea Studios
2009-11-19 15:23 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-11-19 15:23 . 2009-11-19 15:23 -------- d-----w- c:\program files\Nitro PDF
2009-11-06 17:27 . 2009-11-06 17:27 -------- d-----w- c:\program files\SEGA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 07:16 . 2008-09-08 17:33 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-20 18:57 . 2008-09-08 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 14:17 . 2009-09-04 14:33 -------- d-----w- c:\program files\Rockstar Games
2009-11-01 10:43 . 2009-11-01 10:43 131152 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-30 12:10 . 2009-10-29 13:22 -------- d-----w- c:\program files\Pinnacle
2009-10-29 15:17 . 2009-10-29 15:14 -------- d-----w- c:\program files\MAGIX
2009-10-29 15:17 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-10-29 15:16 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\xara
2009-10-29 14:43 . 2009-10-29 14:43 -------- d-----w- c:\program files\Windows Media Components
2009-10-29 13:33 . 2008-09-08 17:48 507182 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 13:33 . 2008-09-08 17:48 109914 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 13:27 . 2009-10-29 13:27 -------- d-----w- c:\program files\QuickTime
2009-10-29 13:27 . 2009-08-26 18:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-28 12:22 . 2009-10-28 12:22 -------- d-----w- c:\program files\Studio V5
2009-10-28 11:32 . 2009-10-28 11:31 -------- d-----w- c:\program files\Movie DVD Maker
2009-10-25 07:50 . 2009-10-25 07:50 -------- d-----w- c:\program files\ESET
2009-10-25 07:45 . 2008-09-08 17:38 -------- d-----w- c:\program files\McAfee
2009-10-24 11:41 . 2009-09-23 08:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-07 13:19 . 2009-10-07 13:19 -------- d-----w- c:\program files\DVD Shrink
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-13 10:07 . 2009-09-13 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:19 . 2008-04-14 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-26 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-26 24064]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-08-26 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-29 282624]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe" [2008-11-13 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Luk ç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
algqeh32.exe [2008-4-14 16896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2009-8-26 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-08-26 18:33 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\jre\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [26.8.2009 19:33 42608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3.12.2009 15:49 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.8.2009 16:08 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 12:11 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [27.8.2009 11:20 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1184912]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 21:42 50424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 20:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 17:30 43608]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [26.8.2009 19:33 3566080]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 2:03 131072]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\LUK~1\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\LUK~1\LOCALS~1\Temp\cusbohcn.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [29.10.2009 16:16 1527900]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.8.2009 19:25 24064]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Data aplikací\Partner\partner.exe [26.8.2009 19:26 110576]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 6:23 17968]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 14:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\odxpco6f.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\documents and settings\All Users\Data aplikací\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Ad-Aware - c:\documents and settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-GridVista - c:\windows\GVUni.exe GridV.UNI
AddRemove-LManager - c:\windows\UNINST32.EXE LManager.UNI
AddRemove-{8fc18665-579e-4f7f-bda9-b739d6267886} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint2K\Uninstap.exe ADDREMOVE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-04 15:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\documents and settings\Lukáš\Nabídka Start\Programy\Po spuštění\algqeh32.exe 16896 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spwr.sys hal.dll >>UNKNOWN [0x8A6E3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf756bf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf70edb40
\Driver\iaStor -> iaStor.sys @ 0xf71435a0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 5100 -> SendCompleteHandler -> NDIS.sys @ 0xf6f9ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf6f8da0d
SendHandler -> NDIS.sys @ 0xf6fa1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\windows\system32\bsapi.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Apoint2K\Apntex.exe
c:\docume~1\LUK~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-12-04 15:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-04 14:23

Před spuštěním: Volných bajtů: 138 139 815 936
Po spuštění: Volných bajtů: 138 353 618 944

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DF1BED9F51303E290C532DE0D20B427A

Damned · Příspěvekod **Damned** » 04 pro 2009 18:16

Já jen doplním k tomu bodu jedna co psal pitimir.

Proveď ho znovu, jen frázi:

Kód: Vybrat vše

"%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v

nahraď

Kód: Vybrat vše

"%userprofile%\Plocha\TDSSKiller.exe" -l report.txt -v

a zkus to znovu. Složku "desktop" asi mít nebudeš.

Pak mu sem vlož výsledný log.

Fiška · Příspěvekod **Fiška** » 05 pro 2009 12:02

OK takze sem tedy jeste vkladam ten log z bodu 1.

