Prosim o pomoc s timto virem. hazi mi to jeste vselijake dalsi hlasky, ale myslim ze tohle je zasadni problem. vubec si s tim nevim rady. prosim o podrobnejsi vysvetleni jak se tohoto viru zbavit, protoze pocitacum az tak uplne nerozumim. zde posilam vypis z HJT. mockrat dekuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:57, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Documents and Settings\Honza M\Plocha\HM\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ptrlvajg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Spuštění Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 6889 bytes
Trojan-Spy.Win32@mx
Použij ComboFix:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Tak tady zasilam vysledek z toho ComboFixu:
ComboFix 07-11-08.3 - Honza M 2007-11-19 16:18:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1577 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Honza M\Plocha\Online Security Guide.lnk
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\ptrlvajg.dllbox
C:\WINDOWS\system32\winzwr32.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-19 16:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 23:37 <DIR> d-------- C:\Program Files\onmtwbeh
2007-11-18 23:37 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-18 21:16 85,056 --a------ C:\WINDOWS\system32\jcpakngf.dll
2007-11-18 21:13 79,424 --a------ C:\WINDOWS\system32\tsptydds.dll
2007-11-18 21:10 145,984 --a------ C:\WINDOWS\system32\ptrlvajg.dll
2007-11-18 21:10 145,984 --a------ C:\WINDOWS\system32\lxicndaf.dll
2007-11-15 21:27 36,352 --a------ C:\WINDOWS\system32\cbxxvsq.dll
2007-11-15 21:23 36,352 --a------ C:\WINDOWS\system32\nnnkhih.dll
2007-11-15 20:51 36,352 --a------ C:\WINDOWS\system32\awtutqp.dll
2007-11-14 20:14 <DIR> d-------- C:\Program Files\ShrinkTo5
2007-11-14 18:24 <DIR> d-------- C:\Program Files\Autodesk
2007-11-12 14:48 <DIR> d-------- C:\WINDOWS\Sun
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Java
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 21:37 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-11-10 14:52 <DIR> d-------- C:\Program Files\Teplota
2007-11-10 13:26 <DIR> d-------- C:\Program Files\Alarm
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 16:22 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-06 20:59 10,225 --a------ C:\WINDOWS\extend.dat
2007-11-06 20:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-06 19:03 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 18:58 <DIR> d-------- C:\WINDOWS\SendTo
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\N povŘda
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\forms
2007-11-06 18:57 <DIR> d-------- C:\Program Files\Windows Messaging
2007-11-06 15:56 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2007-11-06 08:34 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-11-05 20:34 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-11-05 18:58 <DIR> d-------- C:\WINDOWS\pss
2007-11-05 18:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-05 18:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Nero
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-05 17:59 <DIR> d-------- C:\Program Files\Verdict Free
2007-11-05 17:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-05 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-04 23:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-04 23:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-04 23:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-04 23:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-04 23:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-04 23:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-04 23:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-04 23:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 23:08 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-11-04 23:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-04 22:57 1,408 --a------ C:\WINDOWS\mozver.dat
2007-11-04 22:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-04 22:50 <DIR> d-------- C:\Poźˇtaź
2007-11-04 22:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 22:10 <DIR> d-------- C:\Program Files\Encyklopedie
2007-11-04 21:55 260,096 --a------ C:\WINDOWS\CDILLA32.DLL
2007-11-04 21:55 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
2007-11-04 21:55 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
2007-11-04 21:55 57,136 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS
2007-11-04 21:55 55,376 --a------ C:\WINDOWS\CDILLA40.DLL
2007-11-04 21:55 45,056 --a------ C:\WINDOWS\CDILLA13.DLL
2007-11-04 21:55 32,256 --a------ C:\WINDOWS\system32\drivers\CDANTSRV.EXE
2007-11-04 21:55 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
2007-11-04 21:55 7,056 --a------ C:\WINDOWS\CDILLA16.EXE
2007-11-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2007-11-04 21:48 <DIR> d-------- C:\Documents and Settings\Honza M\WINDOWS
2007-11-04 21:48 <DIR> d--h----- C:\C_DILLA
