spomaleny pc

_DanWer_ · Napísal **_DanWer_**: 23.11.2007 21:31 | spomaleny pc

zapol som pc a do windowsu som sa dostal za dobrych 10 minut, mna ide porazit kurzor mi seka, zapnem nejaku aplikaciu napr. ie tak mi to natahuje 10 sekund cpu 100% a hdd vkuse svieti od vtedy az nejaku 1 minutu po tom som zapol online radio tak mi roztahovalo zvuk zas hdd vkuse svieti, seka kurzor a cpu 80-100% pls poradte, dik

br4n0 · Napísal **br4n0**: 23.11.2007 21:34 | spomaleny pc

Vyzerá to tak, že si inštaloval rôzne "užitočné" aplikácie. Nože nám ich ukáž s Hijackthis.

_DanWer_ · Napísal autor témy **_DanWer_**: 23.11.2007 21:40 | spomaleny pc

dufam, ze to bude toto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:21, on 23.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\OETRN.EXE
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
D:\DANO\PROGRAMY\NAINSTALOVANÉ\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcforum.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\DANO\PROGRAMY\NAINSTALOVANÉ\NOKIA PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\DANO\PROGRAMY\NAINSTALOVANÉ\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AtiTrayTools] "D:\DANO\PROGRAMY\NAINSTALOVANÉ\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [updateMgr] D:\DANO\PROGRAMY\NAINSTALOVANÉ\Acrobat Reader 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\DANO\PROGRAMY\NAINSTALOVANÉ\ICQ 5.1\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\DANO\PROGRAMY\NAINSTALOVANÉ\ICQ 5.1\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\DANO\PROGRAMY\NAINSTALOVANÉ\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11294 bytes

br4n0 · Napísal **br4n0**: 23.11.2007 21:48 | spomaleny pc

To vyzerá v poriadku. Vlastne ako prvé som sa mal spýťať, ktorý proces tak zaťažuje cpu (tipujem Norton AV), tak sa pýtam teraz.

V núdzovom režime spusti combofix a pošli log.

_DanWer_ · Napísal autor témy **_DanWer_**: 23.11.2007 21:56 | spomaleny pc

no cpu je celkom v pohode cca 7-15% ked mam zapnute to radio
ale zistil som ze ked mi roztiahne ten zvuk tak presne vtedy sa mi aj kurzor pohybuje sekajuco
a ten norton vyzera byt v pohode, skusim este ten druhy log

br4n0 · Napísal **br4n0**: 23.11.2007 21:59 | spomaleny pc

Ide o to vysledovať ten proces v správcovi úloh. Ak niečo CPU zaťažuje, bude to tam. Ak to bude nejaký win proces, tak to je väčší problém (ako malware).

_DanWer_ · Napísal autor témy **_DanWer_**: 23.11.2007 22:03 | spomaleny pc

sakra v nudzovom rezime?
a ked som to pustil teraz?

_DanWer_ · Napísal autor témy **_DanWer_**: 23.11.2007 22:10 | spomaleny pc

tak tu je ten log z ComboFix ale nebol robeny v nudzovom rezime!

