Kill taskmgr.exe?

[SpeedyGT]

Výsledky virustotal.com:

Takže, odbcconf.exe je čistej,

ale odbconf32.exe má solidní trestní rejstřík - viz http://www.virustotal.com/cs/analisis/4 ... 706e50fa9d



// BUBINO -> máš mail s pěknou přílohou

[BUBINO]

JJ, dik . Len zbezne co som testoval vzorek, vyhodilo task a skopirovalo sa do system32. Asik pojde o neakeho spamera. Este urob combofix log a to bude uz vsetko. Len pre istotu.

[SpeedyGT]

Táák, tady je ten log, vše ok?

Kód: Vybrat vše

ComboFix 08-02.01.6 - SpeedyGT 2008-02-01 22:14:51.1 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1546 [GMT 1:00]
Running from: C:\Documents and Settings\SpeedyGT\Plocha\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-01 to 2008-02-01  )))))))))))))))))))))))))))))))
.

2008-01-31 22:49 . 2008-01-31 22:49	841,766	--a------	C:\vir.rar
2008-01-29 20:39 . 2008-01-29 20:39	10,856	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-29 20:19 . 2008-01-29 20:19	<DIR>	d--------	C:\Program Files\Gabest
2008-01-29 20:19 . 2008-01-29 20:19	<DIR>	d--------	C:\Program Files\AviSynth 2.5
2008-01-29 20:19 . 2008-01-29 20:19	43,602	--a------	C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-29 20:08 . 2004-08-17 14:49	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-01-29 20:07 . 2008-02-01 16:27	16,092	--a------	C:\WINDOWS\system32\127.0.0.1       localhost
2008-01-29 20:05 . 2008-01-29 20:05	<DIR>	d--------	C:\Program Files\DivX
2008-01-29 20:04 . 2008-01-29 20:04	<DIR>	d--------	C:\Program Files\SmartSound Software
2008-01-29 20:03 . 2004-07-16 16:47	14,165	--a------	C:\WINDOWS\system32\drivers\Pclepci.sys
2008-01-29 20:01 . 2002-01-05 04:36	964,608	--a------	C:\WINDOWS\system32\MFC70U.DLL
2008-01-29 20:00 . 2008-01-29 20:00	<DIR>	d--------	C:\Program Files\Pinnacle
2008-01-27 15:16 . 2008-01-27 15:19	<DIR>	d--------	C:\Incomplete
2008-01-27 15:13 . 2008-01-27 15:13	<DIR>	d--------	C:\Program Files\Java
2008-01-27 15:13 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-01-27 15:05 . 2008-01-27 15:05	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-01-27 15:02 . 2008-01-27 15:19	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\.limewire
2008-01-23 20:23 . 2008-01-23 20:23	0	--a------	C:\WINDOWS\nsreg.dat
2008-01-23 19:32 . 1996-09-16 03:15	202,240	-ra------	C:\Setup95.exe
2008-01-23 19:20 . 2008-01-23 19:20	<DIR>	d--------	C:\Program Files\Common Files\River Past
2008-01-23 19:20 . 2007-12-15 15:08	820,736	-r-hs----	C:\WINDOWS\odbcconf.exe
2008-01-23 19:20 . 2008-01-23 19:20	165,908	--a------	C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-01-22 10:46 . 2008-01-22 10:46	<DIR>	d--------	C:\Temp
2008-01-22 10:45 . 2008-01-22 10:45	<DIR>	d--------	C:\Program Files\ICQLite
2008-01-22 10:40 . 2008-01-29 17:48	<DIR>	d--------	C:\Program Files\ICQToolbar
2008-01-17 14:36 . 2007-08-21 21:05	593,920	---------	C:\WINDOWS\system32\ati2sgag.exe
2008-01-12 15:07 . 2008-01-12 15:07	<DIR>	d--------	C:\Program Files\Common Files\DirectX
2008-01-12 14:47 . 2008-01-12 14:47	262,144	--a------	C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 14:47 . 2008-01-12 14:47	86,016	--a------	C:\WINDOWS\system32\OpenAL32.dll
2008-01-11 01:29 . 2008-01-11 01:29	54,608	--a------	C:\WINDOWS\system32\xfcodec.dll
2008-01-08 20:49 . 1999-11-02 10:01	6,173	--a------	C:\WINDOWS\system32\drivers\Entech.vxd
2008-01-08 20:49 . 2004-06-22 15:44	5,632	--a------	C:\WINDOWS\system32\drivers\Entech64.sys
2008-01-07 19:03 . 2008-01-07 19:03	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-01-03 23:38 . 2007-03-05 11:51	360,580	--a------	C:\WINDOWS\eSellerateEngine.dll