2007-11-04 21:48 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-04 21:47 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-04 21:47 <DIR> d-------- C:\Program Files\AutoCAD 2002 Cz
2007-11-03 00:55 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-11-03 00:14 <DIR> d-------- C:\Program Files\Audiograbber
2007-11-03 00:12 <DIR> d-------- C:\Program Files\Kodek CZ
2007-11-03 00:10 <DIR> d-------- C:\Program Files\CDex_170b2
2007-11-02 22:08 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-02 22:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-02 22:07 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-02 22:07 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-11-02 22:06 <DIR> dr------- C:\Program Files
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2007-11-02 22:03 <DIR> d-------- C:\Documents and Settings
2007-11-02 21:58 <DIR> d-------- C:\WINDOWS
2007-11-02 18:03 <DIR> d-------- C:\Program Files\RadLight Company
2007-11-02 16:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-02 16:07 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-02 16:07 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-07 15:28 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 09:36 40,488 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-09-20 09:36 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 09:36 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-09-20 09:36 125,864 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889fffba-55f3-4269-a014-3727d70ee378}]
2007-11-18 21:13 79424 --a------ C:\WINDOWS\system32\tsptydds.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-18 21:10 145984 --a------ C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-15 20:51 36352 --a------ C:\WINDOWS\system32\awtutqp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptrlvajg.dll [2007-11-18 21:10 145984]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"QIP2005"="C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe" [2007-07-15 10:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\awtutqp.dll [2007-11-15 20:51 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtutqp]
awtutqp.dll 2007-11-15 20:51 36352 C:\WINDOWS\system32\awtutqp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg]
ptrlvajg.dll 2007-11-18 21:10 145984 C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c0de1ed]
rundll32.exe "C:\WINDOWS\system32\jcpakngf.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abwvajsx]
rundll32.exe "C:\Program Files\abwvajsx\qjkxebkr.dll",Init
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videos]
"C:\Program Files\laughnetwork\update.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvarwpaz]
regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\wvarwpaz.dll"
R1 atitray;atitray;\??\C:\Program Files\Teplota\ATI Tray Tools\atitray.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 16:28:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 16:30:45 - machine was rebooted
.
--- E O F ---
ComboFix 07-11-08.3 - Honza M 2007-11-19 16:18:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1577 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Honza M\Plocha\Online Security Guide.lnk
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\ptrlvajg.dllbox
C:\WINDOWS\system32\winzwr32.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-19 16:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 23:37 <DIR> d-------- C:\Program Files\onmtwbeh
2007-11-18 23:37 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-18 21:16 85,056 --a------ C:\WINDOWS\system32\jcpakngf.dll
2007-11-18 21:13 79,424 --a------ C:\WINDOWS\system32\tsptydds.dll
2007-11-18 21:10 145,984 --a------ C:\WINDOWS\system32\ptrlvajg.dll
2007-11-18 21:10 145,984 --a------ C:\WINDOWS\system32\lxicndaf.dll
2007-11-15 21:27 36,352 --a------ C:\WINDOWS\system32\cbxxvsq.dll
2007-11-15 21:23 36,352 --a------ C:\WINDOWS\system32\nnnkhih.dll
2007-11-15 20:51 36,352 --a------ C:\WINDOWS\system32\awtutqp.dll
2007-11-14 20:14 <DIR> d-------- C:\Program Files\ShrinkTo5
2007-11-14 18:24 <DIR> d-------- C:\Program Files\Autodesk
2007-11-12 14:48 <DIR> d-------- C:\WINDOWS\Sun
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Java
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 21:37 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-11-10 14:52 <DIR> d-------- C:\Program Files\Teplota
2007-11-10 13:26 <DIR> d-------- C:\Program Files\Alarm
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 16:22 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-06 20:59 10,225 --a------ C:\WINDOWS\extend.dat
2007-11-06 20:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-06 19:03 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 18:58 <DIR> d-------- C:\WINDOWS\SendTo
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\N povŘda
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\forms
2007-11-06 18:57 <DIR> d-------- C:\Program Files\Windows Messaging
2007-11-06 15:56 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2007-11-06 08:34 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-11-05 20:34 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-11-05 18:58 <DIR> d-------- C:\WINDOWS\pss
