Pomalé načítání startup programů při startu windows

[kufus]

Zdravím, nevíte, jak bych zjistil co ten start systému tak brzdí? Samotný systém je hned, ale potom začne svítit disk (ani nic nechroustá) a všechny ty startup programy se pomaličku načítají.
Šlo by to zjistit přes nějaký program nebo hijack nebo tak něco? Dík

[BUBINO]

Ano , dajte sem log z HijackThis.

[kufus]

I když si myslím, že jsem bez virů (krom těch, o kterých vím). Uvidíme:

Kód: Vybrat vše

Logfile of HijackThis v1.99.1
Scan saved at 19:18:43, on 16.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\ATITool\ATITool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Záloha FUSEK\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - D:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [ATITool] "D:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

a nevím, jestli to náhodou nemohlo dělat OO Defrag.

[BUBINO]

Toto pofixujte:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Mate vseliake tolls ako
O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"

Ja ich nepouzivam takze neviem co sposobi ich fixnutie . Na nete mi vyhodilo , ze si uzivatel moze zvolit sposob zapnutia a pokial by sa dalo cez plochu tak si ymslim , ze je zbytocne aby to islo samo .

Mozete tu dat log z combofix.

[kufus]

Tady je:

Kód: Vybrat vše

ComboFix 07-11-08.1 - Administrator 2007-11-16 22:26:25.1 - NTFSx86 
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1441 [GMT 1:00]
Running from: D:\Downloads\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-16 to 2007-11-16  )))))))))))))))))))))))))))))))
.

