Prosím o pomoc s virem....

[Michela]

tady je log z toho programu:

ComboFix 07-08-17.2 - "JM" 2007-08-24 21:25:34.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1029.18.239 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-24 21:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3c4.dat
2007-08-24 19:43 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-24 18:51 <DIR> d-------- C:\!KillBox
2007-08-24 15:42 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\Comodo
2007-08-24 15:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-08-24 15:37 <DIR> d-------- C:\Program Files\Comodo
2007-08-24 13:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 13:21 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\SUPERAntiSpyware.com
2007-08-24 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\SUPERAntiSpyware.com
2007-08-24 01:35 146,448 --a------ C:\WINNT\system32\bb201.exe
2007-08-24 00:38 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_380.dat
2007-08-23 22:28 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_388.dat
2007-08-22 19:05 59,904 --a------ C:\WINNT\system32\Mscc2fr.dll
2007-08-22 19:05 516,173 --a------ C:\WINNT\system32\MSVCP60D.DLL
2007-08-22 19:05 385,100 --a------ C:\WINNT\system32\MSVCRTD.DLL
2007-08-22 19:05 32,768 --a------ C:\WINNT\system32\CMDLGFR.DLL
2007-08-22 19:05 307,200 --a------ C:\WINNT\system32\msvcr70.dll
2007-08-22 19:05 21,504 --a------ C:\WINNT\system32\TABCTFR.DLL
2007-08-22 19:05 141,312 --a------ C:\WINNT\system32\MSCMCFR.DLL
2007-08-22 19:05 119,568 --a------ C:\WINNT\system32\VB6FR.DLL
2007-08-22 19:05 101,888 --a------ C:\WINNT\system32\VB6STKIT.DLL
2007-08-22 19:05 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-08-22 14:07 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_384.dat
2007-08-20 20:53 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\Ahead
2007-08-20 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Ahead
2007-08-20 20:49 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-08-20 20:49 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-08-20 20:49 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-08-20 20:49 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-08-20 20:49 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-08-20 20:49 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-08-20 20:49 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-08-20 20:49 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-08-20 20:49 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-08-20 20:49 <DIR> d-------- C:\Program Files\Nero
2007-08-20 20:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-20 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Nero
2007-08-20 20:45 <DIR> d-------- C:\Program Files\stickies
2007-08-17 17:49 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\stickies
2007-08-16 11:20 <DIR> d-------- C:\Program Files\iTunes
2007-08-16 11:20 <DIR> d-------- C:\Program Files\iPod
2007-08-05 20:04 <DIR> d-------- C:\DOCUME~1\JM\pbc_muzik ý 1
2007-08-05 19:59 <DIR> d-------- C:\Programy
2007-08-01 00:09 138,624 --a------ C:\WINNT\system32\drivers\sp_rsdrv2.sys
2007-07-31 11:51 <DIR> d-a------ C:\Program Files\Spyware Terminator
2007-07-31 11:51 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-31 11:51 <DIR> d-------- C:\Program Files\Crawler
2007-07-29 14:57 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_378.dat
2007-07-29 09:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_370.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-24 15:33 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
07-08-24 15:03 --------- d-------- C:\Program Files\BitComet
07-08-23 19:41 --------- d-------- C:\Program Files\Google
07-08-22 18:35 --------- d-------- C:\Program Files\Burn4Free
07-08-21 12:23 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-06 00:09 --------- d-------- C:\Program Files\SecondLife
07-08-05 19:39 --------- d-------- C:\Program Files\Picasa2
07-07-29 12:17 --------- d-------- C:\Program Files\Free Window Registry Repair
07-07-26 09:34 --------- d-------- C:\Program Files\QuickTime
07-07-22 13:09 --------- d-------- C:\Program Files\BSP Multimedia
07-07-22 10:06 --------- d-------- C:\DOCUME~1\JM\DATAAP~1\Skype
07-07-21 20:04 --------- d-a------ C:\Program Files\ICQLite
07-07-11 18:04 --------- d-------- C:\Program Files\Runtime Software
07-07-03 22:17 --------- d-------- C:\DOCUME~1\JM\DATAAP~1\Help
07-07-03 18:43 132904 --a------ C:\WINNT\system32\drivers\imagesrv.sys
07-07-03 18:43 11304 --a------ C:\WINNT\system32\drivers\imagedrv.sys
07-07-03 10:13 32513029 --a------ C:\Program Files\Second Life 1-17-2-0 Setup.exe
07-07-02 19:26 26944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
07-07-02 18:33 --------- d-------- C:\Program Files\CCleaner
07-06-27 19:05 972072 --a------ C:\WINNT\UNNeroMediaHome.exe
07-06-26 14:12 972072 --a------ C:\WINNT\UNNeroVision.exe
07-05-26 10:43 211907 --a------ C:\Program Files\SecondLife(3).zip
07-03-04 14:49 271 ---h----- C:\Program Files\desktop.ini
07-03-04 14:49 22034 ---h----- C:\Program Files\folder.htt
03-07-03 14:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-07-03 14:00 C:\WINNT\system32\mobsync.exe]
"nwiz"="nwiz.exe" [03-06-13 06:31 C:\WINNT\system32\nwiz.exe]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [06-12-27 17:53 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [07-01-23 11:19 ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [07-08-01 00:09 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [07-03-01 15:57 ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [07-08-24 15:37 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-07-03 14:00 C:\WINNT\system32\internat.exe]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [06-12-27 17:53 ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07-06-27 19:03 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\JM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 00:28:19]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-10-15 13:46:16]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-09 21:21:52]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 SiSRaid;SiSRaid;C:\WINNT\system32\DRIVERS\SiSRaid.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINNT\system32\drivers\sp_rsdrv2.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINNT\system32\DRIVERS\nvcap.sys
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\DRIVERS\nvtunep.sys
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\DRIVERS\nvtvsnd.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINNT\system32\DRIVERS\NVxbar.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 openhci;Ovladač otevřeného hostitelského řadiče USB;C:\WINNT\system32\DRIVERS\openhci.sys
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 BTCOMM;BTCOMM;C:\WINNT\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINNT\system32\DRIVERS\btkrnbdg.sys
S3 PAC207;VideoCAM GE111;C:\WINNT\system32\DRIVERS\pfc027.sys
S3 PhTVTune;ASUS WDM TV Tuner;C:\WINNT\system32\DRIVERS\PhTVTune.sys