N zev hostitele: LUKAS_NT
N zev operaźnˇho syst‚mu: Syst‚m Microsoft Windows XP Professional
Verze operaźnˇho syst‚mu: 5.1.2600 Service Pack 3 Sestavenˇ 2600
Věrobce operaźnˇho syst‚mu: Microsoft Corporation
Konfigurace operaźnˇho syst‚mu: Samostatn pracovnˇ stanice
Typ sestavenˇ operaźnˇho syst‚mu: Multiprocessor Free
Registrovaně vlastnˇk: Luk ç
Registrovan spoleźnost:
Product ID: 76389-OEM-0011903-00100
Datum p…vodnˇ instalace: 26.8.2009, 20:23:55
Doba provozu syst‚mu: Dny: 0 Hodiny: 0 Minuty: 6 Sekundy: 23
Věrobce syst‚mu: Acer
Model syst‚mu: TravelMate 5730
Typ syst‚mu: X86-based PC
Procesory: Poźet nainstalovaněch procesor…: 1
[01]: x86 Family 6 Model 23 Stepping 10 GenuineIntel ~2527 MHz
Verze syst‚mu BIOS: ACRSYS - 6040000
Adres ý syst‚mu Windows: C:\WINDOWS
Syst‚mově adres ý: C:\WINDOWS\system32
SpouçtŘcˇ zaýˇzenˇ: \Device\HarddiskVolume2
Mˇstnˇ nastavenˇ syst‚mu: cs;¬eçtina
N rodnˇ prostýedˇ: 00000409
¬asov‚ p smo: Nenˇ k dispozici
Celkov kapacita fyzick‚ pamŘti: 3˙067˙MB
Voln fyzick pamŘś: 1˙968˙MB
Virtu lnˇ pamŘś: Maxim lnˇ velikost: 2˙048˙MB
Virtu lnˇ pamŘś: Mˇsto k dispozici: 2˙004˙MB
Virtu lnˇ pamŘś: Vyu§ito: 44˙MB
UmˇstŘnˇ soubor… virtu lnˇ pamŘti: C:\pagefile.sys
Dom‚na: WORKGROUP
Pýihlaçovacˇ server: \\LUKAS_NT
Opravy Hotfix: Poźet nainstalovaněch oprav Hotfix: 148
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: Q147222
[69]: M953297 - Update
[70]: S867460 - Update
[71]: Q954430
[72]: Q973688
[73]: IDNMitigationAPIs - Update
[74]: NLSDownlevelMapping - Update
[75]: KB954156_WM9L
[76]: KB929399
[77]: KB952069_WM9
[78]: KB954155_WM9
[79]: KB968816_WM9
[80]: KB973540_WM9
[81]: KB941569
[82]: KB938127-v2-IE7 - Update
[83]: KB950759-IE7 - Update
[84]: KB971961-IE8 - Update
[85]: KB972260-IE7 - Update
[86]: KB972260-IE8 - Update
[87]: KB973874-IE8 - Update
[88]: KB974455-IE8 - Update
[89]: KB976749-IE8 - Update
[90]: KB898461 - Update
[91]: KB923561 - Update
[92]: KB938464-v2 - Update
[93]: KB942763 - Update
[94]: KB946648 - Update
[95]: KB950760 - Update
[96]: KB950762 - Update
[97]: KB950974 - Update
[98]: KB951066 - Update
[99]: KB951376-v2 - Update
[100]: KB951698 - Update
[101]: KB951748 - Update
[102]: KB951978 - Update
[103]: KB952004 - Update
[104]: KB952287 - Update
[105]: KB952954 - Update
[106]: KB954459 - Update
[107]: KB954550-v5 - Update
[108]: KB954600 - Update
[109]: KB955069 - Update
[110]: KB956572 - Update
[111]: KB956744 - Update
[112]: KB956802 - Update
[113]: KB956803 - Update
[114]: KB956844 - Update
[115]: KB957097 - Update
[116]: KB958644 - Update
[117]: KB958687 - Update
[118]: KB958869 - Update
[119]: KB959426 - Update
[120]: KB960225 - Update
[121]: KB960803 - Update
[122]: KB960859 - Update
[123]: KB961118 - Update
[124]: KB961371-v2 - Update
[125]: KB961501 - Update
[126]: KB967715 - Update
[127]: KB968389 - Update
[128]: KB968537 - Update
[129]: KB969059 - Update
[130]: KB969947 - Update
[131]: KB970238 - Update
[132]: KB970653-v3 - Update
[133]: KB971486 - Update
[134]: KB971557 - Update
[135]: KB971633 - Update
[136]: KB971657 - Update
[137]: KB973346 - Update
[138]: KB973354 - Update
[139]: KB973507 - Update
[140]: KB973525 - Update
[141]: KB973687 - Update
[142]: KB973815 - Update
[143]: KB973869 - Update
[144]: KB974112 - Update
[145]: KB974571 - Update
[146]: KB975025 - Update
[147]: KB975467 - Update
[148]: KB976098-v2 - Update
Sˇśov‚ karty: Poźet nainstalovaněch adapt‚r… NIC: 2
[01]: Broadcom NetXtreme Gigabit Ethernet
N zev pýipojenˇ: Pýipojenˇ k mˇstnˇ sˇti
DHCP povoleno: Ano
Server DHCP: 255.255.255.255
Adresy IP
[01]: 10.72.64.94
[02]: Intel(R) Wireless WiFi Link 5100
N zev pýipojenˇ: Bezdr tov‚ pýipojenˇ k sˇti
Stav: M‚dium je odpojen‚.
11:59:39:734 2580 ForceUnloadDriver: NtUnloadDriver error 2
11:59:39:734 2580 ForceUnloadDriver: NtUnloadDriver error 2
11:59:39:734 2580 ForceUnloadDriver: NtUnloadDriver error 2
11:59:39:765 2580 main: Driver KLMD successfully dropped
11:59:39:765 2580 main: Driver KLMD successfully loaded
11:59:39:765 2580
Scanning Registry ...
11:59:39:765 2580 ScanServices: Searching service UACd.sys
11:59:39:765 2580 ScanServices: Open/Create key error 2
11:59:39:765 2580 ScanServices: Searching service TDSSserv.sys
11:59:39:765 2580 ScanServices: Open/Create key error 2
11:59:39:765 2580 ScanServices: Searching service gaopdxserv.sys
11:59:39:765 2580 ScanServices: Open/Create key error 2
11:59:39:765 2580 ScanServices: Searching service gxvxcserv.sys
11:59:39:765 2580 ScanServices: Open/Create key error 2
11:59:39:765 2580 ScanServices: Searching service MSIVXserv.sys
11:59:39:765 2580 ScanServices: Open/Create key error 2
11:59:39:765 2580 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
11:59:39:765 2580 UnhookRegistry: Kernel local addr: A30000
11:59:39:765 2580 UnhookRegistry: KeServiceDescriptorTable addr: AB5700
11:59:39:765 2580 UnhookRegistry: KiServiceTable addr: A5D460
11:59:39:812 2580 UnhookRegistry: NtEnumerateKey service number (local): 47
11:59:39:812 2580 UnhookRegistry: NtEnumerateKey local addr: B7CFF2
11:59:39:828 2580 KLMD_OpenDevice: Trying to open KLMD device
11:59:39:828 2580 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
11:59:39:828 2580 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
11:59:39:828 2580 UnhookRegistry: NtEnumerateKey service number (kernel): 47
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
11:59:39:828 2580 UnhookRegistry: NtEnumerateKey real addr: F72A5CA2
11:59:39:828 2580 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
11:59:39:828 2580 KLMD_WriteMem: Trying to WriteMemory 0x8050457C[0x4]
11:59:39:828 2580 UnhookRegistry: NtEnumerateKey (SDT) unhooked successfully
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
11:59:39:828 2580 UnhookRegistry: No splicing found on NtEnumerateKey
11:59:39:828 2580
Scanning Kernel memory ...
11:59:39:828 2580 KLMD_OpenDevice: Trying to open KLMD device
11:59:39:828 2580 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
11:59:39:828 2580 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
11:59:39:828 2580 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8AA23750
11:59:39:828 2580 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
11:59:39:828 2580 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8AA5E4D8
11:59:39:828 2580 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AA5E4D8
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA5E4D8[0x38]
11:59:39:828 2580 DetectCureTDL3: DRIVER_OBJECT addr: 8AA23750