2007-11-16 22:25	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-16 21:51	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:51	29,704	--a------	C:\WINDOWS\system32\uxtuneup.dll
2007-11-16 17:03	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2007-11-16 17:03	<DIR>	d--------	C:\Documents and Settings\Administrator\SystemRequirementsLab
2007-11-11 22:25	<DIR>	d--------	C:\Downloads
2007-11-11 19:30	3,727,720	--a------	C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 19:30	3,497,832	--a------	C:\WINDOWS\system32\d3dx9_34.dll
2007-11-11 19:30	1,358,192	--a------	C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-11 19:30	1,124,720	--a------	C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-11 19:30	444,776	--a------	C:\WINDOWS\system32\d3dx10_35.dll
2007-11-11 19:30	443,752	--a------	C:\WINDOWS\system32\d3dx10_34.dll
2007-11-11 19:15	<DIR>	d--------	C:\Program Files\Electronic Arts
2007-11-08 23:44	20,480	--a------	C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-04 20:06	<DIR>	d--------	C:\Program Files\directx
2007-11-04 19:49	<DIR>	d--------	C:\Program Files\Deus Ex - Invisible War
2007-11-04 19:32	<DIR>	d--------	C:\Program Files\Creative
2007-11-04 19:32	139,264	--a------	C:\WINDOWS\system32\eax.dll
2007-11-04 19:17	319,488	-ra------	C:\WINDOWS\system32\MafiaSetup.exe
2007-10-30 21:36	<DIR>	d--------	C:\WINDOWS\Sun
2007-10-30 21:34	<DIR>	d--------	C:\Program Files\Java
2007-10-30 21:32	<DIR>	d--------	C:\Program Files\Common Files\Java
2007-10-28 19:02	56	--a------	C:\WINDOWS\UninstallLightsmark2007.bat
2007-10-25 14:25	<DIR>	d--------	C:\WINDOWS\system32\oodag
2007-10-25 14:20	236,824	--a------	C:\WINDOWS\system32\xactengine2_3.dll
2007-10-25 14:20	62,744	--a------	C:\WINDOWS\system32\xinput1_2.dll
2007-10-25 14:07	<DIR>	d--------	C:\Program Files\iolo
2007-10-25 14:07	1,212,416	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-10-25 14:07	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-10-25 14:07	25,264	--a------	C:\WINDOWS\system32\smrgdf.exe
2007-10-22 17:09	512	--a------	C:\ScanSectorLog.dat
2007-10-22 17:06	<DIR>	d--------	C:\WINDOWS\pss
2007-10-21 20:13	0	--a------	C:\WINDOWS\ativpsrm.bin
2007-10-21 16:23	<DIR>	d--------	C:\WINDOWS\system32\QuickTime
2007-10-21 16:23	<DIR>	d--------	C:\Program Files\SmartSound Software
2007-10-21 16:23	1,645,320	---------	C:\WINDOWS\system32\gdiplus.dll
2007-10-21 16:23	86,016	--a------	C:\WINDOWS\unvise32qt.exe
2007-10-21 16:20	<DIR>	d--------	C:\WINDOWS\Ulead.dat
2007-10-21 16:20	48,640	--a------	C:\WINDOWS\system32\INETWH32.DLL
2007-10-21 16:20	4,528	--a------	C:\WINDOWS\system32\SETBROWS.EXE
2007-10-21 16:19	<DIR>	d--------	C:\WINDOWS\system32\windows media
2007-10-21 16:19	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2007-10-21 16:19	<DIR>	d--------	C:\Program Files\Windows Media Components
2007-10-21 16:18	<DIR>	d--------	C:\Program Files\Ulead Systems
2007-10-21 16:18	<DIR>	d--------	C:\Program Files\Common Files\SONY Digital Images
2007-10-21 16:18	292,896	--a------	C:\WINDOWS\system32\drivers\USIUDF.sys
2007-10-21 16:17	401,462	--a------	C:\WINDOWS\msvcp60.dll
2007-10-21 16:17	278,581	--a------	C:\WINDOWS\msvcrt.dll
2007-10-21 16:17	57,344	---------	C:\WINDOWS\dvdrgn.exe
2007-10-20 15:01	2,512,416	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-20 15:01	59,936	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-20 14:42	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat
2007-10-20 14:41	<DIR>	d--------	C:\WINDOWS\Internet Logs
2007-10-20 14:09	502,208	--a------	C:\WINDOWS\system32\drivers\amon.sys
2007-10-20 14:09	270,336	--a------	C:\WINDOWS\system32\imon.dll
2007-10-20 10:10	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2007-10-17 21:43	38,016	--a------	C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-17 21:43	38,016	--a--c---	C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-17 21:43	25,600	--a------	C:\WINDOWS\system32\drivers\hidbth.sys
2007-10-17 21:43	25,600	--a--c---	C:\WINDOWS\system32\dllcache\hidbth.sys
2007-10-17 21:43	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-17 21:43	14,848	--a--c---	C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-17 21:27	27,392	--a------	C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-10-17 20:27	<DIR>	d--------	C:\Program Files\Skype
2007-10-17 20:27	<DIR>	d--------	C:\Program Files\Common Files\Skype
2007-10-16 21:33	<DIR>	d--------	C:\Program Files\Common Files\Stardock
2007-10-16 21:33	36,864	--a------	C:\WINDOWS\system32\wbsys.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 20:51	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-16 19:36	---------	d-----w	C:\Program Files\SpeedFan
2007-11-16 17:50	---------	d-----w	C:\Program Files\ATI Technologies
2007-11-15 23:14	2,642,944	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-15 22:39	364,544	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-15 22:38	268,288	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2007-11-15 22:31	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2007-11-15 22:30	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2007-11-15 22:30	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-15 22:30	143,360	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2007-11-15 22:30	122,880	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2007-11-15 22:30	122,880	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2007-11-15 22:28	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2007-11-15 22:28	495,616	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2007-11-15 22:23	9,314,304	----a-w	C:\WINDOWS\system32\atioglx2.dll
2007-11-15 22:19	3,135,040	----a-w	C:\WINDOWS\system32\ati3duag.dll
2007-11-15 22:08	1,601,792	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2007-11-15 21:54	5,435,392	----a-w	C:\WINDOWS\system32\atioglxx.dll
2007-11-15 21:54	376,832	----a-w	C:\WINDOWS\system32\atikvmag.dll
2007-11-15 21:52	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2007-11-15 21:51	49,152	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-15 21:50	176,128	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2007-11-15 21:46	499,712	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2007-11-15 15:39	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2007-11-01 22:03	5,700	----a-w	C:\Documents and Settings\Administrator\FMCodec.dat
2007-10-25 15:11	5,936	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-25 15:11	35,156	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-25 13:21	108,144	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 15:24	---------	d-----w	C:\Program Files\Common Files\Ulead Systems
2007-10-21 15:22	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-10-17 20:58	---------	d-----w	C:\Program Files\WinFast
2007-10-15 15:06	---------	d-----w	C:\Program Files\Gigabyte
2007-10-15 15:05	15,600	----a-w	C:\WINDOWS\gdrv.sys
2007-10-11 18:59	223,128	----a-w	C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-11 16:54	---------	d-----w	C:\Program Files\Lavalys
2007-10-11 16:36	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2007-10-11 16:36	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2007-10-11 16:23	---------	d-----w	C:\Program Files\Alcohol Soft
2007-10-11 16:03	639,224	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-10-10 12:35	---------	d-----w	C:\Program Files\Alwil Software
2007-10-10 12:34	---------	d-----w	C:\Program Files\Microsoft Works
2007-10-10 12:29	---------	d-----w	C:\Program Files\Microsoft.NET
2007-10-05 07:13	---------	d-----w	C:\Program Files\MSXML 4.0
2007-10-05 07:10	---------	d-----w	C:\Program Files\Windows Media Connect 2
2007-10-05 06:50	---------	d-----w	C:\Program Files\CyberLink
2007-10-05 06:43	---------	d-----w	C:\Program Files\Nero
2007-10-05 06:43	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-10-05 06:40	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-04 12:37	315,392	----a-w	C:\WINDOWS\HideWin.exe
2007-10-04 12:37	---------	d-----w	C:\Program Files\Realtek
2007-10-04 12:34	---------	d-----w	C:\Program Files\Intel
2007-10-04 12:25	---------	d-----w	C:\Program Files\microsoft frontpage
2007-09-11 09:17	81,920	----a-w	C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-04-26 14:50]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 09:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 09:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-10-20 14:09]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"ATITool"="D:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 
D:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
D:\Program Files\iolo\System Mechanic 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
D:\Program Files\inKline Global\PC Booster\pcbooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 RivaTuner32;RivaTuner32;\??\D:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner32.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 20:52:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 22:29:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
Completion time: 2007-11-16 22:31:06 - machine was rebooted 
.
	--- E O F ---

[BUBINO]

Mate dost virov a ja predpokladam , ze to bude tym !

Stiahnite si avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832

Dopracujte sa ku tomu oknu ako je v navode a do neho napise tento cely tyxt v dolnom bielom okne :

Files to delete:
C:\WINDOWS\system32\MafiaSetup.exe
C:\WINDOWS\system32\smrgdf.exe
C:\WINDOWS\unvise32qt.exe
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\system32\drivers\fidbox2.idx
C:\WINDOWS\system32\drivers\fidbox.idx

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows | AppInit_DLLs

DONE --> SEMAFOR --> OK a log , ktory vam nabehne po vstupu do win dajte sem . + Novy log z ComboFixu.

Toto este otestujte na virustotal.com :
C:\WINDOWS\UninstallLightsmark2007.bat
C:\WINDOWS\ativpsrm.bin

Vysledky dajte sem

[kufus]

Takže tady jsou:

Kód: Vybrat vše

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lwxdtbil

*******************

Script file located at: \??\C:\WINDOWS\system32\stmycjmg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\MafiaSetup.exe deleted successfully.
File C:\WINDOWS\system32\smrgdf.exe deleted successfully.
File C:\WINDOWS\unvise32qt.exe deleted successfully.