Contents of the 'Scheduled Tasks' folder
2007-08-23 07:07:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 22:25:26
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-24 23:16:43
C:\ComboFix-quarantined-files.txt ... 07-08-24 23:16

--- E O F ---

[Reklama]

[Michela]

tak, co teď s tím zajímavým logem, nevíte někdo? Asi jsem furt nesmazala příčinu, disk se pomalinku znovu plní...

[iwigirl]

stáhni si avenger : http://viry.cz/forum/viewtopic.php?t=19832

vlož do skriptu toto:


Files to delete:
C:\WINNT\system32\TABCTFR.DLL
C:\WINNT\system32\Mscc2fr.dll
C:\WINNT\system32\bb201.exe

poté stisk DONE, semafor a po restartu sem vlož log z avengeru, který vyjede + nový log z combofixu.

[Michela]

log z avengeru je tady, hned vlozim i ten z combofixu:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eaausvnf

*******************

Script file located at: \??\C:\WINNT\system32\cmbtfcfp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\system32\TABCTFR.DLL deleted successfully.
File C:\WINNT\system32\Mscc2fr.dll deleted successfully.
File C:\WINNT\system32\bb201.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qythwixs

*******************

Script file located at: \??\C:\WINNT\system32\eqnsxytj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINNT\system32\TABCTFR.DLL not found!
Deletion of file C:\WINNT\system32\TABCTFR.DLL failed!

Could not process line:
C:\WINNT\system32\TABCTFR.DLL
Status: 0xc0000034



File C:\WINNT\system32\Mscc2fr.dll not found!
Deletion of file C:\WINNT\system32\Mscc2fr.dll failed!

Could not process line:
C:\WINNT\system32\Mscc2fr.dll
Status: 0xc0000034



File C:\WINNT\system32\bb201.exe not found!
Deletion of file C:\WINNT\system32\bb201.exe failed!