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA23750[0xA8]
11:59:39:828 2580 KLMD_ReadMem: Trying to ReadMemory 0xE1631BF0[0x208]
11:59:39:828 2580 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:59:39:828 2580 DetectCureTDL3: IrpHandler (0) addr: F756DBB0
11:59:39:828 2580 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (2) addr: F756DBB0
11:59:39:828 2580 DetectCureTDL3: IrpHandler (3) addr: F7567D1F
11:59:39:828 2580 DetectCureTDL3: IrpHandler (4) addr: F7567D1F
11:59:39:828 2580 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (9) addr: F75682E2
11:59:39:828 2580 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (14) addr: F75683BB
11:59:39:828 2580 DetectCureTDL3: IrpHandler (15) addr: F756BF28
11:59:39:828 2580 DetectCureTDL3: IrpHandler (16) addr: F75682E2
11:59:39:828 2580 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (22) addr: F7569C82
11:59:39:828 2580 DetectCureTDL3: IrpHandler (23) addr: F756E99E
11:59:39:828 2580 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:59:39:828 2580 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:59:39:828 2580 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:828 2580 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:859 2580 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8AA5E8A0
11:59:39:859 2580 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AA5E8A0
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA5E8A0[0x38]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT addr: 8AA23750
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA23750[0xA8]
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0xE1631BF0[0x208]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:59:39:859 2580 DetectCureTDL3: IrpHandler (0) addr: F756DBB0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (2) addr: F756DBB0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (3) addr: F7567D1F
11:59:39:859 2580 DetectCureTDL3: IrpHandler (4) addr: F7567D1F
11:59:39:859 2580 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (9) addr: F75682E2
11:59:39:859 2580 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (14) addr: F75683BB
11:59:39:859 2580 DetectCureTDL3: IrpHandler (15) addr: F756BF28
11:59:39:859 2580 DetectCureTDL3: IrpHandler (16) addr: F75682E2
11:59:39:859 2580 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (22) addr: F7569C82
11:59:39:859 2580 DetectCureTDL3: IrpHandler (23) addr: F756E99E
11:59:39:859 2580 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:59:39:859 2580 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:859 2580 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:859 2580 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8AA5EC68
11:59:39:859 2580 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AA5EC68
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA5EC68[0x38]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT addr: 8AA23750
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA23750[0xA8]
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0xE1631BF0[0x208]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
11:59:39:859 2580 DetectCureTDL3: IrpHandler (0) addr: F756DBB0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (2) addr: F756DBB0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (3) addr: F7567D1F
11:59:39:859 2580 DetectCureTDL3: IrpHandler (4) addr: F7567D1F
11:59:39:859 2580 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (9) addr: F75682E2
11:59:39:859 2580 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (14) addr: F75683BB
11:59:39:859 2580 DetectCureTDL3: IrpHandler (15) addr: F756BF28
11:59:39:859 2580 DetectCureTDL3: IrpHandler (16) addr: F75682E2
11:59:39:859 2580 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (22) addr: F7569C82
11:59:39:859 2580 DetectCureTDL3: IrpHandler (23) addr: F756E99E
11:59:39:859 2580 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:59:39:859 2580 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:859 2580 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
11:59:39:859 2580 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8AA66030
11:59:39:859 2580 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AA66030
11:59:39:859 2580 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8AA61028
11:59:39:859 2580 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AA61028
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA61028[0x38]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT addr: 8AA658A0
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0x8AA658A0[0xA8]
11:59:39:859 2580 KLMD_ReadMem: Trying to ReadMemory 0xE161C110[0x208]
11:59:39:859 2580 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
11:59:39:859 2580 DetectCureTDL3: IrpHandler (0) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (1) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (2) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (3) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (4) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (5) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (6) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (7) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (8) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (9) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (10) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (11) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (12) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (13) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (14) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (15) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (16) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (17) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (18) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (19) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (20) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (21) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (22) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (23) addr: F71435A0
11:59:39:859 2580 DetectCureTDL3: IrpHandler (24) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (25) addr: 804F4562
11:59:39:859 2580 DetectCureTDL3: IrpHandler (26) addr: 804F4562
11:59:39:859 2580 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\iaStor.sys
11:59:39:859 2580 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\iaStor.sys
11:59:39:875 2580
Completed