Error: C:\WINDOWS\msdownld.tmp is a folder, not a file!
Deletion of file C:\WINDOWS\msdownld.tmp failed!

Could not process line:
C:\WINDOWS\msdownld.tmp
Status: 0xc00000ba

File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox2.idx deleted successfully.
File C:\WINDOWS\system32\drivers\fidbox.idx deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished!  Terminate.

Kód: Vybrat vše

ComboFix 07-11-08.1 - Administrator 2007-11-17  0:14:57.2 - NTFSx86 
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1516 [GMT 1:00]
Running from: D:\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-10-16 to 2007-11-16  )))))))))))))))))))))))))))))))
.

2007-11-16 22:25	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-16 21:51	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:51	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-11-16 21:51	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2007-11-16 21:51	29,704	--a------	C:\WINDOWS\system32\uxtuneup.dll
2007-11-16 20:51	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\Talkback
2007-11-16 19:07	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\ATI
2007-11-16 17:03	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2007-11-16 17:03	<DIR>	d--------	C:\Documents and Settings\Administrator\SystemRequirementsLab
2007-11-11 22:25	<DIR>	d--------	C:\Downloads
2007-11-11 19:30	3,727,720	--a------	C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 19:30	3,497,832	--a------	C:\WINDOWS\system32\d3dx9_34.dll
2007-11-11 19:30	1,358,192	--a------	C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-11 19:30	1,124,720	--a------	C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-11 19:30	444,776	--a------	C:\WINDOWS\system32\d3dx10_35.dll
2007-11-11 19:30	443,752	--a------	C:\WINDOWS\system32\d3dx10_34.dll
2007-11-11 19:15	<DIR>	d--------	C:\Program Files\Electronic Arts
2007-11-08 23:44	20,480	--a------	C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-04 20:06	<DIR>	d--------	C:\Program Files\directx
2007-11-04 19:49	<DIR>	d--------	C:\Program Files\Deus Ex - Invisible War
2007-11-04 19:32	<DIR>	d--------	C:\Program Files\Creative
2007-11-04 19:32	139,264	--a------	C:\WINDOWS\system32\eax.dll
2007-11-02 23:23	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\Miranda
2007-10-30 21:36	<DIR>	d--------	C:\WINDOWS\Sun
2007-10-30 21:34	<DIR>	d--------	C:\Program Files\Java
2007-10-30 21:32	<DIR>	d--------	C:\Program Files\Common Files\Java
2007-10-29 00:03	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\DivX
2007-10-28 19:02	56	--a------	C:\WINDOWS\UninstallLightsmark2007.bat
2007-10-26 12:43	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\ICQ
2007-10-25 14:25	<DIR>	d--------	C:\WINDOWS\system32\oodag
2007-10-25 14:21	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Data aplikací\SecuROM
2007-10-25 14:20	236,824	--a------	C:\WINDOWS\system32\xactengine2_3.dll
2007-10-25 14:20	62,744	--a------	C:\WINDOWS\system32\xinput1_2.dll
2007-10-25 14:07	<DIR>	d--------	C:\Program Files\iolo
2007-10-25 14:07	1,212,416	--a------	C:\WINDOWS\system32\Incinerator.dll
2007-10-25 14:07	41,472	--a------	C:\WINDOWS\system32\iolobtdfg.exe
2007-10-22 17:09	512	--a------	C:\ScanSectorLog.dat
2007-10-22 17:06	<DIR>	d--------	C:\WINDOWS\pss
2007-10-22 17:06	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\MailFrontier
2007-10-21 20:13	0	--a------	C:\WINDOWS\ativpsrm.bin
2007-10-21 16:28	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\Ulead Systems
2007-10-21 16:23	<DIR>	d--------	C:\WINDOWS\system32\QuickTime
2007-10-21 16:23	<DIR>	d--------	C:\Program Files\SmartSound Software
2007-10-21 16:23	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2007-10-21 16:23	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-10-21 16:23	1,645,320	---------	C:\WINDOWS\system32\gdiplus.dll
2007-10-21 16:20	<DIR>	d--------	C:\WINDOWS\Ulead.dat
2007-10-21 16:20	48,640	--a------	C:\WINDOWS\system32\INETWH32.DLL
2007-10-21 16:20	4,528	--a------	C:\WINDOWS\system32\SETBROWS.EXE
2007-10-21 16:19	<DIR>	d--------	C:\WINDOWS\system32\windows media
2007-10-21 16:19	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2007-10-21 16:19	<DIR>	d--------	C:\Program Files\Windows Media Components
2007-10-21 16:18	<DIR>	d--------	C:\Program Files\Ulead Systems
2007-10-21 16:18	<DIR>	d--------	C:\Program Files\Common Files\SONY Digital Images
2007-10-21 16:18	292,896	--a------	C:\WINDOWS\system32\drivers\USIUDF.sys
2007-10-21 16:17	401,462	--a------	C:\WINDOWS\msvcp60.dll
2007-10-21 16:17	278,581	--a------	C:\WINDOWS\msvcrt.dll
2007-10-21 16:17	57,344	---------	C:\WINDOWS\dvdrgn.exe
2007-10-20 14:42	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat
2007-10-20 14:41	<DIR>	d--------	C:\WINDOWS\Internet Logs
2007-10-20 14:09	502,208	--a------	C:\WINDOWS\system32\drivers\amon.sys
2007-10-20 14:09	270,336	--a------	C:\WINDOWS\system32\imon.dll
2007-10-20 10:10	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2007-10-18 17:30	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\Moyea
2007-10-18 17:27	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\MoyeaFLV2Video
2007-10-17 21:45	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\MyPhoneExplorer
2007-10-17 21:43	38,016	--a------	C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-17 21:43	38,016	--a--c---	C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-17 21:43	25,600	--a------	C:\WINDOWS\system32\drivers\hidbth.sys
2007-10-17 21:43	25,600	--a--c---	C:\WINDOWS\system32\dllcache\hidbth.sys
2007-10-17 21:43	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-17 21:43	14,848	--a--c---	C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-17 21:27	27,392	--a------	C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-10-17 20:52	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\TVxb