2008-01-02 14:13 . 2008-01-02 14:13	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-29 17:18	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 17:17	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2007-12-28 00:12	---------	d-----w	C:\Program Files\GameSpy
2007-12-28 00:04	669,184	----a-w	C:\WINDOWS\system32\pbsvc.exe
2007-12-23 18:44	---------	d-----w	C:\Program Files\MSBuild
2007-12-23 18:44	---------	d-----w	C:\Program Files\Microsoft Works
2007-12-21 02:24	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2007-12-19 16:09	50,688	----a-w	C:\WINDOWS\system32\wbhelp2.dll
2007-12-14 11:45	360,448	----a-w	C:\WINDOWS\system32\NVUNINST.EXE
2007-12-13 12:56	---------	d-----w	C:\Program Files\Web Publish
2007-12-11 21:39	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-12-04 14:56	93,264	----a-w	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:49	26,624	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 10:58	15,440	----a-w	C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-03 21:54	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2007-12-03 21:20	---------	d-----w	C:\Program Files\Common Files\InterVideo
2007-12-03 21:19	---------	d-----w	C:\Program Files\Creative
2007-12-02 10:17	---------	d-----w	C:\Program Files\HP
2007-12-02 10:17	---------	d-----w	C:\Program Files\Hewlett-Packard
2007-12-02 10:17	---------	d-----w	C:\Program Files\Common Files\HP
2007-12-01 23:33	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-12-01 21:58	---------	d-----w	C:\Program Files\AdVantage
2007-12-01 19:54	---------	d-----w	C:\Program Files\Winamp
2007-12-01 19:36	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-12-01 19:15	15,600	----a-w	C:\WINDOWS\gdrv.sys
2007-12-01 19:15	---------	d-----w	C:\Program Files\Gigabyte
2007-12-01 18:08	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-12-01 18:08	---------	d-----w	C:\Program Files\ATI Technologies
2007-12-01 18:00	315,392	----a-w	C:\WINDOWS\HideWin.exe
2007-12-01 18:00	---------	d-----w	C:\Program Files\Realtek
2007-12-01 17:55	---------	d-----w	C:\Program Files\Intel
2007-12-01 17:52	---------	d--h--w	C:\Program Files\Uninstall Information
2007-12-01 17:47	---------	d-----w	C:\Program Files\microsoft frontpage
2007-11-14 01:42	6,660,096	----a-w	C:\WINDOWS\system32\myodbc3S.dll
2007-11-14 01:42	2,183,168	----a-w	C:\WINDOWS\system32\myodbc3.dll
2007-11-14 01:42	114,688	----a-w	C:\WINDOWS\system32\myodbc3i.exe
2007-11-14 01:42	106,496	----a-w	C:\WINDOWS\system32\myodbc3m.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Bandwidth Monitor Pro"="C:\software\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 16:48 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"RivaTunerStartupDaemon"="C:\Software\RivaTuner v2.01\RivaTuner.exe" [2007-04-29 18:05 2588672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SpeedyGT^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=C:\Documents and Settings\SpeedyGT\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
C:\software\BSplayer\AdVantageSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\software\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 C:\software\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2007-04-26 15:50 24576 C:\Program Files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\software\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\software\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 18:35 49152 C:\software\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\software\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 13:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