Results:
11:59:39:875 2580 Infected / Cured drivers in memory: 0 / 0
11:59:39:875 2580 Infected / Cured drivers on disk: 0 / 0
11:59:39:875 2580 Files deleted on next reboot: 0
11:59:39:875 2580 Registry nodes deleted on next reboot: 0
11:59:39:875 2580

pitimir · Příspěvekod **pitimir** » 05 pro 2009 15:30

1) Odinstaluj Daemon, IOBit, Trojan Remover, Ad-Aware a SpyBot (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.

2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
File::
c:\documents and settings\Lukáš\Nabídka Start\Programy\Po spuštění\algqeh32.exe

Driver::
ICQ Service
cusbohcn

Folder::
c:\program files\ICQ6Toolbar

DDS::
uStart Page = hxxp://www.centrum.cz/skinit/icq/

FireFox::
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\odxpco6f.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search

MBR::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

3) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.

Fiška · Příspěvekod **Fiška** » 08 pro 2009 15:45

OK tak zde jsou požadované logy.

ComboFix 09-12-03.05 - Lukáš 08.12.2009 15:26.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.2563 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\documents and settings\Lukáš\Nabídka Start\Programy\Po spuštění\algqeh32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lukáš\Nabídka Start\Programy\Po spuštění\algqeh32.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Legacy_ICQ_SERVICE
-------\Service_cusbohcn
-------\Service_ICQ Service