2007-10-17 20:52	<DIR>	d--h-----	C:\Documents and Settings\All Users\Data aplikací\{7F1DE65E-F4E5-40C9-9A1C-0BE9EE39F681}
2007-10-17 20:27	<DIR>	d--------	C:\Program Files\Skype
2007-10-17 20:27	<DIR>	d--------	C:\Program Files\Common Files\Skype
2007-10-17 20:27	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-17 20:27	<DIR>	d--------	C:\Documents and Settings\Administrator\Data aplikací\Skype
2007-10-16 21:33	<DIR>	d--------	C:\Program Files\Common Files\Stardock
2007-10-16 21:33	36,864	--a------	C:\WINDOWS\system32\wbsys.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 20:51	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-16 20:04	---------	d---a-w	C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-16 19:36	---------	d-----w	C:\Program Files\SpeedFan
2007-11-16 17:50	---------	d-----w	C:\Program Files\ATI Technologies
2007-11-15 23:14	2,642,944	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-15 22:39	364,544	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-15 22:38	268,288	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2007-11-15 22:31	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2007-11-15 22:30	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2007-11-15 22:30	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-15 22:30	143,360	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2007-11-15 22:30	122,880	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2007-11-15 22:30	122,880	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2007-11-15 22:28	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2007-11-15 22:28	495,616	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2007-11-15 22:23	9,314,304	----a-w	C:\WINDOWS\system32\atioglx2.dll
2007-11-15 22:19	3,135,040	----a-w	C:\WINDOWS\system32\ati3duag.dll
2007-11-15 22:08	1,601,792	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2007-11-15 21:54	5,435,392	----a-w	C:\WINDOWS\system32\atioglxx.dll
2007-11-15 21:54	376,832	----a-w	C:\WINDOWS\system32\atikvmag.dll
2007-11-15 21:52	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2007-11-15 21:51	49,152	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-15 21:50	176,128	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2007-11-15 21:46	499,712	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2007-11-15 15:39	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2007-11-01 22:03	5,700	----a-w	C:\Documents and Settings\Administrator\FMCodec.dat
2007-10-25 13:21	108,144	----a-w	C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 15:24	---------	d-----w	C:\Program Files\Common Files\Ulead Systems
2007-10-21 15:22	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-10-21 15:22	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2007-10-17 20:58	---------	d-----w	C:\Program Files\WinFast
2007-10-15 18:20	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\vlc
2007-10-15 15:06	---------	d-----w	C:\Program Files\Gigabyte
2007-10-15 15:05	15,600	----a-w	C:\WINDOWS\gdrv.sys
2007-10-14 19:45	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\atitray
2007-10-11 18:59	223,128	----a-w	C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-11 16:54	---------	d-----w	C:\Program Files\Lavalys
2007-10-11 16:36	86,016	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2007-10-11 16:36	262,144	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2007-10-11 16:23	---------	d-----w	C:\Program Files\Alcohol Soft
2007-10-11 16:03	639,224	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-10-11 16:02	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\CyberLink
2007-10-10 12:35	---------	d-----w	C:\Program Files\Alwil Software
2007-10-10 12:34	---------	d-----w	C:\Program Files\Microsoft Works
2007-10-10 12:29	---------	d-----w	C:\Program Files\Microsoft.NET
2007-10-05 07:13	---------	d-----w	C:\Program Files\MSXML 4.0
2007-10-05 07:10	---------	d-----w	C:\Program Files\Windows Media Connect 2
2007-10-05 06:50	---------	d-----w	C:\Program Files\CyberLink
2007-10-05 06:50	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-05 06:43	---------	d-----w	C:\Program Files\Nero
2007-10-05 06:43	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-10-05 06:43	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-05 06:43	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\Ahead
2007-10-05 06:40	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-05 06:34	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\ATI
2007-10-04 12:37	315,392	----a-w	C:\WINDOWS\HideWin.exe
2007-10-04 12:37	---------	d-----w	C:\Program Files\Realtek
2007-10-04 12:37	---------	d-----w	C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2007-10-04 12:34	---------	d-----w	C:\Program Files\Intel
2007-10-04 12:25	---------	d-----w	C:\Program Files\microsoft frontpage
2007-09-11 09:17	81,920	----a-w	C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-04-26 14:50]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 09:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 09:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-10-20 14:09]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"ATITool"="D:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 
D:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
D:\Program Files\iolo\System Mechanic 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
D:\Program Files\inKline Global\PC Booster\pcbooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 RivaTuner32;RivaTuner32;\??\D:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner32.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 20:52:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 00:15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-17  0:15:47
C:\ComboFix2.txt ... 2007-11-16 22:31
.
	--- E O F ---