R1 atitray;atitray;C:\software\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R2 odbcconf;odbcconf;"C:\WINDOWS\odbcconf.exe" [2007-12-15 15:08]
R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" [2002-01-25 05:30]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 cpuz128;cpuz128;C:\DOCUME~1\SpeedyGT\LOCALS~1\Temp\cpuz_x32.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-01 20:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d0f0ba-a039-11dc-966f-001a4d4f9f2a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 22:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\software\Avast4\aswUpdSv.exe
C:\software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\software\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Software\Xfire\Xfire.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\odbcconf.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\software\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\software\Avast4\ashMaiSv.exe
C:\software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-01 22:18:32 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-01 21:18:28

[BUBINO]

Takze. Otvor poznamkovy blok a do neho vloz toto:

File::
c:\Recycled\ctfmon.exe
c:\Recycled\INFO2
c:\autorun.inf
c:\Recycled\desktop.ini

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d0f0ba-a039-11dc-966f-001a4d4f9f2a}]

Uloz na plochu ako CFScript.txt , chyt mysou, presun nad ikonu combofixa a pusti. Prebehne skenovanie a ponom sem vloz log, ktory naskoci.

Ake mas v pocitace jednotky (systemove disky)? Ak iba c:\ tak je to ok, ale pokial ich mas viacej, tak v scripte pod FILE:: skopiruj este raz hodnoty, ktore su za c:\ , ale namiesto c:\ daj nazov dalsieho disku ak sa v pc nachadzaju. Lebo je to smejd, ktory sa pridava na vsetky systemove disky, tak pre kazdy pripad.

Toto otestuj na virustotal.com:
C:\Setup95.exe
C:\WINDOWS\HideWin.exe
C:\DOCUME~1\SpeedyGT\LOCALS~1\Temp\cpuz_x32.sys

[SpeedyGT]

...

C:\Setup95.exe je instalačka jedný hry, pro zajímavost Neverhood nějak se mi tam zatoulala...
C:\WINDOWS\HideWin.exe je cosi od realteku - ale projistotu - čistej
Ten cpuz_x32.sys v tempu už není, ale bylo to urco od CPU-Z

Tady je ten ComboFix s tim skriptem...

Kód: Vybrat vše

ComboFix 08-02.01.6 - SpeedyGT 2008-02-01 23:05:06.3 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.1490 [GMT 1:00]
Running from: C:\Documents and Settings\SpeedyGT\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\SpeedyGT\Plocha\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
c:\autorun.inf
c:\Recycled\ctfmon.exe
c:\Recycled\desktop.ini
c:\Recycled\INFO2
d:\autorun.inf
d:\Recycled\ctfmon.exe
d:\Recycled\desktop.ini
d:\Recycled\INFO2
g:\autorun.inf
g:\Recycled\ctfmon.exe
g:\Recycled\desktop.ini
g:\Recycled\INFO2
h:\autorun.inf
h:\Recycled\ctfmon.exe
h:\Recycled\desktop.ini
h:\Recycled\INFO2
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\OPTIONS\CABS\_desktop.ini

.
(((((((((((((((((((((((((   Files Created from 2008-01-01 to 2008-02-01  )))))))))))))))))))))))))))))))
.