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-08 do 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-08 14:13 . 2009-12-08 14:14 -------- d-----w- c:\program files\VS Revo Group
2009-11-30 20:06 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-30 20:06 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-30 20:06 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-30 20:06 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-30 20:06 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-30 20:01 . 2009-11-30 20:01 -------- d-----w- c:\program files\Alwil Software
2009-11-25 09:39 . 2009-11-28 12:41 -------- d-----w- c:\program files\CamStudio
2009-11-24 15:43 . 2009-11-24 21:52 -------- d-----w- C:\Shoty
2009-11-24 13:50 . 2009-11-27 13:58 189 ----a-w- c:\windows\tmpcpyis.bat
2009-11-24 13:50 . 2009-11-27 13:58 122 ----a-w- c:\windows\tmpdelis.bat
2009-11-24 13:50 . 2009-11-24 13:50 26 ----a-w- c:\windows\winstart.bat
2009-11-24 13:45 . 1996-07-06 14:00 297472 ----a-w- c:\windows\uninst.exe
2009-11-24 11:17 . 2009-11-24 15:48 -------- d-----w- c:\program files\Oldgames
2009-11-20 19:00 . 2009-11-20 19:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-20 18:57 . 2009-11-20 18:57 -------- d-----w- c:\program files\Black Sea Studios
2009-11-19 15:23 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-11-19 15:23 . 2009-11-19 15:23 -------- d-----w- c:\program files\Nitro PDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 14:29 . 2008-09-08 17:48 507182 ----a-w- c:\windows\system32\perfh005.dat
2009-12-08 14:29 . 2008-09-08 17:48 109914 ----a-w- c:\windows\system32\perfc005.dat
2009-12-08 14:23 . 2009-09-07 17:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-08 14:11 . 2009-08-26 15:24 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-07 19:29 . 2008-09-08 17:33 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-05 09:19 . 2009-08-26 18:38 -------- d-----w- c:\program files\Launch Manager
2009-11-20 18:57 . 2008-09-08 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 14:17 . 2009-09-04 14:33 -------- d-----w- c:\program files\Rockstar Games
2009-11-06 17:27 . 2009-11-06 17:27 -------- d-----w- c:\program files\SEGA
2009-11-01 10:43 . 2009-11-01 10:43 131152 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-30 12:10 . 2009-10-29 13:22 -------- d-----w- c:\program files\Pinnacle
2009-10-29 15:17 . 2009-10-29 15:14 -------- d-----w- c:\program files\MAGIX
2009-10-29 15:17 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-10-29 15:16 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\xara
2009-10-29 14:43 . 2009-10-29 14:43 -------- d-----w- c:\program files\Windows Media Components
2009-10-29 13:27 . 2009-10-29 13:27 -------- d-----w- c:\program files\QuickTime
2009-10-29 13:27 . 2009-08-26 18:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-28 12:22 . 2009-10-28 12:22 -------- d-----w- c:\program files\Studio V5
2009-10-28 11:32 . 2009-10-28 11:31 -------- d-----w- c:\program files\Movie DVD Maker
2009-10-25 07:50 . 2009-10-25 07:50 -------- d-----w- c:\program files\ESET
2009-10-25 07:45 . 2008-09-08 17:38 -------- d-----w- c:\program files\McAfee
2009-10-24 11:41 . 2009-09-23 08:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-13 10:07 . 2009-09-13 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:19 . 2008-04-14 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-04_14.17.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-08 14:34 . 2009-12-08 14:34 16384 c:\windows\temp\Perflib_Perfdata_c14.dat
+ 2009-12-08 14:34 . 2009-12-08 14:34 16384 c:\windows\temp\Perflib_Perfdata_b24.dat
+ 2008-09-08 17:48 . 2009-12-08 14:29 98048 c:\windows\system32\perfc009.dat
- 2008-09-08 17:48 . 2009-10-29 13:33 98048 c:\windows\system32\perfc009.dat
+ 2008-09-08 17:48 . 2009-12-08 14:29 510242 c:\windows\system32\perfh009.dat
- 2008-09-08 17:48 . 2009-10-29 13:33 510242 c:\windows\system32\perfh009.dat
+ 2009-12-07 19:30 . 2009-12-07 19:30 817152 c:\windows\Installer\13788ef.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-26 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-26 24064]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-08-26 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-29 282624]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe" [2008-11-13 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2009-8-26 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-08-26 18:33 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\jre\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [26.8.2009 19:33 42608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.8.2009 16:08 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 12:11 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 21:42 50424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 20:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 17:30 43608]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [26.8.2009 19:33 3566080]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 2:03 131072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [29.10.2009 16:16 1527900]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.8.2009 19:25 24064]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Data aplikací\Partner\partner.exe [26.8.2009 19:26 110576]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 6:23 17968]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\odxpco6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 15:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spnm.sys hal.dll >>UNKNOWN [0x8A6D4938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf756bf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf70edb40
\Driver\iaStor -> iaStor.sys @ 0xf71435a0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 5100 -> SendCompleteHandler -> NDIS.sys @ 0xf6f9ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf6f8da0d
SendHandler -> NDIS.sys @ 0xf6fa1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\windows\system32\bsapi.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\docume~1\LUK~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-12-08 15:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-08 14:39

Před spuštěním: Volných bajtů: 139 298 656 256
Po spuštění: Volných bajtů: 139 253 428 224

- - End Of File - - AC416A6091A24227E04523ED4D75CADC

a

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 15:42 on 08/12/2009 (Lukáš)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...

pitimir · Příspěvekod **pitimir** » 08 pro 2009 18:42

Preco si neodinstaloval dane veci? Bez toho sa nepohneme...

Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa dalsi textak (log.txt), aj jeho obsah sem skopiruj.

Fiška · Příspěvekod **Fiška** » 09 pro 2009 09:14

Zdravím , k té otázce.
Spybot , ad-aware i deamona jsem normálně odinstaloval přes odebrat programy , myslím že v tom by neměl být problém . Co se týče trojan removera toho jsem odinstaloval již dříve , nicméně jsem ho ještě projistotu zkontroloval v revo uninstalleru , ale prostě tam není , to samé IObit. jinak zbytky těchto dvou programů které zbyly po odinstalování s pc jsem odstranil do koše. Takže podlě mě by žádný z programů , které jsem měl odstranit by již v pc neměl být.

Jinak zde je ten další log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spsa.sys hal.dll >>UNKNOWN [0x8AAD3938]<<
kernel: MBR read successfully
user & kernel MBR OK

pitimir · Příspěvekod **pitimir** » 09 pro 2009 15:42

1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Spybot - Search & Destroy
c:\program files\DAEMON Tools Toolbar
c:\program files\McAfee
c:\program files\Alwil Software

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

2) Poznas tieto bataky?