A virustotal.com nenašel nic

[BUBINO]

Aplikujte MWAV.podla navodu sem : http://www.viry.cz/forum/viewtopic.php?t=4097

Nezabudnite updatovat a log z dolneho okna dajte sem . Nie z horneho !

A ak by ste mohol preseditovat ten log a dat ho neoznacene , nezelenym , ale ciernym , normalne ? Mne sa to potom blbo lusti a mozem nieco prehliadnut.

100 krat diky

[kufus]

Lol, to je na dlouho, zítra to zkouknu

[kufus]

Takže mwav se spustí, ale po 10-20 vteřinách se vypne a nic, díval jsem se na viry.cz, tam to taky někdo řeší, ale nepomohlo to.

Jinak načítání startup programů se mnohem zrychlilo a disk už taky pracuje méně, možná to bylo tím system mechanikem(asi moc kontroloval pc)...nevím.

A jinak které jste myslel?:

Mate dost virov a ja predpokladam , ze to bude tym !

A ještě test virustotal.com neotestoval tenhle C:\WINDOWS\ativpsrm.bin protože velikost je nulová.



V každém případě díky za pomoc.

[BUBINO]

Veci , ktore ste mal v cobofixu boli trojany. Mohol by ste dat sem combofix log , ale normalne ho vlozit .

[kufus]

OK, tady je. Ale jak to že je nod nenajde (to mě teda zklamal) a zone alarm jsem měl vypnutý (radši aby neměly spolu konflikty), ale teď jsem ho spustil a ejhle našel tohle: Trojan.Win32.Inject.jt .



A ten log:
ComboFix 07-11-08.1 - Administrator 2007-11-17 13:59:00.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1362 [GMT 1:00]
Running from: D:\Downloads\scanvirů\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-11-17 13:25 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-17 11:55 537,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 11:55 147,968 --a------ C:\WINDOWS\R.COM
2007-11-17 11:55 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-11-17 11:55 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 11:50 <DIR> d-------- C:\Program Files\CCleaner
2007-11-16 22:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 21:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-11-16 21:51 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2007-11-16 21:51 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-11-16 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Talkback
2007-11-16 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2007-11-16 17:03 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-16 17:03 <DIR> d-------- C:\Documents and Settings\Administrator\SystemRequirementsLab
2007-11-11 22:25 <DIR> d-------- C:\Downloads
2007-11-11 19:30 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 19:30 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-11 19:30 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-11 19:30 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-11 19:30 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-11 19:30 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-11 19:15 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-08 23:44 20,480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-04 20:06 <DIR> d-------- C:\Program Files\directx
2007-11-04 19:49 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War
2007-11-04 19:32 <DIR> d-------- C:\Program Files\Creative
2007-11-04 19:32 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-11-02 23:23 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Miranda
2007-10-30 21:36 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 21:34 <DIR> d-------- C:\Program Files\Java
2007-10-30 21:32 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-29 00:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DivX
2007-10-28 19:02 56 --a------ C:\WINDOWS\UninstallLightsmark2007.bat
2007-10-26 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2007-10-25 14:25 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-10-25 14:21 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací\SecuROM
2007-10-25 14:20 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-10-25 14:20 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-25 14:07 <DIR> d-------- C:\Program Files\iolo
2007-10-25 14:07 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-10-25 14:07 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-10-22 17:09 512 --a------ C:\ScanSectorLog.dat
2007-10-22 17:06 <DIR> d-------- C:\WINDOWS\pss
2007-10-22 17:06 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MailFrontier
2007-10-21 20:13 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-21 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Ulead Systems
2007-10-21 16:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-21 16:23 <DIR> d-------- C:\Program Files\SmartSound Software
2007-10-21 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2007-10-21 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-10-21 16:23 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
2007-10-21 16:20 <DIR> d-------- C:\WINDOWS\Ulead.dat
2007-10-21 16:20 48,640 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-10-21 16:20 4,528 --a------ C:\WINDOWS\system32\SETBROWS.EXE
2007-10-21 16:19 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-10-21 16:19 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-21 16:19 <DIR> d-------- C:\Program Files\Windows Media Components
2007-10-21 16:18 <DIR> d-------- C:\Program Files\Ulead Systems
2007-10-21 16:18 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2007-10-21 16:18 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
2007-10-21 16:17 401,462 --a------ C:\WINDOWS\msvcp60.dll
2007-10-21 16:17 278,581 --a------ C:\WINDOWS\msvcrt.dll
2007-10-21 16:17 57,344 --------- C:\WINDOWS\dvdrgn.exe
2007-10-20 14:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-20 14:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-20 14:09 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-20 14:09 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-10-20 10:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-18 17:30 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Moyea
2007-10-18 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MoyeaFLV2Video
2007-10-17 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MyPhoneExplorer
2007-10-17 21:43 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-17 21:43 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-17 21:43 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2007-10-17 21:43 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2007-10-17 21:43 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-17 21:43 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-17 21:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-10-17 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TVxb
2007-10-17 20:52 <DIR> d--h----- C:\Documents and Settings\All Users\Data aplikací\{7F1DE65E-F4E5-40C9-9A1C-0BE9EE39F681}
2007-10-17 20:27 <DIR> d-------- C:\Program Files\Skype
2007-10-17 20:27 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-17 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-17 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 10:55 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-16 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 20:04 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-16 19:36 --------- d-----w C:\Program Files\SpeedFan
2007-11-16 17:50 --------- d-----w C:\Program Files\ATI Technologies
2007-11-15 23:14 2,642,944 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-15 22:39 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-15 22:38 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-15 22:31 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-15 22:30 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-15 22:30 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-15 22:30 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-15 22:30 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-15 22:30 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-15 22:28 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-15 22:28 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-15 22:23 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-15 22:19 3,135,040 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-15 22:08 1,601,792 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-15 21:54 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-15 21:54 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-15 21:52 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-15 21:51 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-15 21:50 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-15 21:46 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-15 15:39 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-01 22:03 5,700 ----a-w C:\Documents and Settings\Administrator\FMCodec.dat
2007-10-25 13:21 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 15:24 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-10-21 15:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-21 15:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2007-10-17 20:58 --------- d-----w C:\Program Files\WinFast
2007-10-16 20:33 --------- d-----w C:\Program Files\Common Files\Stardock
2007-10-15 18:20 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\vlc
2007-10-15 15:06 --------- d-----w C:\Program Files\Gigabyte
2007-10-15 15:05 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-10-14 19:45 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\atitray
2007-10-11 18:59 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-11 16:54 --------- d-----w C:\Program Files\Lavalys
2007-10-11 16:36 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-11 16:36 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-11 16:23 --------- d-----w C:\Program Files\Alcohol Soft
2007-10-11 16:03 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-11 16:02 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\CyberLink
2007-10-10 12:35 --------- d-----w C:\Program Files\Alwil Software
2007-10-10 12:34 --------- d-----w C:\Program Files\Microsoft Works
2007-10-10 12:29 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-05 07:13 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-05 07:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-05 06:50 --------- d-----w C:\Program Files\CyberLink
2007-10-05 06:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-05 06:43 --------- d-----w C:\Program Files\Nero
2007-10-05 06:43 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-05 06:43 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-05 06:43 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Ahead
2007-10-05 06:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-05 06:34 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2007-10-04 12:37 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-04 12:37 --------- d-----w C:\Program Files\Realtek
2007-10-04 12:37 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2007-10-04 12:34 --------- d-----w C:\Program Files\Intel
2007-10-04 12:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-16_22.30.43.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 22:39:53 207,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-11-17 12:50:36 208,968 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-10-29 22:40:00 6,395,627 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-17 12:51:50 6,735,429 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2007-10-23 17:09:12 5,607,106 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
+ 2007-11-17 12:51:43 6,463,239 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
+ 2007-11-17 12:59:15 58,368 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-04-26 14:50]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 09:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 09:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-10-20 14:09]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"ATITool"="D:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
D:\Program Files\iolo\System Mechanic 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
D:\Program Files\inKline Global\PC Booster\pcbooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 RivaTuner32;RivaTuner32;\??\D:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner32.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 20:52:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 14:01:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 14:02:35
C:\ComboFix2.txt ... 2007-11-17 13:22
C:\ComboFix3.txt ... 2007-11-17 00:15
.
--- E O F ---