2007-11-05 18:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-05 18:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Nero
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-05 17:59 <DIR> d-------- C:\Program Files\Verdict Free
2007-11-05 17:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-05 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-04 23:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-04 23:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-04 23:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-04 23:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-04 23:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-04 23:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-04 23:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-04 23:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 23:08 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-11-04 23:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-04 22:57 1,408 --a------ C:\WINDOWS\mozver.dat
2007-11-04 22:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-04 22:50 <DIR> d-------- C:\Poźˇtaź
2007-11-04 22:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 22:10 <DIR> d-------- C:\Program Files\Encyklopedie
2007-11-04 21:55 260,096 --a------ C:\WINDOWS\CDILLA32.DLL
2007-11-04 21:55 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
2007-11-04 21:55 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
2007-11-04 21:55 57,136 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS
2007-11-04 21:55 55,376 --a------ C:\WINDOWS\CDILLA40.DLL
2007-11-04 21:55 45,056 --a------ C:\WINDOWS\CDILLA13.DLL
2007-11-04 21:55 32,256 --a------ C:\WINDOWS\system32\drivers\CDANTSRV.EXE
2007-11-04 21:55 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
2007-11-04 21:55 7,056 --a------ C:\WINDOWS\CDILLA16.EXE
2007-11-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2007-11-04 21:48 <DIR> d-------- C:\Documents and Settings\Honza M\WINDOWS
2007-11-04 21:48 <DIR> d--h----- C:\C_DILLA
2007-11-04 21:48 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-04 21:47 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-04 21:47 <DIR> d-------- C:\Program Files\AutoCAD 2002 Cz
2007-11-03 00:55 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-11-03 00:14 <DIR> d-------- C:\Program Files\Audiograbber
2007-11-03 00:12 <DIR> d-------- C:\Program Files\Kodek CZ
2007-11-03 00:10 <DIR> d-------- C:\Program Files\CDex_170b2
2007-11-02 22:08 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-02 22:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-02 22:07 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-02 22:07 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-11-02 22:06 <DIR> dr------- C:\Program Files
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2007-11-02 22:03 <DIR> d-------- C:\Documents and Settings
2007-11-02 21:58 <DIR> d-------- C:\WINDOWS
2007-11-02 18:03 <DIR> d-------- C:\Program Files\RadLight Company
2007-11-02 16:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-02 16:07 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-02 16:07 737,280 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-07 15:28 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 09:36 40,488 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-09-20 09:36 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 09:36 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-09-20 09:36 125,864 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889fffba-55f3-4269-a014-3727d70ee378}]
2007-11-18 21:13 79424 --a------ C:\WINDOWS\system32\tsptydds.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-18 21:10 145984 --a------ C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-15 20:51 36352 --a------ C:\WINDOWS\system32\awtutqp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptrlvajg.dll [2007-11-18 21:10 145984]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"QIP2005"="C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe" [2007-07-15 10:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\awtutqp.dll [2007-11-15 20:51 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtutqp]
awtutqp.dll 2007-11-15 20:51 36352 C:\WINDOWS\system32\awtutqp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg]
ptrlvajg.dll 2007-11-18 21:10 145984 C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c0de1ed]
rundll32.exe "C:\WINDOWS\system32\jcpakngf.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abwvajsx]
rundll32.exe "C:\Program Files\abwvajsx\qjkxebkr.dll",Init
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videos]
"C:\Program Files\laughnetwork\update.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvarwpaz]
regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\wvarwpaz.dll"
R1 atitray;atitray;\??\C:\Program Files\Teplota\ATI Tray Tools\atitray.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 16:28:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 16:30:45 - machine was rebooted
.