2008-01-31 22:49 . 2008-01-31 22:49	841,766	--a------	C:\vir.rar
2008-01-29 20:39 . 2008-01-29 20:39	10,856	--ahs----	C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-29 20:19 . 2008-01-29 20:19	<DIR>	d--------	C:\Program Files\Gabest
2008-01-29 20:19 . 2008-01-29 20:19	<DIR>	d--------	C:\Program Files\AviSynth 2.5
2008-01-29 20:19 . 2008-01-29 20:19	43,602	--a------	C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-29 20:08 . 2004-08-17 14:49	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-01-29 20:07 . 2008-02-01 16:27	16,092	--a------	C:\WINDOWS\system32\127.0.0.1       localhost
2008-01-29 20:05 . 2008-01-29 20:05	<DIR>	d--------	C:\Program Files\DivX
2008-01-29 20:04 . 2008-01-29 20:04	<DIR>	d--------	C:\Program Files\SmartSound Software
2008-01-29 20:04 . 2008-01-29 20:04	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
2008-01-29 20:03 . 2004-07-16 16:47	14,165	--a------	C:\WINDOWS\system32\drivers\Pclepci.sys
2008-01-29 20:01 . 2002-01-05 04:36	964,608	--a------	C:\WINDOWS\system32\MFC70U.DLL
2008-01-29 20:00 . 2008-01-29 20:00	<DIR>	d--------	C:\Program Files\Pinnacle
2008-01-29 20:00 . 2008-01-29 20:08	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2008-01-27 15:16 . 2008-01-27 15:19	<DIR>	d--------	C:\Incomplete
2008-01-27 15:13 . 2008-01-27 15:13	<DIR>	d--------	C:\Program Files\Java
2008-01-27 15:13 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-01-27 15:05 . 2008-01-27 15:05	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-01-27 15:02 . 2008-01-27 15:19	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\.limewire
2008-01-23 20:23 . 2008-01-23 20:23	0	--a------	C:\WINDOWS\nsreg.dat
2008-01-23 19:32 . 1996-09-16 03:15	202,240	-ra------	C:\Setup95.exe
2008-01-23 19:20 . 2008-01-23 19:20	<DIR>	d--------	C:\Program Files\Common Files\River Past
2008-01-23 19:20 . 2008-01-23 19:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\River Past G5
2008-01-23 19:20 . 2008-01-23 19:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\River Past G5
2008-01-23 19:20 . 2008-01-23 19:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\River Past G5
2008-01-23 19:20 . 2008-01-23 19:21	<DIR>	d--------	C:\Documents and Settings\All Users\Data aplikací\River Past G5
2008-01-23 19:20 . 2007-12-15 15:08	820,736	-r-hs----	C:\WINDOWS\odbcconf.exe
2008-01-23 19:20 . 2008-01-23 19:20	165,908	--a------	C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-01-22 10:46 . 2008-01-22 10:46	<DIR>	d--------	C:\Temp
2008-01-22 10:45 . 2008-01-22 10:45	<DIR>	d--------	C:\Program Files\ICQLite
2008-01-22 10:45 . 2008-01-22 10:58	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQLite
2008-01-22 10:45 . 2008-01-22 10:58	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQLite
2008-01-22 10:45 . 2008-01-22 10:58	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQLite
2008-01-22 10:45 . 2008-01-22 10:45	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQ Toolbar
2008-01-22 10:45 . 2008-01-22 10:45	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQ Toolbar
2008-01-22 10:45 . 2008-01-22 10:45	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\ICQ Toolbar
2008-01-22 10:40 . 2008-01-29 17:48	<DIR>	d--------	C:\Program Files\ICQToolbar
2008-01-17 14:36 . 2007-08-21 21:05	593,920	---------	C:\WINDOWS\system32\ati2sgag.exe
2008-01-12 15:07 . 2008-01-12 15:07	<DIR>	d--------	C:\Program Files\Common Files\DirectX
2008-01-12 14:47 . 2008-01-12 14:47	262,144	--a------	C:\WINDOWS\system32\wrap_oal.dll
2008-01-12 14:47 . 2008-01-12 14:47	86,016	--a------	C:\WINDOWS\system32\OpenAL32.dll
2008-01-11 01:29 . 2008-01-11 01:29	54,608	--a------	C:\WINDOWS\system32\xfcodec.dll
2008-01-08 20:49 . 1999-11-02 10:01	6,173	--a------	C:\WINDOWS\system32\drivers\Entech.vxd
2008-01-08 20:49 . 2004-06-22 15:44	5,632	--a------	C:\WINDOWS\system32\drivers\Entech64.sys
2008-01-07 19:03 . 2008-01-07 19:03	<DIR>	d--------	C:\Program Files\SystemRequirementsLab
2008-01-03 23:38 . 2007-03-05 11:51	360,580	--a------	C:\WINDOWS\eSellerateEngine.dll
2008-01-03 10:12 . 2008-01-08 21:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\Bioshock
2008-01-03 10:12 . 2008-01-08 21:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\Bioshock
2008-01-03 10:12 . 2008-01-08 21:20	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\Bioshock
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield Installation Information
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield Installation Information
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield Installation Information
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\2K Games
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\2K Games
2008-01-03 10:00 . 2008-01-03 10:00	<DIR>	d--------	C:\Documents and Settings\SpeedyGT\Data aplikací\2K Games
2008-01-02 14:13 . 2008-01-02 14:13	<DIR>	dr-h-----	C:\Documents and Settings\SpeedyGT\Data aplikací\SecuROM
2008-01-02 14:13 . 2008-01-02 14:13	<DIR>	dr-h-----	C:\Documents and Settings\SpeedyGT\Data aplikací\SecuROM
2008-01-02 14:13 . 2008-01-02 14:13	<DIR>	dr-h-----	C:\Documents and Settings\SpeedyGT\Data aplikací\SecuROM
2008-01-02 14:13 . 2008-01-02 14:13	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 21:18	---------	d---a-w	C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-31 17:47	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-29 19:04	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-29 17:18	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 17:17	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 14:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\uTorrent
2008-01-29 14:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\uTorrent
2008-01-29 14:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\uTorrent
2008-01-15 05:30	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Xfire
2008-01-15 05:30	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Xfire
2008-01-15 05:30	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Xfire
2008-01-12 20:03	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Hamachi
2008-01-12 20:03	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Hamachi
2008-01-12 20:03	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Hamachi
2007-12-28 00:12	---------	d-----w	C:\Program Files\GameSpy
2007-12-28 00:04	669,184	----a-w	C:\WINDOWS\system32\pbsvc.exe
2007-12-28 00:04	22,328	----a-w	C:\Documents and Settings\SpeedyGT\Data aplikací\PnkBstrK.sys
2007-12-28 00:04	22,328	----a-w	C:\Documents and Settings\SpeedyGT\Data aplikací\PnkBstrK.sys
2007-12-28 00:04	22,328	----a-w	C:\Documents and Settings\SpeedyGT\Data aplikací\PnkBstrK.sys
2007-12-23 18:44	---------	d-----w	C:\Program Files\MSBuild
2007-12-23 18:44	---------	d-----w	C:\Program Files\Microsoft Works
2007-12-23 13:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Skype
2007-12-23 13:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Skype
2007-12-23 13:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Skype
2007-12-21 02:24	46,080	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2007-12-19 17:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Microsoft Games
2007-12-19 17:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Microsoft Games
2007-12-19 17:08	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\Microsoft Games
2007-12-19 16:09	50,688	----a-w	C:\WINDOWS\system32\wbhelp2.dll
2007-12-14 11:45	360,448	----a-w	C:\WINDOWS\system32\NVUNINST.EXE
2007-12-13 12:56	---------	d-----w	C:\Program Files\Web Publish
2007-12-11 21:41	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\AdobeUM
2007-12-11 21:41	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\AdobeUM
2007-12-11 21:41	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\AdobeUM
2007-12-11 21:39	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-12-04 14:56	93,264	----a-w	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:49	26,624	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 10:58	15,440	----a-w	C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-04 07:41	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\Skype
2007-12-03 21:54	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2007-12-03 21:21	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InterVideo
2007-12-03 21:21	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InterVideo
2007-12-03 21:21	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InterVideo
2007-12-03 21:20	---------	d-----w	C:\Program Files\Common Files\InterVideo
2007-12-03 21:19	---------	d-----w	C:\Program Files\Creative
2007-12-03 16:19	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\PSpad
2007-12-03 16:19	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\PSpad
2007-12-03 16:19	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\PSpad
2007-12-02 10:17	---------	d-----w	C:\Program Files\HP
2007-12-02 10:17	---------	d-----w	C:\Program Files\Hewlett-Packard
2007-12-02 10:17	---------	d-----w	C:\Program Files\Common Files\HP
2007-12-02 10:17	---------	d-----w	C:\Documents and Settings\All Users\Data aplikací\HP
2007-12-02 10:12	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\HP
2007-12-02 10:12	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\HP
2007-12-02 10:12	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\HP
2007-12-01 23:33	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-12-01 22:27	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\atitray
2007-12-01 22:27	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\atitray
2007-12-01 22:27	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\atitray
2007-12-01 22:04	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer
2007-12-01 22:04	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer
2007-12-01 22:04	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer
2007-12-01 21:58	---------	d-----w	C:\Program Files\AdVantage
2007-12-01 21:50	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer Pro
2007-12-01 21:50	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer Pro
2007-12-01 21:50	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\BSplayer Pro
2007-12-01 19:54	---------	d-----w	C:\Program Files\Winamp
2007-12-01 19:36	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-12-01 19:15	15,600	----a-w	C:\WINDOWS\gdrv.sys
2007-12-01 19:15	---------	d-----w	C:\Program Files\Gigabyte
2007-12-01 18:16	---------	d-----w	C:\Documents and Settings\NetworkService\Data aplikací\Xfire
2007-12-01 18:08	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-12-01 18:08	---------	d-----w	C:\Program Files\ATI Technologies
2007-12-01 18:00	315,392	----a-w	C:\WINDOWS\HideWin.exe
2007-12-01 18:00	---------	d-----w	C:\Program Files\Realtek
2007-12-01 18:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield
2007-12-01 18:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield
2007-12-01 18:00	---------	d-----w	C:\Documents and Settings\SpeedyGT\Data aplikací\InstallShield
2007-12-01 17:55	---------	d-----w	C:\Program Files\Intel
2007-12-01 17:52	---------	d--h--w	C:\Program Files\Uninstall Information
2007-12-01 17:47	---------	d-----w	C:\Program Files\microsoft frontpage
2007-11-14 01:42	6,660,096	----a-w	C:\WINDOWS\system32\myodbc3S.dll
2007-11-14 01:42	2,183,168	----a-w	C:\WINDOWS\system32\myodbc3.dll
2007-11-14 01:42	114,688	----a-w	C:\WINDOWS\system32\myodbc3i.exe
2007-11-14 01:42	106,496	----a-w	C:\WINDOWS\system32\myodbc3m.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"Bandwidth Monitor Pro"="C:\software\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2005-02-16 16:48 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"RivaTunerStartupDaemon"="C:\Software\RivaTuner v2.01\RivaTuner.exe" [2007-04-29 18:05 2588672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]

C:\Documents and Settings\SpeedyGT\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - C:\Software\Xfire\Xfire.exe [2008-01-11 01:29:50 2872144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SpeedyGT^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=C:\Documents and Settings\SpeedyGT\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
C:\software\BSplayer\AdVantageSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 14:00 79224 C:\software\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 C:\software\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2007-04-26 15:50 24576 C:\Program Files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\software\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\software\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 18:35 49152 C:\software\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-27 19:12 3142236 C:\software\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 13:44 36864 C:\WINDOWS\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

R1 atitray;atitray;C:\software\ATI Tray Tools\atitray.sys [2007-05-22 10:04]
R2 odbcconf;odbcconf;"C:\WINDOWS\odbcconf.exe" [2007-12-15 15:08]
R2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" [2002-01-25 05:30]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 cpuz128;cpuz128;C:\DOCUME~1\SpeedyGT\LOCALS~1\Temp\cpuz_x32.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-01 20:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 23:05:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-01 23:05:54
ComboFix-quarantined-files.txt  2008-02-01 22:05:46
ComboFix2.txt  2008-02-01 21:18:32

[BUBINO]

Co sa nachadza tu?:
C:\Documents and Settings\All Users\Data aplikací\TEMP
c:\temp

Toto zmaz c:\vir.rar

Ja by som povedal, ze je to ok.

[SpeedyGT]

...

Nic a také nic...
Jooo vir.rar, já to tam zapomněl jak sem ti to seedoval

Takže moc díky

[BUBINO]

V poriadku. Nemas zac! Rado sa stalo a aj na buduce

[SpeedyGT]

Hele jak vy vůbec v těch logách něco dokážete vyštrachat? Jako něco málo bych třeba taky našel, ale tohle mě dostalo jak hned po porvním logu bylo jasno

[BUBINO]

Tato otazka mi dlho vrtala hlavou, ked mi radca prvy krat poradil, ked som dal Log Lenze neostal som len pri otazkach, ale zacal som sa v tom ucit a netvrdim, ze to vzdycky islo ok. Ja osobne aj virusy testujem a v tvojom pripade je to do oka bijuce. Okrem toho, ze ide o vec, ktoru som nikdy nevidel, je navyse spustena v system32 a nic o nej v google neni, takze okolnosti ma nutia ju otestovat. A predsa je to virus.

[flashradio]

Prosím o pomoc...

Mám přesně ten stejný problém, cosi mi vletělo do PC, zřejmě jich bylo víc, házelo to na mne i nějaká okna IE, také nějaký suspenzor PC, ale to už jsem snad odstranil Nodem...

Každopádně stále nefunguje taskmanager, a nejde ani konzolový tasklist... Nevím co s tím, Win se mi reinstalovat fakt nechce.

udělal jsem log v HJT, je tam něco divného?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:54:50, on 5.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows CE Services\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba\Local Settings\Temporary Internet Files\Content.IE5\0H2RWPYF\VundoFix[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digizone.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Windows CE Services\WCESCOMM.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF4FCB8-907D-4FE5-A54F-86B56D93479D}: NameServer = 10.32.1.3,10.32.139.140
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 4851 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:54:50, on 5.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows CE Services\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba\Local Settings\Temporary Internet Files\Content.IE5\0H2RWPYF\VundoFix[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digizone.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Windows CE Services\WCESCOMM.EXE"
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF4FCB8-907D-4FE5-A54F-86B56D93479D}: NameServer = 10.32.1.3,10.32.139.140
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 4851 bytes

[babajaga]

v HiJAckThis fixni radky kde je uvedeno: "Printer Driver" najdi na HDD dle cety soubor C:\WINDOWS\LSPRN.EXE - otestuj ho na www.virustotal.com (at vim co je to zac, vysledek sem vloz)

po restartu vloz novy log z HJT.

[starovesky]

Taskmgr se mi ukáže bez horní lišty a Menu.(jsou zobrazeny jen běžící úlohy a volby Ukončit úlohu, Přepnout a Nová úloha). Přepnu-li se na jiného uživatele, funguje to dobře. Přepnu se zpět, opět Taskmgr je bez Menu. Je to možné nějak spravit?

[zombux]

Taskmgr se mi ukáže bez horní lišty a Menu.(jsou zobrazeny jen běžící úlohy a volby Ukončit úlohu, Přepnout a Nová úloha). Přepnu-li se na jiného uživatele, funguje to dobře. Přepnu se zpět, opět Taskmgr je bez Menu. Je to možné nějak spravit?

dvojklikem na ten šedej rámeček co zbyl kolem okna, menu to zase vrátí zpátky