Kód: Vybrat vše

c:\windows\tmpcpyis.bat
c:\windows\tmpdelis.bat
c:\windows\winstart.bat

Pokial nie, otestuj subory na >>VIRUSTOTALe<<.
Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

Fiška · Příspěvekod **Fiška** » 09 pro 2009 20:14

1, log combofix

ComboFix 09-12-03.05 - Lukáš 09.12.2009 19:41.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3067.2573 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lukáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukáš\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\Setup\setup.ini
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\McAfee
c:\program files\McAfee\Temp\qxz15F\Temp\mcappcfg.exe
c:\program files\McAfee\Temp\qxz15F\Temp\mvsoem.dll
c:\program files\McAfee\Temp\qxz15F\Temp\vsouc.xml
c:\program files\McAfee\Temp\qxz15F\vsous.inf
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-09 do 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-08 14:13 . 2009-12-09 08:05 -------- d-----w- c:\program files\VS Revo Group
2009-11-30 20:06 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-30 20:06 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-30 20:06 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-30 20:06 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-30 20:06 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-25 09:39 . 2009-11-28 12:41 -------- d-----w- c:\program files\CamStudio
2009-11-24 15:43 . 2009-11-24 21:52 -------- d-----w- C:\Shoty
2009-11-24 13:50 . 2009-11-27 13:58 189 ----a-w- c:\windows\tmpcpyis.bat
2009-11-24 13:50 . 2009-11-27 13:58 122 ----a-w- c:\windows\tmpdelis.bat
2009-11-24 13:50 . 2009-11-24 13:50 26 ----a-w- c:\windows\winstart.bat
2009-11-24 13:45 . 1996-07-06 14:00 297472 ----a-w- c:\windows\uninst.exe
2009-11-24 11:17 . 2009-11-24 15:48 -------- d-----w- c:\program files\Oldgames
2009-11-20 19:00 . 2009-11-20 19:03 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-20 18:57 . 2009-11-20 18:57 -------- d-----w- c:\program files\Black Sea Studios
2009-11-19 15:23 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-11-19 15:23 . 2009-11-19 15:23 -------- d-----w- c:\program files\Nitro PDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 18:43 . 2008-09-08 17:48 507182 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 18:43 . 2008-09-08 17:48 109914 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 15:53 . 2008-09-08 17:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 13:24 . 2009-08-28 15:48 -------- d-----w- c:\program files\Common Files\Nero
2009-12-08 16:08 . 2008-09-08 17:33 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-05 09:19 . 2009-08-26 18:38 -------- d-----w- c:\program files\Launch Manager
2009-11-13 14:17 . 2009-09-04 14:33 -------- d-----w- c:\program files\Rockstar Games
2009-11-06 17:27 . 2009-11-06 17:27 -------- d-----w- c:\program files\SEGA
2009-11-01 10:43 . 2009-11-01 10:43 131152 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-30 12:10 . 2009-10-29 13:22 -------- d-----w- c:\program files\Pinnacle
2009-10-29 15:17 . 2009-10-29 15:14 -------- d-----w- c:\program files\MAGIX
2009-10-29 15:17 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2009-10-29 15:16 . 2009-10-29 15:16 -------- d-----w- c:\program files\Common Files\xara
2009-10-29 14:43 . 2009-10-29 14:43 -------- d-----w- c:\program files\Windows Media Components
2009-10-29 13:27 . 2009-10-29 13:27 -------- d-----w- c:\program files\QuickTime
2009-10-29 13:27 . 2009-08-26 18:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-28 12:22 . 2009-10-28 12:22 -------- d-----w- c:\program files\Studio V5
2009-10-28 11:32 . 2009-10-28 11:31 -------- d-----w- c:\program files\Movie DVD Maker
2009-10-25 07:50 . 2009-10-25 07:50 -------- d-----w- c:\program files\ESET
2009-10-24 11:41 . 2009-09-23 08:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-13 10:07 . 2009-09-13 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:19 . 2008-04-14 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-04_14.17.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 18:49 . 2009-12-09 18:49 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat
+ 2009-12-09 18:49 . 2009-12-09 18:49 16384 c:\windows\temp\Perflib_Perfdata_3c0.dat
- 2009-08-26 18:36 . 2005-12-05 16:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2009-08-26 18:36 . 2005-12-05 17:07 61136 c:\windows\system32\xinput9_1_0.dll
- 2009-08-26 18:37 . 2007-04-04 16:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-08-26 18:37 . 2007-04-04 17:53 81768 c:\windows\system32\xinput1_3.dll
- 2009-08-26 18:37 . 2006-07-28 07:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-08-26 18:37 . 2006-07-28 08:30 62744 c:\windows\system32\xinput1_2.dll
- 2009-08-26 18:37 . 2006-03-31 10:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-08-26 18:37 . 2006-03-31 11:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-08-26 15:49 . 2007-10-22 02:37 17928 c:\windows\system32\X3DAudio1_2.dll
- 2009-08-26 15:49 . 2007-10-22 01:37 17928 c:\windows\system32\X3DAudio1_2.dll
+ 2009-08-26 18:37 . 2007-03-05 11:42 15128 c:\windows\system32\x3daudio1_1.dll
- 2009-08-26 18:37 . 2007-03-05 10:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-08-26 18:36 . 2006-02-03 07:41 14032 c:\windows\system32\x3daudio1_0.dll