--- E O F ---
Spusť Notepad (Poznámkový blok) a vlož do něj text z bílého políčka:
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
Kód: Vybrat vše
File::
C:\WINDOWS\system32\jcpakngf.dll
C:\WINDOWS\system32\tsptydds.dll
C:\WINDOWS\system32\ptrlvajg.dll
C:\WINDOWS\system32\lxicndaf.dll
C:\WINDOWS\system32\cbxxvsq.dll
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\awtutqp.dll
C:\Documents and Settings\All Users\Data aplikací\wvarwpaz.dll
Folder::
C:\Program Files\abwvajsx
C:\Program Files\SecCenter
C:\Program Files\laughnetwork
DirLook:
C:\Program Files\onmtwbeh
C:\Program Files\E404DHelper
C:\Documents and Settings\Honza M\WINDOWS
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889fffba-55f3-4269-a014-3727d70ee378}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtutqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5c0de1ed]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\abwvajsx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvarwpaz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
tak tady je:
ComboFix 07-11-08.3 - Honza M 2007-11-19 18:12:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1590 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Honza M\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\Documents and Settings\All Users\Data aplikací\wvarwpaz.dll
C:\WINDOWS\system32\awtutqp.dll
C:\WINDOWS\system32\cbxxvsq.dll
C:\WINDOWS\system32\jcpakngf.dll
C:\WINDOWS\system32\lxicndaf.dll
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\ptrlvajg.dll
C:\WINDOWS\system32\tsptydds.dll
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Honza M\Plocha\Online Security Guide.lnk
C:\Documents and Settings\Honza M\WINDOWS
C:\WINDOWS\system32\awtutqp.dll
C:\WINDOWS\system32\cbxxvsq.dll
C:\WINDOWS\system32\jcpakngf.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\lxicndaf.dll
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\ptrlvajg.dll
C:\WINDOWS\system32\ptrlvajg.dllbox
C:\WINDOWS\system32\tsptydds.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-19 16:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 23:37 <DIR> d-------- C:\Program Files\onmtwbeh
2007-11-18 23:37 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-18 21:10 145,984 --------- C:\WINDOWS\system32\ptrlvajg.dll
2007-11-14 20:14 <DIR> d-------- C:\Program Files\ShrinkTo5
2007-11-14 18:24 <DIR> d-------- C:\Program Files\Autodesk
2007-11-12 14:48 <DIR> d-------- C:\WINDOWS\Sun
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Java
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 21:37 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-11-10 14:52 <DIR> d-------- C:\Program Files\Teplota
2007-11-10 13:26 <DIR> d-------- C:\Program Files\Alarm
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 16:22 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-06 20:59 10,225 --a------ C:\WINDOWS\extend.dat
2007-11-06 20:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-06 19:03 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 18:58 <DIR> d-------- C:\WINDOWS\SendTo
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\N povŘda
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\forms
2007-11-06 18:57 <DIR> d-------- C:\Program Files\Windows Messaging
2007-11-06 15:56 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2007-11-06 08:34 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-11-05 20:34 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-11-05 18:58 <DIR> d-------- C:\WINDOWS\pss
2007-11-05 18:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-05 18:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Nero
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-05 17:59 <DIR> d-------- C:\Program Files\Verdict Free
2007-11-05 17:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-05 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-04 23:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-04 23:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-04 23:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-04 23:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-04 23:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-04 23:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-04 23:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-04 23:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 23:08 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-11-04 23:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-04 22:57 1,408 --a------ C:\WINDOWS\mozver.dat
2007-11-04 22:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-04 22:50 <DIR> d-------- C:\Poźˇtaź
2007-11-04 22:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 22:10 <DIR> d-------- C:\Program Files\Encyklopedie
2007-11-04 21:55 260,096 --a------ C:\WINDOWS\CDILLA32.DLL
2007-11-04 21:55 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
2007-11-04 21:55 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
2007-11-04 21:55 57,136 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS
2007-11-04 21:55 55,376 --a------ C:\WINDOWS\CDILLA40.DLL
2007-11-04 21:55 45,056 --a------ C:\WINDOWS\CDILLA13.DLL
2007-11-04 21:55 32,256 --a------ C:\WINDOWS\system32\drivers\CDANTSRV.EXE
2007-11-04 21:55 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
2007-11-04 21:55 7,056 --a------ C:\WINDOWS\CDILLA16.EXE
2007-11-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2007-11-04 21:48 <DIR> d--h----- C:\C_DILLA
2007-11-04 21:48 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-04 21:47 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-04 21:47 <DIR> d-------- C:\Program Files\AutoCAD 2002 Cz
2007-11-03 00:55 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-11-03 00:14 <DIR> d-------- C:\Program Files\Audiograbber
2007-11-03 00:12 <DIR> d-------- C:\Program Files\Kodek CZ
2007-11-03 00:10 <DIR> d-------- C:\Program Files\CDex_170b2
2007-11-02 22:08 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-02 22:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-02 22:07 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-02 22:07 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-11-02 22:06 <DIR> dr------- C:\Program Files
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2007-11-02 22:03 <DIR> d-------- C:\Documents and Settings
2007-11-02 21:58 <DIR> d-------- C:\WINDOWS
2007-11-02 18:03 <DIR> d-------- C:\Program Files\RadLight Company
2007-11-02 16:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-02 16:07 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-02 16:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-02 15:56 <DIR> dr------- C:\Dokumenty
2007-11-02 15:31 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-02 14:42 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-11-02 14:41 84,992 -ra------ C:\WINDOWS\system32\drivers\AtiHdAud.sys
2007-11-02 14:39 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2007-11-02 14:39 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2007-11-02 14:39 972,072 -ra------ C:\WINDOWS\system32\ativva6x.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-07 15:28 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 09:36 40,488 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-09-20 09:36 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 09:36 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-09-20 09:36 125,864 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_16.29.36.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-19 15:27:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat
+ 2007-11-19 17:20:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-19 18:19 145984 --------- C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptrlvajg.dll [2007-11-19 18:19 145984]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"QIP2005"="C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe" [2007-07-15 10:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg]
ptrlvajg.dll 2007-11-19 18:19 145984 C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
R1 atitray;atitray;\??\C:\Program Files\Teplota\ATI Tray Tools\atitray.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 18:21:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 18:22:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-19 16:30
.