ComboFix 07-11-19.3 - Dano 2007-11-23 22:01:45.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.442 [GMT 1:00]
Running from: C:\Documents and Settings\Dano\Dokumenty\Downloads\Programy\ComboFix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-23 20:32 <DIR> d-------- C:\Documents and Settings\GARDENA\Data aplikací\GRETECH
2007-11-23 19:02 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2007-11-23 19:02 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2007-11-11 13:14 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-10 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2007-11-10 14:00 <DIR> dr-h----- C:\Documents and Settings\Dano\Data aplikací\SecuROM
2007-11-09 23:05 <DIR> d-------- C:\Documents and Settings\Dano\Data aplikací\Symantec
2007-11-09 21:05 <DIR> d-------- C:\Documents and Settings\GARDENA\Data aplikací\Symantec
2007-11-09 20:35 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-11-09 20:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-09 20:33 <DIR> d-------- C:\Program Files\Symantec
2007-11-09 20:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-09 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Symantec
2007-11-09 20:32 <DIR> d-------- C:\norton
2007-11-08 18:42 <DIR> d-------- C:\Documents and Settings\GARDENA\Data aplikací\AdobeUM
2007-11-06 06:42 <DIR> d-------- C:\Documents and Settings\GARDENA\Plocha
2007-11-06 06:42 <DIR> d--h----- C:\Documents and Settings\GARDENA\Okolní tiskárny
2007-11-06 06:42 <DIR> d--h----- C:\Documents and Settings\GARDENA\Okolní síť
2007-11-06 06:42 <DIR> dr------- C:\Documents and Settings\GARDENA\Oblíbené položky
2007-11-06 06:42 <DIR> d--h----- C:\Documents and Settings\GARDENA\Šablony
2007-11-06 06:42 <DIR> dr------- C:\Documents and Settings\GARDENA\Nabídka Start
2007-11-06 06:42 <DIR> dr------- C:\Documents and Settings\GARDENA\Dokumenty
2007-11-06 06:42 <DIR> d-------- C:\Documents and Settings\GARDENA\Data aplikací\PC Suite
2007-11-06 06:42 <DIR> d-------- C:\Documents and Settings\GARDENA\Data aplikací\ATI
2007-11-06 06:42 <DIR> dr-h----- C:\Documents and Settings\GARDENA\Data aplikací
2007-10-30 20:21 29,808 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000003-00000000-00000006-00001102-00000002-80641102}.rfx
2007-10-30 20:21 29,808 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000003-00000000-00000006-00001102-00000002-80641102}.rfx
2007-10-30 20:21 17,500 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000003-00000000-00000006-00001102-00000002-80641102}.rfx
2007-10-30 20:21 17,500 --a------ C:\WINDOWS\system32\BMXState-{00000003-00000000-00000006-00001102-00000002-80641102}.rfx
2007-10-30 20:21 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000006-00001102-00000002-80641102}.dat
2007-10-30 20:21 24 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000006-00001102-00000002-80641102}.dat
2007-10-30 19:02 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-10-30 19:02 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-10-30 19:02 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
2007-10-30 19:02 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-10-30 19:02 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-10-30 19:01 32,768 --a------ C:\WINDOWS\system32\AudioHQU.cpl
2007-10-30 19:01 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-10-30 19:00 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-10-30 18:59 <DIR> d-------- C:\Program Files\Creative
2007-10-29 14:46 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2007-10-28 18:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 20:16 --------- d-----w C:\Program Files\SpeedFan
2007-11-23 15:15 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\Skype
2007-11-20 19:44 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\uTorrent
2007-11-18 10:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 10:15 --------- d-----w C:\Program Files\ASUS
2007-11-09 22:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-09 22:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-09 22:16 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-09 19:35 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-11-09 19:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2007-11-08 18:40 --------- d-----w C:\Program Files\Java
2007-10-29 16:06 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2007-10-22 20:25 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-10-22 20:25 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-10-22 20:25 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-10-22 20:25 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-10-22 20:25 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-10-22 20:25 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-10-22 20:23 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-10-21 20:41 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\AdobeUM
2007-10-21 18:05 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\Miranda
2007-10-19 17:58 --------- d-----w C:\Program Files\Orban
2007-10-17 20:10 --------- d-----w C:\Program Files\hp deskjet 920c series
2007-10-17 20:06 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-16 18:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\GRETECH
2007-10-16 18:37 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\GRETECH
2007-10-16 18:19 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\Winamp 5.5
2007-10-16 17:36 --------- d-----w C:\Program Files\Winamp Remote
2007-10-16 17:32 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-16 17:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2007-10-16 17:32 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-10-14 20:24 --------- d-----w C:\Program Files\ATI
2007-10-14 20:24 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ATI
2007-10-14 20:16 --------- d-----w C:\Program Files\ATI Technologies
2007-10-10 14:32 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\Apple Computer
2007-10-10 13:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-09 20:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2007-10-06 16:23 --------- d-----w C:\Documents and Settings\Dano\Data aplikací\Talkback
2007-10-05 17:36 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-01 13:49 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-01 13:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 13:49 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-01 13:49 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-01 13:49 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-01 13:49 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-01 13:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-01 13:48 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-09-30 05:44 --------- d-----w C:\Program Files\Common Files\DirectX
2007-09-29 12:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-29 12:29 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2007-09-29 12:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-09-29 07:42 --------- d-----w C:\Program Files\Futuremark
2007-09-29 06:35 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 19:08 --------- d-----w C:\Program Files\uTorrent
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-28 13:26 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe
2007-09-28 13:26 --------- d-----w C:\Program Files\Radeon Omega Drivers
2007-09-25 14:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-09-23 14:53 676,266 ----a-w C:\WINDOWS\unins000.exe
2007-09-07 17:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"AtiTrayTools"="D:\DANO\PROGRAMY\NAINSTALOVANÉ\ATI Tray Tools\atitray.exe" []
"updateMgr"="D:\DANO\PROGRAMY\NAINSTALOVANÉ\Acrobat Reader 7.0\Reader\AdobeUpdateManager.exe" []
"OEXPRESS"="C:\WINDOWS\OETRN.EXE" [2007-10-22 21:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="D:\DANO\PROGRAMY\NAINSTALOVANÉ\NOKIA PC Suite\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"QuickTime Task"="D:\DANO\PROGRAMY\NAINSTALOVANÉ\QuickTime\qttask.exe" [2007-06-29 05:24]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 20:19]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 11:26]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49]
"Nokia.PCSync"="D:\DANO\PROGRAMY\NAINSTALOVANÉ\NOKIA PC Suite\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys
R2 ATIWebPAM;ATI WebPAM;"C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 RivaTuner32;RivaTuner32;\??\D:\DANO\PROGRAMY\NAINSTALOVANÉ\RivaTuner v2.03\RivaTuner32.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45fe9788-ff85-11d5-b382-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 10:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - GARDENA.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exee/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 22:07:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-23 22:09:03
.
--- E O F ---

br4n0 · Napísal **br4n0**: 24.11.2007 17:44 | spomaleny pc

Myslím, že prítomnosť malwaru môžeme definitívne vylúčiť. Ostáva len nájsť proces, ktorý to neúmerne zaťažuje (pomôže napr. Process explorer) alebo opravná inštalácia (návod).