- 2009-08-26 18:36 . 2006-02-03 06:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2008-09-08 17:48 . 2009-12-09 18:43 98048 c:\windows\system32\perfc009.dat
- 2008-09-08 17:48 . 2009-10-29 13:33 98048 c:\windows\system32\perfc009.dat
- 2009-08-26 18:37 . 2005-03-18 14:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-08-26 15:49 . 2007-07-19 23:57 267112 c:\windows\system32\xactengine2_9.dll
- 2009-08-26 15:49 . 2007-07-19 22:57 267112 c:\windows\system32\xactengine2_9.dll
- 2009-08-26 15:49 . 2007-06-20 18:46 266088 c:\windows\system32\xactengine2_8.dll
+ 2009-08-26 15:49 . 2007-06-20 19:46 266088 c:\windows\system32\xactengine2_8.dll
- 2009-08-26 15:49 . 2007-04-04 16:55 261480 c:\windows\system32\xactengine2_7.dll
+ 2009-08-26 15:49 . 2007-04-04 17:55 261480 c:\windows\system32\xactengine2_7.dll
+ 2009-08-26 18:37 . 2007-01-24 14:27 255848 c:\windows\system32\xactengine2_6.dll
- 2009-08-26 18:37 . 2007-01-24 13:27 255848 c:\windows\system32\xactengine2_6.dll
- 2009-08-26 18:37 . 2006-12-08 10:02 251672 c:\windows\system32\xactengine2_5.dll
+ 2009-08-26 18:37 . 2006-12-08 11:02 251672 c:\windows\system32\xactengine2_5.dll
- 2009-08-26 18:37 . 2006-09-28 14:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-08-26 18:37 . 2006-09-28 15:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-08-26 18:37 . 2006-07-28 08:30 236824 c:\windows\system32\xactengine2_3.dll
- 2009-08-26 18:37 . 2006-07-28 07:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2009-08-26 18:37 . 2006-05-31 06:24 230168 c:\windows\system32\xactengine2_2.dll
- 2009-08-26 18:37 . 2006-05-31 05:24 230168 c:\windows\system32\xactengine2_2.dll
- 2009-08-26 15:49 . 2007-10-22 01:39 267272 c:\windows\system32\xactengine2_10.dll
+ 2009-08-26 15:49 . 2007-10-22 02:39 267272 c:\windows\system32\xactengine2_10.dll
+ 2009-08-26 18:37 . 2006-03-31 11:39 229584 c:\windows\system32\xactengine2_1.dll
- 2009-08-26 18:37 . 2006-03-31 10:39 229584 c:\windows\system32\xactengine2_1.dll
- 2009-08-26 18:36 . 2006-02-03 06:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2009-08-26 18:36 . 2006-02-03 07:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2008-09-08 17:48 . 2009-12-09 18:43 510242 c:\windows\system32\perfh009.dat
- 2008-09-08 17:48 . 2009-10-29 13:33 510242 c:\windows\system32\perfh009.dat
+ 2009-08-26 15:49 . 2007-10-02 08:56 444776 c:\windows\system32\d3dx10_36.dll
- 2009-08-26 15:49 . 2007-10-02 07:56 444776 c:\windows\system32\d3dx10_36.dll
- 2009-08-26 15:49 . 2007-07-19 16:14 444776 c:\windows\system32\d3dx10_35.dll
+ 2009-08-26 15:49 . 2007-07-19 17:14 444776 c:\windows\system32\d3dx10_35.dll
- 2009-08-26 15:49 . 2007-05-16 14:45 443752 c:\windows\system32\d3dx10_34.dll
+ 2009-08-26 15:49 . 2007-05-16 15:45 443752 c:\windows\system32\d3dx10_34.dll
- 2009-08-26 15:49 . 2007-03-15 14:57 443752 c:\windows\system32\d3dx10_33.dll
+ 2009-08-26 15:49 . 2007-03-15 15:57 443752 c:\windows\system32\d3dx10_33.dll
- 2009-08-26 18:37 . 2006-03-31 09:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:37 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2006-02-03 05:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-12-05 15:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-09-28 12:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-07-22 15:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-05-26 13:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-03-18 15:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2005-02-05 17:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2005-03-18 15:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2009-08-26 18:36 . 2005-03-18 14:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- 2009-08-26 18:37 . 2005-03-18 14:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-08-26 18:37 . 2005-03-18 15:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-12-08 16:09 . 2009-12-08 16:09 817152 c:\windows\Installer\5611e1.msi
+ 2009-12-09 15:58 . 2009-12-09 15:58 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-08-26 15:49 . 2007-10-12 13:14 3734536 c:\windows\system32\d3dx9_36.dll
+ 2009-08-26 15:49 . 2007-10-12 14:14 3734536 c:\windows\system32\d3dx9_36.dll
+ 2009-08-26 15:49 . 2007-07-19 17:14 3727720 c:\windows\system32\d3dx9_35.dll
- 2009-08-26 15:49 . 2007-07-19 16:14 3727720 c:\windows\system32\d3dx9_35.dll
+ 2009-08-26 15:49 . 2007-05-16 15:45 3497832 c:\windows\system32\d3dx9_34.dll
- 2009-08-26 15:49 . 2007-05-16 14:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-08-26 15:49 . 2007-03-12 15:42 3495784 c:\windows\system32\d3dx9_33.dll
- 2009-08-26 15:49 . 2007-03-12 14:42 3495784 c:\windows\system32\d3dx9_33.dll
- 2009-08-26 18:37 . 2006-11-29 11:06 3426072 c:\windows\system32\d3dx9_32.dll
+ 2009-08-26 18:37 . 2006-11-29 12:06 3426072 c:\windows\system32\d3dx9_32.dll
- 2009-08-26 18:37 . 2006-09-28 14:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-08-26 18:37 . 2006-09-28 15:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-08-26 18:36 . 2006-03-31 11:40 2388176 c:\windows\system32\d3dx9_30.dll
- 2009-08-26 18:36 . 2006-03-31 10:40 2388176 c:\windows\system32\d3dx9_30.dll