--- E O F ---
ComboFix 07-11-08.3 - Honza M 2007-11-19 18:12:27.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1590 [GMT 1:00]
Running from: C:\Documents and Settings\Honza M\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Honza M\Plocha\CFScript.txt
* Created a new restore point
FILE
C:\Documents and Settings\All Users\Data aplikací\wvarwpaz.dll
C:\WINDOWS\system32\awtutqp.dll
C:\WINDOWS\system32\cbxxvsq.dll
C:\WINDOWS\system32\jcpakngf.dll
C:\WINDOWS\system32\lxicndaf.dll
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\ptrlvajg.dll
C:\WINDOWS\system32\tsptydds.dll
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Nabídka Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Oblíbené položky\Online Security Guide.lnk
C:\Documents and Settings\Honza M\Plocha\Live Safety Center.lnk
C:\Documents and Settings\Honza M\Plocha\Online Security Guide.lnk
C:\Documents and Settings\Honza M\WINDOWS
C:\WINDOWS\system32\awtutqp.dll
C:\WINDOWS\system32\cbxxvsq.dll
C:\WINDOWS\system32\jcpakngf.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\lxicndaf.dll
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\ptrlvajg.dll
C:\WINDOWS\system32\ptrlvajg.dllbox
C:\WINDOWS\system32\tsptydds.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-19 16:14 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 23:37 <DIR> d-------- C:\Program Files\onmtwbeh
2007-11-18 23:37 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-18 21:10 145,984 --------- C:\WINDOWS\system32\ptrlvajg.dll
2007-11-14 20:14 <DIR> d-------- C:\Program Files\ShrinkTo5
2007-11-14 18:24 <DIR> d-------- C:\Program Files\Autodesk
2007-11-12 14:48 <DIR> d-------- C:\WINDOWS\Sun
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Java
2007-11-12 14:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-10 21:37 <DIR> d-------- C:\Program Files\YouTube Video Downloader
2007-11-10 14:52 <DIR> d-------- C:\Program Files\Teplota
2007-11-10 13:26 <DIR> d-------- C:\Program Files\Alarm
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-08 21:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 16:22 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-06 20:59 10,225 --a------ C:\WINDOWS\extend.dat
2007-11-06 20:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-06 19:03 <DIR> d-------- C:\Program Files\MSECache
2007-11-06 18:58 <DIR> d-------- C:\WINDOWS\SendTo
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\N povŘda
2007-11-06 18:57 <DIR> d-------- C:\WINDOWS\forms
2007-11-06 18:57 <DIR> d-------- C:\Program Files\Windows Messaging
2007-11-06 15:56 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2007-11-06 08:34 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-11-05 20:34 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-11-05 18:58 <DIR> d-------- C:\WINDOWS\pss
2007-11-05 18:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-05 18:49 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Nero
2007-11-05 18:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-05 17:59 <DIR> d-------- C:\Program Files\Verdict Free
2007-11-05 17:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-05 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-04 23:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-04 23:51 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-04 23:51 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-04 23:51 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-04 23:51 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-04 23:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-04 23:51 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-04 23:51 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 23:08 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-11-04 23:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-04 22:57 1,408 --a------ C:\WINDOWS\mozver.dat
2007-11-04 22:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-04 22:50 <DIR> d-------- C:\Poźˇtaź
2007-11-04 22:44 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 22:10 <DIR> d-------- C:\Program Files\Encyklopedie
2007-11-04 21:55 260,096 --a------ C:\WINDOWS\CDILLA32.DLL
2007-11-04 21:55 63,344 --a------ C:\WINDOWS\CDILLA05.DLL
2007-11-04 21:55 60,416 --a------ C:\WINDOWS\CDILLA64.EXE
2007-11-04 21:55 57,136 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS
2007-11-04 21:55 55,376 --a------ C:\WINDOWS\CDILLA40.DLL
2007-11-04 21:55 45,056 --a------ C:\WINDOWS\CDILLA13.DLL
2007-11-04 21:55 32,256 --a------ C:\WINDOWS\system32\drivers\CDANTSRV.EXE
2007-11-04 21:55 23,856 --a------ C:\WINDOWS\CDILLA10.EXE