Could not process line:
C:\WINNT\system32\bb201.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[iwigirl]

log z avengeru tu je již 2x, log z combofixu ani jeden

[Michela]

už ne, sorry všimal jsem si, odstraněno. ten combofix /nebo jak se to jmenuje/ ještě jede, prej připravuje log...

[Michela]

druhý log je konečně tady :)

ComboFix 07-08-17.2 - "JM" 25.08.2007 13:35:40.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1029.18.220 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))


2007-08-25 13:35 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3dc.dat
2007-08-24 19:43 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-24 18:51 <DIR> d-------- C:\!KillBox
2007-08-24 15:42 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\Comodo
2007-08-24 15:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Comodo
2007-08-24 15:37 <DIR> d-------- C:\Program Files\Comodo
2007-08-24 13:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-24 13:21 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\SUPERAntiSpyware.com
2007-08-24 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\SUPERAntiSpyware.com
2007-08-24 00:38 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_380.dat
2007-08-23 22:28 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_388.dat
2007-08-22 19:05 516,173 --a------ C:\WINNT\system32\MSVCP60D.DLL
2007-08-22 19:05 385,100 --a------ C:\WINNT\system32\MSVCRTD.DLL
2007-08-22 19:05 32,768 --a------ C:\WINNT\system32\CMDLGFR.DLL
2007-08-22 19:05 307,200 --a------ C:\WINNT\system32\msvcr70.dll
2007-08-22 19:05 141,312 --a------ C:\WINNT\system32\MSCMCFR.DLL
2007-08-22 19:05 119,568 --a------ C:\WINNT\system32\VB6FR.DLL
2007-08-22 19:05 101,888 --a------ C:\WINNT\system32\VB6STKIT.DLL
2007-08-22 19:05 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-08-22 14:07 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_384.dat
2007-08-20 20:53 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\Ahead
2007-08-20 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Ahead
2007-08-20 20:49 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-08-20 20:49 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-08-20 20:49 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-08-20 20:49 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-08-20 20:49 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-08-20 20:49 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-08-20 20:49 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-08-20 20:49 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-08-20 20:49 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-08-20 20:49 <DIR> d-------- C:\Program Files\Nero
2007-08-20 20:49 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-20 20:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Nero
2007-08-20 20:45 <DIR> d-------- C:\Program Files\stickies
2007-08-17 17:49 <DIR> d-------- C:\DOCUME~1\JM\DATAAP~1\stickies
2007-08-16 11:20 <DIR> d-------- C:\Program Files\iTunes
2007-08-16 11:20 <DIR> d-------- C:\Program Files\iPod
2007-08-05 20:04 <DIR> d-------- C:\DOCUME~1\JM\pbc_muzik ý 1
2007-08-05 19:59 <DIR> d-------- C:\Programy
2007-08-01 00:09 138,624 --a------ C:\WINNT\system32\drivers\sp_rsdrv2.sys
2007-07-31 11:51 <DIR> d-a------ C:\Program Files\Spyware Terminator
2007-07-31 11:51 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-31 11:51 <DIR> d-------- C:\Program Files\Crawler
2007-07-29 14:57 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_378.dat
2007-07-29 09:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_370.dat
2007-07-22 17:35 14,300 --ah----- C:\WINNT\system32\mlfcache.dat
2007-07-22 13:09 <DIR> d-------- C:\Program Files\BSP Multimedia
2007-07-09 20:09 <DIR> d-------- C:\Program Files\Burn4Free
2007-07-09 19:55 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_36c.dat
2007-07-09 17:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 11:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_374.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

29.07.07 12:17 --------- d-------- C:\Program Files\Free Window Registry Repair
27.06.07 19:05 972072 --a------ C:\WINNT\UNNeroMediaHome.exe
26.07.07 09:34 --------- d-------- C:\Program Files\QuickTime
26.06.07 14:12 972072 --a------ C:\WINNT\UNNeroVision.exe
26.05.07 10:43 211907 --a------ C:\Program Files\SecondLife(3).zip
24.08.07 15:03 --------- d-------- C:\Program Files\BitComet
23.08.07 19:41 --------- d-------- C:\Program Files\Google
22.07.07 10:06 --------- d-------- C:\DOCUME~1\JM\DATAAP~1\Skype
21.08.07 12:23 --------- d--h----- C:\Program Files\InstallShield Installation Information
21.07.07 20:04 --------- d-a------ C:\Program Files\ICQLite
11.07.07 18:04 --------- d-------- C:\Program Files\Runtime Software
06.08.07 00:09 --------- d-------- C:\Program Files\SecondLife
05.08.07 19:39 --------- d-------- C:\Program Files\Picasa2
04.03.07 14:49 271 ---h----- C:\Program Files\desktop.ini
04.03.07 14:49 22034 ---h----- C:\Program Files\folder.htt
03.07.07 22:17 --------- d-------- C:\DOCUME~1\JM\DATAAP~1\Help
03.07.07 18:43 132904 --a------ C:\WINNT\system32\drivers\imagesrv.sys
03.07.07 18:43 11304 --a------ C:\WINNT\system32\drivers\imagedrv.sys
03.07.07 10:13 32513029 --a------ C:\Program Files\Second Life 1-17-2-0 Setup.exe
03.07.03 14:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
02.07.07 19:26 26944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
02.07.07 18:33 --------- d-------- C:\Program Files\CCleaner


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03.07.03 14:00 C:\WINNT\system32\mobsync.exe]
"nwiz"="nwiz.exe" [13.06.03 06:31 C:\WINNT\system32\nwiz.exe]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27.12.06 17:53 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.07 04:00 ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.01.07 11:19 ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27.04.07 09:41 ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [01.08.07 00:09 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [27.07.07 20:14 ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01.03.07 15:57 ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [24.08.07 15:37 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03.07.03 14:00 C:\WINNT\system32\internat.exe]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27.12.06 17:53 ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.06 16:45 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27.06.07 19:03 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\JM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-09 00:28:19]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-10-15 13:46:16]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-09 21:21:52]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 SiSRaid;SiSRaid;C:\WINNT\system32\DRIVERS\SiSRaid.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINNT\system32\drivers\sp_rsdrv2.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINNT\system32\DRIVERS\nvcap.sys
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\DRIVERS\nvtunep.sys
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\DRIVERS\nvtvsnd.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINNT\system32\DRIVERS\NVxbar.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 openhci;Ovladač otevřeného hostitelského řadiče USB;C:\WINNT\system32\DRIVERS\openhci.sys
R3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 BTCOMM;BTCOMM;C:\WINNT\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINNT\system32\DRIVERS\btkrnbdg.sys
S3 PAC207;VideoCAM GE111;C:\WINNT\system32\DRIVERS\pfc027.sys
S3 PhTVTune;ASUS WDM TV Tuner;C:\WINNT\system32\DRIVERS\PhTVTune.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-23 07:07:03 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 14:11:42
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 25.08.2007 14:41:50
C:\ComboFix-quarantined-files.txt ... 25.08.07 14:40
C:\ComboFix2.txt ... 24.08.07 23:16

--- E O F ---

[iwigirl]

tyto 2 soubory otestuj na http://www.virustotal.com :
C:\Program Files\desktop.ini
C:\Program Files\folder.htt

[Michela]

výsledky jsou tyto:

Soubor folder.htt přijatý 2007.08.25 15:46:15 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/32 (0%)

----

Soubor desktop.ini přijatý 2007.08.25 15:44:32 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/32 (0%)

co teď?...

[sakiri]

Znamená to že jsi ve frontě ale ty soubory netestuj jsou v pořádku.

Proscanuj PC MWAVem a vlož sem po dokončení scanu upravený log jak je popsáno v návodu.

[Michela]

log z mwavu..doufám že je to ok.

Tue Aug 28 12:14:26 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD

Tue Aug 28 12:14:26 2007 => ***** Scanning Registry and File system for Adware/Spyware *****
Tue Aug 28 12:14:26 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\JM\LOCALS~1\Temp\spydb.avs, Size: 246385].
Tue Aug 28 12:14:26 2007 => Indexed Spyware Databases Successfully Created...

Tue Aug 28 12:14:33 2007 => System found infected with xolox Spyware/Adware ({f02c0ae1-d796-42c9-81e1-084d88f79b8e})! Action taken: No Action Taken.
Tue Aug 28 12:14:33 2007 => System found infected with navexcel Spyware/Adware ({710bcb5b-8c6c-483e-a4f5-faf083b13184})! Action taken: No Action Taken.
Tue Aug 28 12:15:28 2007 => System found infected with xolox Spyware/Adware ({2850bdc7-2330-4e31-9fa0-88268846539a})! Action taken: No Action Taken.
Tue Aug 28 12:15:29 2007 => System found infected with navexcel Spyware/Adware ({710bcb5b-8c6c-483e-a4f5-faf083b13184})! Action taken: No Action Taken.
Tue Aug 28 12:15:31 2007 => Offending Key found: HKLM\Software\morp !!!
Tue Aug 28 12:15:31 2007 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Aug 28 12:15:34 2007 => Offending file found: C:\WINNT\system32\swreg.exe
Tue Aug 28 12:15:34 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swreg.exe)! Action taken: No Action Taken.

Tue Aug 28 12:15:34 2007 => Offending file found: C:\WINNT\system32\swsc.exe
Tue Aug 28 12:15:34 2007 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (swsc.exe)! Action taken: No Action Taken.

Tue Aug 28 12:16:25 2007 => System found infected with navexcel browser helper Spyware/Adware (nhelper.dll)! Action taken: No Action Taken.

Tue Aug 28 12:16:25 2007 => System found infected with navexcel browser helper Spyware/Adware (nhelper.dll)! Action taken: No Action Taken.

Tue Aug 28 12:16:26 2007 => Offending file found: C:\WINNT\system32\unrar.dll
Tue Aug 28 12:16:26 2007 => System found infected with savenow Adware (C:\WINNT\system32\unrar.dll)! Action taken: No Action Taken.

Tue Aug 28 12:16:30 2007 => Checking CLSID Reference Entries...
Tue Aug 28 12:16:30 2007 => Entry "HKCR\Gln.GLNBho" refers to invalid object "{B4E7CAAB-6535-4243-99BD-F12350B584A2}". Action Taken: No Action Taken.

Tue Aug 28 12:16:30 2007 => Entry "HKCR\Gln.GLNBho.1" refers to invalid object "{B4E7CAAB-6535-4243-99BD-F12350B584A2}". Action Taken: No Action Taken.

Tue Aug 28 12:16:32 2007 => Checking Module Usage Entries...
Tue Aug 28 12:16:32 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\int_ver22b.ocx". Action Taken: No Action Taken.

Tue Aug 28 12:16:32 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\system32\OBJSAFE.TLB". Action Taken: No Action Taken.

Tue Aug 28 12:16:32 2007 => Checking User Trusted External App Entries...
Tue Aug 28 12:16:32 2007 => Checking Shared DLL Entries...
Tue Aug 28 12:16:36 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\Mscc2fr.dll". Action Taken: No Action Taken.

Tue Aug 28 12:16:36 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\TABCTFR.DLL". Action Taken: No Action Taken.

Tue Aug 28 12:16:36 2007 => Checking Installer Entries...
Tue Aug 28 12:16:38 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Second Life Speech Tools\". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\JM\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\SUPERAntiSpyware\". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Checking Shared Tools Entries...
Tue Aug 28 12:16:39 2007 => Checking File Extension Entries...
Tue Aug 28 12:16:39 2007 => Checking Application Cache Entries...
Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BitComet". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KnightsAndMerchants". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Stickies 6.0c". Action Taken: No Action Taken.

Tue Aug 28 12:16:39 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F6D63A65-BD23-46F3-B9A3-87F442423481}". Action Taken: No Action Taken.
snad je to vše.

[Baron Prášil]

najdi a smaž
C:\WINNT\system32\unrar.dll
(líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)

a použij T-Cleaner-ten vymaže soubory,který si vytvořil například combofix a který jinej program může považovat za šmejda