Jo a jinak se mi taky stává, že se někdy pc zasekne, ale za chvíli zase jede dál. (A to mám 2 jádra)

[BUBINO]

Toto skopirujte do avengeru :

Files to delete:
C:\WINDOWS\system32\systems.txt
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\drivers\fidbox.dat
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\msdownld.tmp

DONE --> SEMAFOR --> OK --> Porestarte pc sem dajte log ktory vam naskoci , alebo je v c:\ a urobte ComboFix log v nudzaku.

[kufus]

Ještě jsem nechal dojet ZoneAlarm....
Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\atjkhkwj

*******************

Script file located at: \??\C:\Program Files\qvhtmmct.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Error: C:\WINDOWS\system32\systems.txt is a folder, not a file!
Deletion of file C:\WINDOWS\system32\systems.txt failed!

Could not process line:
C:\WINDOWS\system32\systems.txt
Status: 0xc00000ba



Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!

Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba



Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!

Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba



Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!

Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba



Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!

Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba

File C:\WINDOWS\system32\drivers\fidbox.dat deleted successfully.


File C:\WINDOWS\R.COM not found!
Deletion of file C:\WINDOWS\R.COM failed!

Could not process line:
C:\WINDOWS\R.COM
Status: 0xc0000034



File C:\WINDOWS\system32\T.COM not found!
Deletion of file C:\WINDOWS\system32\T.COM failed!

Could not process line:
C:\WINDOWS\system32\T.COM
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\fidbox2.dat deleted successfully.


Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!

Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba



Error: C:\WINDOWS\msdownld.tmp is a folder, not a file!
Deletion of file C:\WINDOWS\msdownld.tmp failed!

Could not process line:
C:\WINDOWS\msdownld.tmp
Status: 0xc00000ba


Completed script processing.

*******************

Finished! Terminate.


ComboFix:

ComboFix 07-11-08.1 - Administrator 2007-11-17 15:24:38.5 - NTFSx86 MINIMAL
Running from: D:\Downloads\scanvirů\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 15:18 213,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 15:18 1,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-11-17 13:25 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\systems.txt
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-11-17 11:57 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-11-17 11:50 <DIR> d-------- C:\Program Files\CCleaner
2007-11-16 22:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 21:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2007-11-16 21:51 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2007-11-16 21:51 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-11-16 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Talkback
2007-11-16 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2007-11-16 17:03 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-16 17:03 <DIR> d-------- C:\Documents and Settings\Administrator\SystemRequirementsLab
2007-11-11 22:25 <DIR> d-------- C:\Downloads
2007-11-11 19:30 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 19:30 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-11 19:30 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-11 19:30 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-11 19:30 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-11 19:30 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-11 19:15 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-08 23:44 20,480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-04 20:06 <DIR> d-------- C:\Program Files\directx
2007-11-04 19:49 <DIR> d-------- C:\Program Files\Deus Ex - Invisible War
2007-11-04 19:32 <DIR> d-------- C:\Program Files\Creative
2007-11-04 19:32 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-11-02 23:23 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Miranda
2007-10-30 21:36 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 21:34 <DIR> d-------- C:\Program Files\Java
2007-10-30 21:32 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-29 00:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\DivX
2007-10-28 19:02 56 --a------ C:\WINDOWS\UninstallLightsmark2007.bat
2007-10-26 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2007-10-25 14:25 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-10-25 14:21 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací\SecuROM
2007-10-25 14:20 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-10-25 14:20 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-25 14:07 <DIR> d-------- C:\Program Files\iolo
2007-10-25 14:07 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-10-25 14:07 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-10-22 17:09 512 --a------ C:\ScanSectorLog.dat
2007-10-22 17:06 <DIR> d-------- C:\WINDOWS\pss
2007-10-22 17:06 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MailFrontier
2007-10-21 20:13 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-21 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Ulead Systems
2007-10-21 16:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-21 16:23 <DIR> d-------- C:\Program Files\SmartSound Software
2007-10-21 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2007-10-21 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\QuickTime
2007-10-21 16:23 1,645,320 --------- C:\WINDOWS\system32\gdiplus.dll
2007-10-21 16:20 <DIR> d-------- C:\WINDOWS\Ulead.dat
2007-10-21 16:20 48,640 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-10-21 16:20 4,528 --a------ C:\WINDOWS\system32\SETBROWS.EXE
2007-10-21 16:19 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-10-21 16:19 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-21 16:19 <DIR> d-------- C:\Program Files\Windows Media Components
2007-10-21 16:18 <DIR> d-------- C:\Program Files\Ulead Systems
2007-10-21 16:18 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2007-10-21 16:18 292,896 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
2007-10-21 16:17 401,462 --a------ C:\WINDOWS\msvcp60.dll
2007-10-21 16:17 278,581 --a------ C:\WINDOWS\msvcrt.dll
2007-10-21 16:17 57,344 --------- C:\WINDOWS\dvdrgn.exe
2007-10-20 14:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-20 14:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-20 14:09 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-20 14:09 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-10-20 10:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-18 17:30 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Moyea
2007-10-18 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MoyeaFLV2Video
2007-10-17 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\MyPhoneExplorer
2007-10-17 21:43 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-10-17 21:43 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2007-10-17 21:43 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2007-10-17 21:43 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2007-10-17 21:43 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-17 21:43 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-17 21:27 27,392 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-10-17 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TVxb
2007-10-17 20:52 <DIR> d--h----- C:\Documents and Settings\All Users\Data aplikací\{7F1DE65E-F4E5-40C9-9A1C-0BE9EE39F681}
2007-10-17 20:27 <DIR> d-------- C:\Program Files\Skype
2007-10-17 20:27 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-17 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Skype
2007-10-17 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 14:21 63,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 14:21 3,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-16 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 20:04 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-11-16 19:36 --------- d-----w C:\Program Files\SpeedFan
2007-11-16 17:50 --------- d-----w C:\Program Files\ATI Technologies
2007-11-15 23:14 2,642,944 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-15 22:39 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-15 22:38 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-15 22:31 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-15 22:30 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-15 22:30 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-15 22:30 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-15 22:30 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-15 22:30 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-15 22:28 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-15 22:28 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-15 22:23 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-15 22:19 3,135,040 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-15 22:08 1,601,792 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-15 21:54 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-15 21:54 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-15 21:52 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-15 21:51 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-15 21:50 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-15 21:46 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-15 15:39 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-01 22:03 5,700 ----a-w C:\Documents and Settings\Administrator\FMCodec.dat
2007-10-25 13:21 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-21 15:24 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-10-21 15:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-21 15:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2007-10-17 20:58 --------- d-----w C:\Program Files\WinFast
2007-10-16 20:33 --------- d-----w C:\Program Files\Common Files\Stardock
2007-10-15 18:20 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\vlc
2007-10-15 15:06 --------- d-----w C:\Program Files\Gigabyte
2007-10-15 15:05 15,600 ----a-w C:\WINDOWS\gdrv.sys
2007-10-14 19:45 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\atitray
2007-10-11 18:59 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-10-11 16:54 --------- d-----w C:\Program Files\Lavalys
2007-10-11 16:36 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-11 16:36 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-11 16:23 --------- d-----w C:\Program Files\Alcohol Soft
2007-10-11 16:03 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-11 16:02 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\CyberLink
2007-10-10 12:35 --------- d-----w C:\Program Files\Alwil Software
2007-10-10 12:34 --------- d-----w C:\Program Files\Microsoft Works
2007-10-10 12:29 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-05 07:13 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-05 07:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-05 06:50 --------- d-----w C:\Program Files\CyberLink
2007-10-05 06:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-10-05 06:43 --------- d-----w C:\Program Files\Nero
2007-10-05 06:43 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-05 06:43 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nero
2007-10-05 06:43 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\Ahead
2007-10-05 06:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-05 06:34 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\ATI
2007-10-04 12:37 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-04 12:37 --------- d-----w C:\Program Files\Realtek
2007-10-04 12:37 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2007-10-04 12:34 --------- d-----w C:\Program Files\Intel
2007-10-04 12:25 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-16_22.30.43.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 22:39:53 207,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-11-17 14:21:49 427,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-10-29 22:40:00 6,395,627 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-17 12:51:50 6,735,429 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2007-10-23 17:09:12 5,607,106 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
+ 2007-11-17 12:51:43 6,463,239 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat
+ 2007-11-17 13:38:29 10,257,408 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-04-26 14:50]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 09:13]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 09:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 14:49 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-10-20 14:09]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"ATITool"="D:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
D:\Program Files\iolo\System Mechanic 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
D:\Program Files\inKline Global\PC Booster\pcbooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"

S1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
S2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys
S2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 RivaTuner32;RivaTuner32;\??\D:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner32.sys
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys
S3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - WFCXATUN
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 20:52:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 15:25:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 15:26:08
C:\ComboFix2.txt ... 2007-11-17 14:02
C:\ComboFix3.txt ... 2007-11-17 13:22
.
--- E O F ---

[BUBINO]

Este toto hodte do avengera :

Folders to delete:
C:\Documents and Settings\All Users\Data aplikací\{7F1DE65E-F4E5-40C9-9A1C-0BE9EE39F681}

Toto otestuje na virustotal.com :
C:\WINDOWS\ativpsrm.bin
C:\Documents and Settings\Administrator\FMCodec.dat

Pre istotu este aplikujte MWAV:
http://www.viry.cz/forum/viewtopic.php?t=4097/
Hodte sem log ktory vam naskoci v dolnom okne . Nie v hornom !

Preferujte ci problemy zmizli .

[kufus]

Avenger s tím nic neudělal, ani nevypsal log.
Virustotal nevzal ativpsrm.bin protože byl prázdný (tak jsem ho vymazal)
FMCodec.dat je bez virů

Ten MWAV se spustí, ale jenom na nějakých 20 sekund, pak se vypne, takže nic.
Podle návodu na ten mwav mám vypnout obnovu systému, ale po restartu se vždy sama zapne.

[BUBINO]

Pri vypnuti obnovy systemu sa to moze opat nahodit , ale nemali by byt ziadne body obnovenia .

Pouzite SDFIX :
http://www.viry.cz/forum/viewtopic.php?t=40395
Stiahnite si aj tento program WinSockFix keby vam nahodou zresetovalo internet. Vtedy ho podla navodu spustite a FIX. Pokial by vam aj tak net nenabehol (co sa stava malo), nastavte si ok pripojenie , IP, a LAN.
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22


Ak nevypisal log , operaciu s avengerom skuste este raz urobit.

[kufus]

Takže avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\elifygkm

*******************

Script file located at: \??\C:\WINDOWS\tittdicj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\All Users\Data aplikací\{7F1DE65E-F4E5-40C9-9A1C-0BE9EE39F681} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




A SDFIX:


SDFix: Version 1.114

Run by Administrator on so 17.11.2007 at 22:24

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\regedit.com - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 22:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a398]
"001620c762a3"=hex:ff,e6,60,af,ed,80,6a,22,a4,7c,b6,d0,1f,d8,d5,e0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:28dee6c6
"s2"=dword:5e025d31
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:53,39,30,38,2a,35,4d,d1,b4,60,4c,c5,aa,d1,d2,79,ac,4e,db,ef,74,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a398]
"001620c762a3"=hex:ff,e6,60,af,ed,80,6a,22,a4,7c,b6,d0,1f,d8,d5,e0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:53,39,30,38,2a,35,4d,d1,b4,60,4c,c5,aa,d1,d2,79,ac,4e,db,ef,74,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="DB80DF2787CFCD4F12F594BB4D1E87B5AE2698F8251E41E93EF3B6A7BF2926BFD7694B29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A2D97226D213B555A6A0AC4980AC7933C5297D2884195B6243DC39CB76FC0F950BFBADEEC6CA45069AD77ADFF042A49BB051AFF005B6270E27C4EA17AA0C1F5E9B1AC23169C98E4E655784485333CA7EDFC1BFEFECFA6A08842121AC728214B2CDF923F3E8218E3979E88730F90BA118050A24E0A9B9CEF08FF07FC153F056007E273F047C44889BF54EE01FF2BD6C4524BB49244008335353B5202C65AE7E97DA397CD1F3EB732F50CC63BC61861ECA95EA8DB947402897ADF70D685558DB2CE44534F2AD937B11CEACD258FA60604E07B2434BE980F28FCE40C717E2CB71D7F5E6339E9F7CFEC28D3A6B63890E8DD8F8AF332266AA0E6C3F9EC1FCE1ACF495373FB934D42A932AFC455B746B93B859C08496AD9265A5C7D626667F3B62D0C527F1FD33E8647F11E0A5C24413BA262386559D81D31B1C9CC3EB102CEB17A42E1925A8BF0F38BEA250B0B9B287914D6C46CDEA5227778749088A0E33023BC1763485D5A40A747FF1B6C3C9BE62E75A4E539A947D99F02F9179A2A568A4802FAAF24298CDB4AE2775D4C0EE91D053AE484FEC28804E3A941DC1D58FC10A5F27BB2310F34CFABDCC04BD0B9DF2182CDE3D357BA1FE7F4FE4F6DD4BF4DDFE13197D69A56154603FBA5D5A0D3C508B9133F1517E76BF75EC880F202B78FAE399A6A83BBECDBFF79271A065B0A13D9662A71343350C2D129697382FA7AC7DAC37A7D9631A9B0B6CDBA5D56EE81F6FB7456DAD80DFBE564611602A04719B6DE2F12512807D9E577A82BBE4D9A9F4BF81A369B3D345DB6F99E76480ECBEBEF5A016DD34072F9FE8F3B4521B5F6B5A2D9829347B57AD28CCA9E8D83B0A4B87E798B14409BCFADC2ABD6037A98AAAF6D8B8C898C0FC68DA6BA3A528BBD3D559B60D19003E3B31062650BBEE263C69EC8830B5192108C69DE9CA736DCB91A00D7AD7E26AE27224C10FB93D308A262AC9A6E06A691F141D8F0AF6EE7C94E2726EEE64E912EB25AC27B89B21E6355276174241A372218BC6C33493F45BA73716BD73324DBA3169A6449D2BE832659ADC4C8A5BE24F713020C2F12027C0F557D82D0ED7F1D970AB701B5831D76641306AD8D64D6C52BF178B8473AE6C9C59DA8FE6E3FAFB1AC829EE9EAC8AF58A5215371FA2C94A001C28ED7C0B686F8F8CB00F0743D959593FF409397D290F5A06A358F388964A107D2032892E869CEF2E1AB39B9944B6AB3BF5AA475314B5442E856E224D0FFB6E409045057A59A6C6C12D5A2A7D1E89D78AE7C21BDC603BED7F3C97E7D59F35BCA0DD98B8ADC405502FD3E62B24"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 5 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d73c5f11656cfb2872f8f4bb0b3a716\BIT2C.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33779474ef8ab75b67f51c7e2e3a80e5\BIT48.tmp"
Thu 25 Oct 2007 444 ...HR --- "C:\Documents and Settings\Administrator\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\03a89ddb633db6cb81a0cffb3e5497ef\download\BIT58.tmp"
Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8dd98abe0ed0d26bc073a83ddc074b\download\BIT5D.tmp"

Finished!

[BUBINO]

Toto mozte zmazat : C:\SDFix Ako sa chova pocitac? Ide spustit ten MWAV?

[kufus]

No načtení startup programů je rychlejší a disk už taky tak dlouho "nechroustá", ale MWAV se pořád ukončuje, předtím jsem ho zkoušel 3x a vždy skončil myslím na 843 souboru a teď nějak na 1003.