2007-11-04 21:55 7,056 --a------ C:\WINDOWS\CDILLA16.EXE
2007-11-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2007-11-04 21:48 <DIR> d--h----- C:\C_DILLA
2007-11-04 21:48 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-04 21:47 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-04 21:47 <DIR> d-------- C:\Program Files\AutoCAD 2002 Cz
2007-11-03 00:55 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-11-03 00:14 <DIR> d-------- C:\Program Files\Audiograbber
2007-11-03 00:12 <DIR> d-------- C:\Program Files\Kodek CZ
2007-11-03 00:10 <DIR> d-------- C:\Program Files\CDex_170b2
2007-11-02 22:08 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-02 22:08 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-02 22:07 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-02 22:07 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-11-02 22:06 <DIR> dr------- C:\Program Files
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Plocha
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ tisk rny
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\Default User\Okolnˇ sˇś
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\Default User\Nabˇdka Start
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\Default User\Dokumenty
2007-11-02 22:05 <DIR> d--h----- C:\Documents and Settings\All Users\ćablony
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Plocha
2007-11-02 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Oblˇben‚ polo§ky
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Nabˇdka Start
2007-11-02 22:05 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-11-02 22:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Data aplikacˇ
2007-11-02 22:03 <DIR> dr-h----- C:\Documents and Settings\All Users\Data aplikacˇ
2007-11-02 22:03 <DIR> d-------- C:\Documents and Settings
2007-11-02 21:58 <DIR> d-------- C:\WINDOWS
2007-11-02 18:03 <DIR> d-------- C:\Program Files\RadLight Company
2007-11-02 16:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-02 16:07 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-11-02 16:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-02 15:56 <DIR> dr------- C:\Dokumenty
2007-11-02 15:31 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-02 14:42 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-11-02 14:41 84,992 -ra------ C:\WINDOWS\system32\drivers\AtiHdAud.sys
2007-11-02 14:39 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2007-11-02 14:39 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2007-11-02 14:39 972,072 -ra------ C:\WINDOWS\system32\ativva6x.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:08 --------- d-----w C:\Program Files\JMicron_JMB36X_512600104
2007-11-07 15:28 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 09:36 40,488 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-09-20 09:36 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-09-20 09:36 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-09-20 09:36 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-09-20 09:36 125,864 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_16.29.36.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-19 15:27:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat
+ 2007-11-19 17:20:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-19 18:19 145984 --------- C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ptrlvajg.dll [2007-11-19 18:19 145984]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 08:29]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-09-20 10:36]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-02-14 22:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"QIP2005"="C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe" [2007-07-15 10:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg]
ptrlvajg.dll 2007-11-19 18:19 145984 C:\WINDOWS\system32\ptrlvajg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent
R1 atitray;atitray;\??\C:\Program Files\Teplota\ATI Tray Tools\atitray.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 18:21:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 18:22:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-19 16:30
.
--- E O F ---
Stáhni si Avenger a spusť ho pod účtem administrátora.
Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\system32\ptrlvajg.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {11A69AE4-FBED-4832-A2BF-45AF82825583}
A klikni na Done.
Poté klikni na ikonku Semafory.
Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.
+ sem vlož nový log z HJT a nový log z ComboFixu.