- 2009-08-26 18:36 . 2006-02-03 06:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-08-26 18:36 . 2006-02-03 07:43 2332368 c:\windows\system32\d3dx9_29.dll
- 2009-08-26 18:36 . 2005-12-05 16:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-08-26 18:36 . 2005-12-05 17:09 2323664 c:\windows\system32\d3dx9_28.dll
- 2009-08-26 18:36 . 2005-07-22 17:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2009-08-26 18:36 . 2005-07-22 18:59 2319568 c:\windows\system32\d3dx9_27.dll
- 2009-08-26 18:36 . 2005-05-26 13:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-08-26 18:36 . 2005-05-26 14:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-08-26 18:36 . 2005-03-18 16:19 2337488 c:\windows\system32\d3dx9_25.dll
- 2009-08-26 18:36 . 2005-03-18 15:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-08-26 18:36 . 2005-02-05 18:45 2222800 c:\windows\system32\d3dx9_24.dll
- 2009-08-26 18:36 . 2005-02-05 17:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-08-26 15:49 . 2007-10-12 14:14 1374232 c:\windows\system32\D3DCompiler_36.dll
- 2009-08-26 15:49 . 2007-10-12 13:14 1374232 c:\windows\system32\D3DCompiler_36.dll
- 2009-08-26 15:49 . 2007-07-19 16:14 1358192 c:\windows\system32\D3DCompiler_35.dll
+ 2009-08-26 15:49 . 2007-07-19 17:14 1358192 c:\windows\system32\D3DCompiler_35.dll
- 2009-08-26 15:49 . 2007-05-16 14:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-08-26 15:49 . 2007-05-16 15:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-08-26 15:49 . 2007-03-12 15:42 1123696 c:\windows\system32\D3DCompiler_33.dll
- 2009-08-26 15:49 . 2007-03-12 14:42 1123696 c:\windows\system32\D3DCompiler_33.dll
- 2009-08-26 18:36 . 2004-12-01 13:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2009-08-26 18:36 . 2004-09-29 10:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-26 18:36 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:55 . 2009-09-04 14:55 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-09 15:58 . 2009-12-09 15:58 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-04 14:54 . 2009-09-04 14:54 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-26 24064]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-08-26 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-29 282624]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe" [2008-11-13 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2009-8-26 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-08-26 18:33 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\jre\\bin\\java.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [26.8.2009 19:33 42608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.8.2009 16:08 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 12:11 16384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 21:42 50424]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13.5.2008 20:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12.6.2008 17:30 43608]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [26.8.2009 19:33 3566080]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 2:03 131072]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [29.10.2009 16:16 1527900]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26.8.2009 19:25 24064]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Data aplikací\Partner\partner.exe [26.8.2009 19:26 110576]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26.12.2007 6:23 17968]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Lukáš\Data aplikací\Mozilla\Firefox\Profiles\odxpco6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 19:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spfx.sys hal.dll >>UNKNOWN [0x8AAD3938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf756bf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf70edb40
\Driver\iaStor -> iaStor.sys @ 0xf71435a0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 5100 -> SendCompleteHandler -> NDIS.sys @ 0xf6f9ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf6f8da0d
SendHandler -> NDIS.sys @ 0xf6fa1b40
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\windows\system32\bsapi.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\docume~1\LUK~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-12-09 19:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-09 18:55
ComboFix2.txt 2009-12-08 14:39

Před spuštěním: Volných bajtů: 139 247 480 832
Po spuštění: Volných bajtů: 139 194 519 552

- - End Of File - - AB8D7ABB9549652A48F4F5BADF1BD633

2,

Kód: Vybrat vše

http://www.virustotal.com/cs/analisis/1b6ff6ae469230c6608510346ef922376f42e8a5ff0b38986ee79abed18be15d-1260385139
         http://www.virustotal.com/cs/analisis/0824c39ecca873bc232dce1d120857a89bae90f1f33771165343fb800b5a9a05-1260385359
         http://www.virustotal.com/cs/analisis/2a75100118c030bf06d53f1282ea86c1d17c77561130ec6755625da72dc8f62a-1260385675

pitimir · Příspěvekod **pitimir** » 09 pro 2009 20:35

Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:

Kód: Vybrat vše

:filefind
iaStor.sys
disk.sys
atapi.sys

Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.

PC - NOD32 hlásí vir Kriptik.ABX trojan

PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Re: PC - NOD32 hlásí vir Kriptik.ABX trojan

Kdo je online