Poté udělej toto:
Otevři Notepad a zkopíruj do něj ten zeleně označený text:
cd\
cd C:\Program Files\onmtwbeh
dir /a /-c /o:-d /t:c >> %systemdrive%\look.txt
start %systemdrive%\look.txt
cls
pause
cd\
cd C:\Program Files\E404DHelper
dir /a /-c /o:-d /t:c >> %systemdrive%\vypis.txt
start %systemdrive%\vypis.txt
cls
pause
cd\
cd C:\Documents and Settings\Honza M\WINDOWS
dir /a /-c /o:-d /t:c >> %systemdrive%\vypis2.txt
start %systemdrive%\vypis2.txt
cls
exit
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš:
Find.bat
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na disk C:
Spusť soubor Find.bat postupuj dle pokynů na obrazovce.
Zobrazí se ti 3krát Notepad tak sem jejich obsah zkopíruj.
Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\WINDOWS\system32\ptrlvajg.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {11A69AE4-FBED-4832-A2BF-45AF82825583}
A klikni na Done.
Poté klikni na ikonku Semafory.
Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.
+ sem vlož nový log z HJT a nový log z ComboFixu.
Poté udělej toto:
Otevři Notepad a zkopíruj do něj ten zeleně označený text:
cd\
cd C:\Program Files\onmtwbeh
dir /a /-c /o:-d /t:c >> %systemdrive%\look.txt
start %systemdrive%\look.txt
cls
pause
cd\
cd C:\Program Files\E404DHelper
dir /a /-c /o:-d /t:c >> %systemdrive%\vypis.txt
start %systemdrive%\vypis.txt
cls
pause
cd\
cd C:\Documents and Settings\Honza M\WINDOWS
dir /a /-c /o:-d /t:c >> %systemdrive%\vypis2.txt
start %systemdrive%\vypis2.txt
cls
exit
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš:
Find.bat
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na disk C:
Spusť soubor Find.bat postupuj dle pokynů na obrazovce.
Zobrazí se ti 3krát Notepad tak sem jejich obsah zkopíruj.
tady je zprava z avengeru:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wqwsjavf
*******************
Script file located at: \??\C:\WINDOWS\uocfgapt.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\ptrlvajg.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
zprava z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:18, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Honza M\Plocha\HM\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Spuštění Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7535 bytes
a nikde nemuzu sehnat aktualni comboFix abych ti mohl poslat z nej zpravu. stale mi to hlasi ze si mam sehnat novejsi. nevis kde bych mohl sehnat ten nejnovejsi?
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wqwsjavf
*******************
Script file located at: \??\C:\WINDOWS\uocfgapt.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\ptrlvajg.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptrlvajg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
zprava z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:18, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Honza M\Plocha\HM\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start-homepage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Documents and Settings\Honza M\Plocha\Qip\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Spuštění Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7535 bytes
a nikde nemuzu sehnat aktualni comboFix abych ti mohl poslat z nej zpravu. stale mi to hlasi ze si mam sehnat novejsi. nevis kde bych mohl sehnat ten nejnovejsi?
prvni zprava: (look)
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\onmtwbeh
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 57344 qvenwfoj.dll
18.11.2007 23:37 <DIR> .
1 souborů, 57344 bajtů
Adresářů: 2, Volných bajtů: 219389136896
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\onmtwbeh
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 57344 qvenwfoj.dll
18.11.2007 23:37 <DIR> .
1 souborů, 57344 bajtů
Adresářů: 2, Volných bajtů: 219389157376
druha zprava: (vypis)
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\E404DHelper
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 19456 e404d.v1.dll
18.11.2007 23:37 <DIR> .
1 souborů, 19456 bajtů
Adresářů: 2, Volných bajtů: 219389370368
vypis2:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\
20.11.2007 19:19 0 vypis2.txt
20.11.2007 19:19 369 vypis.txt
20.11.2007 19:17 732 look.txt
20.11.2007 17:13 <DIR> ComboFix
20.11.2007 16:51 <DIR> avenger
20.11.2007 16:51 1946 avenger.txt
19.11.2007 18:22 15699 ComboFix.txt
19.11.2007 16:30 18199 ComboFix2.txt
18.11.2007 21:44 365 aaw7boot.log
06.11.2007 19:04 5391 ffastun.ffa
06.11.2007 19:04 684032 ffastun.ffo
06.11.2007 19:04 3362816 ffastun0.ffx
06.11.2007 18:58 1835008 ffastun.ffl
05.11.2007 18:48 <DIR> ATI
04.11.2007 22:50 <DIR> Počítač
04.11.2007 21:48 <DIR> C_DILLA
02.11.2007 22:06 <DIR> Program Files
02.11.2007 22:03 <DIR> Documents and Settings
02.11.2007 22:03 <DIR> System Volume Information
02.11.2007 22:02 223 boot.ini
02.11.2007 21:58 <DIR> WINDOWS
02.11.2007 21:58 2145386496 pagefile.sys
02.11.2007 15:56 <DIR> Dokumenty
02.11.2007 15:47 <DIR> RECYCLER
02.11.2007 14:16 0 IO.SYS
02.11.2007 14:16 0 MSDOS.SYS
02.11.2007 14:16 0 AUTOEXEC.BAT
02.11.2007 14:16 0 CONFIG.SYS
03.08.2004 22:59 250048 ntldr
03.08.2004 22:38 47564 NTDETECT.COM
25.10.2001 13:00 4952 Bootfont.bin
20 souborů, 2151613840 bajtů
Adresářů: 11, Volných bajtů: 219389366272
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\onmtwbeh
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 57344 qvenwfoj.dll
18.11.2007 23:37 <DIR> .
1 souborů, 57344 bajtů
Adresářů: 2, Volných bajtů: 219389136896
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\onmtwbeh
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 57344 qvenwfoj.dll
18.11.2007 23:37 <DIR> .
1 souborů, 57344 bajtů
Adresářů: 2, Volných bajtů: 219389157376
druha zprava: (vypis)
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\Program Files\E404DHelper
18.11.2007 23:37 <DIR> ..
18.11.2007 23:37 19456 e404d.v1.dll
18.11.2007 23:37 <DIR> .
1 souborů, 19456 bajtů
Adresářů: 2, Volných bajtů: 219389370368
vypis2:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 5C0D-E142.
Výpis adresáře C:\
20.11.2007 19:19 0 vypis2.txt
20.11.2007 19:19 369 vypis.txt
20.11.2007 19:17 732 look.txt
20.11.2007 17:13 <DIR> ComboFix
20.11.2007 16:51 <DIR> avenger
20.11.2007 16:51 1946 avenger.txt
19.11.2007 18:22 15699 ComboFix.txt
19.11.2007 16:30 18199 ComboFix2.txt
18.11.2007 21:44 365 aaw7boot.log
06.11.2007 19:04 5391 ffastun.ffa
06.11.2007 19:04 684032 ffastun.ffo
06.11.2007 19:04 3362816 ffastun0.ffx
06.11.2007 18:58 1835008 ffastun.ffl
05.11.2007 18:48 <DIR> ATI
04.11.2007 22:50 <DIR> Počítač
04.11.2007 21:48 <DIR> C_DILLA
02.11.2007 22:06 <DIR> Program Files
02.11.2007 22:03 <DIR> Documents and Settings
02.11.2007 22:03 <DIR> System Volume Information
02.11.2007 22:02 223 boot.ini
02.11.2007 21:58 <DIR> WINDOWS
02.11.2007 21:58 2145386496 pagefile.sys
02.11.2007 15:56 <DIR> Dokumenty
02.11.2007 15:47 <DIR> RECYCLER
02.11.2007 14:16 0 IO.SYS
02.11.2007 14:16 0 MSDOS.SYS
02.11.2007 14:16 0 AUTOEXEC.BAT
02.11.2007 14:16 0 CONFIG.SYS
03.08.2004 22:59 250048 ntldr
03.08.2004 22:38 47564 NTDETECT.COM
25.10.2001 13:00 4952 Bootfont.bin
20 souborů, 2151613840 bajtů
Adresářů: 11, Volných bajtů: 219389366272
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dsttgesu
*******************
Script file located at: \??\C:\Documents and Settings\fdtwcjaw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Program Files\onmtwbeh deleted successfully.
Folder C:\Program Files\E404DHelper deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dsttgesu
*******************
Script file located at: \??\C:\Documents and Settings\fdtwcjaw.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Program Files\onmtwbeh deleted successfully.
Folder C:\Program Files\E404DHelper deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů