Trojan

[Jituule]

Ahojky, mohli by jste mi prosim poradit, chytla jsem trojana a nemuzu se ho zbavit! Vyhodilo mi to na plochu nakejch pet internetovejch odkazu a kdyz to chci smazat, tak se to sice smaze, ale za chvili se tam zase objevi! Diky moc za odpoved!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:14, on 23.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
C:\WINDOWS\TEMP\win296E.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\SecCenter\scprot4.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\synmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\syshost.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\16power.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\16power.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\sys16.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jitka\LOCALS~1\Temp\Dočasný adresář 1 pro HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O2 - BHO: &Research - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CDCB8A7-AA9A-ECF8-5D24-0B64CF397B03} - C:\Program Files\Mdkotsxc\fgjfnkak.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Gnjkwohh\vaivuwoq.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [lsnalivk] rundll32.exe "C:\Program Files\lsnalivk\dwdstyrk.dll",Init
O4 - HKLM\..\Run: [bqpktmdy] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\bqpktmdy.dll"
O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win296E.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [cjidkpwf] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\cjidkpwf.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Security Service (POBC) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 11410 bytes

[Reklama]

[jaro3]

Vítej na fóru, a vyčkej na naše antiviráky.Projela jsi to ně jakým Antivirákem a antispywarem?

[Baron Prášil]

vítám též

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Jituule]

Jj, nejdriv NODEM, ale ten ho nenasel, potom Anti Trojan Shield, ten ho nasel a kdyz sem ho smazala, tak tam stejne porad zustal a potom Spybot Search and Destroy, ten toho nasel plno, tak sem dala vymazat, u vseho se udelaly zeleny fajfky, ale stejne je tam porad! A vic uz si nevim rady, tak se obracim na vas!

[Baron Prášil]

Combofix,pls

[Jituule]

ComboFix 08-01-23.2 - Jitka 2008-01-23 21:22:46.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.120 [GMT 1:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section not completed

[Jituule]

Omlouvam se za tu dobu, tohle jsem tam nasla, je to ono?

[Baron Prášil]

to určitě neni celej log,že ne?!

[Jituule]

Ja nevim, ale je tu jen tohle!

[Baron Prášil]

použij toto
Stáhni si Deckard's System Scanner a ulož ho na plochu.
- Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.
- Až skončí tak by měl vytvořit 2 logy proto se ti 2krát otevře notepad. Jeden log bude mít název main.txt a druhý extra.txt. Tak sem zkopíruj pouze ten main.txt

[Jituule]

Udala jsem to znovu, tohle uz je cely???

ComboFix 08-01-23.2 - Jitka 2008-01-23 21:48:59.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.139 [GMT 1:00]
Running from: C:\Documents and Settings\Jitka\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Nabídka Start\Programy\UltimateCleaner 2007
C:\Documents and Settings\All Users\Nabídka Start\Programy\UltimateCleaner 2007\Register UltimateCleaner 2007.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\UltimateCleaner 2007\Start UltimateCleaner 2007.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 21:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 14:48 . 2008-01-23 14:52 30,349 --a------ C:\Program Files\1010.exe
2008-01-23 12:38 . 2008-01-23 12:38 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-01-21 09:09 . 2008-01-22 22:25 <DIR> d-------- C:\Program Files\ATS3
2008-01-20 21:25 . 2008-01-23 12:37 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-01-20 21:24 . 2008-01-23 12:39 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-01-20 21:24 . 2008-01-23 12:39 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-01-20 21:23 . 2008-01-23 12:38 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-01-20 21:23 . 2008-01-21 09:33 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-01-20 21:21 . 2008-01-20 21:21 <DIR> d-------- C:\WINDOWS\system32\svcd
2008-01-20 21:21 . 2008-01-20 21:21 84,992 --a------ C:\WINDOWS\system32\TmpX.exe
2008-01-20 21:21 . 2008-01-20 21:21 34,816 --a------ C:\info.exe
2008-01-20 21:21 . 2008-01-20 21:21 108 --a------ C:\WINDOWS\system32\url2
2008-01-20 21:21 . 2008-01-20 21:21 108 --a------ C:\WINDOWS\system32\url1
2008-01-20 21:21 . 2008-01-20 21:21 105 --a------ C:\WINDOWS\system32\url3
2008-01-20 21:21 . 2008-01-20 21:21 8 --a------ C:\WINDOWS\system32\CID
2008-01-20 21:21 . 2008-01-20 21:21 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-20 12:17 . 2008-01-20 12:17 <DIR> d-------- C:\Program Files\iPod
2008-01-20 12:16 . 2008-01-20 12:17 <DIR> d-------- C:\Program Files\iTunes
2008-01-20 12:14 . 2008-01-20 12:15 <DIR> d-------- C:\Program Files\QuickTime
2008-01-19 15:20 . 2008-01-19 15:20 <DIR> d-------- C:\Program Files\craagle
2008-01-13 20:55 . 2008-01-13 20:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-13 20:54 . 2008-01-13 20:54 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 19:44 . 2008-01-09 19:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-05 21:29 . 2008-01-05 21:33 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-01-04 00:42 . 2008-01-04 00:42 268 --ah----- C:\sqmdata19.sqm
2008-01-04 00:42 . 2008-01-04 00:42 244 --ah----- C:\sqmnoopt19.sqm
2008-01-03 12:53 . 2008-01-03 12:53 268 --ah----- C:\sqmdata18.sqm
2008-01-03 12:53 . 2008-01-03 12:53 244 --ah----- C:\sqmnoopt18.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 20:05 --------- d-----w C:\Program Files\ICQToolbar
2008-01-17 18:50 --------- d-----w C:\Program Files\uTorrent
2008-01-14 07:33 --------- d-----w C:\Program Files\ICQ6
2008-01-09 18:37 --------- d-----w C:\Program Files\DC++
2008-01-05 21:00 --------- d-----w C:\Program Files\Mobile Action
2007-12-29 09:50 --------- d-----w C:\Program Files\iolo
2007-12-24 15:03 --------- d-----w C:\Program Files\MP3Recorder
2007-12-07 19:26 --------- d-----w C:\Program Files\Karaoke Anything!
2007-12-07 19:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-07 14:27 --------- d-----w C:\Program Files\Activision Value
2007-12-03 20:37 --------- d-----w C:\Program Files\VideoLAN
2007-12-02 12:46 64,961 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-12-02 12:46 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-12-02 12:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-02 11:29 --------- d-----w C:\Program Files\totalcmd
2007-12-02 09:00 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-11-03 15:07 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2005-03-31 21:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_21.14.44.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 20:06:32 47,404 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-01-23 20:33:13 47,404 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-01-23 20:06:32 41,034 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-23 20:33:13 41,034 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-23 20:06:32 313,208 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-01-23 20:33:13 313,208 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-01-23 20:06:32 314,706 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-23 20:33:13 314,706 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 17:47 68856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-10-22 16:45 177400]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [ ]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpa.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-24 02:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-24 02:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-24 02:17 118784]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 09:51 53248]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00 174872]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 06:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-04 08:46 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 16:48 488984]
"MaBtSh"="C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 17:29 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
C:\Program Files\Softick\PPP\Bin\PPPGate.exe

R2 PKNFU980;PKNFU980;C:\WINDOWS\System32\Drivers\BO9ZM34I.sys [2006-11-01 23:44]
R2 POBC;Security Service;C:\WINDOWS\system32\svcd\svchost.exe [2008-01-20 21:21]
R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-11-28 09:44]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 12:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 14:32]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 13:00]
S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2007-01-31 09:35]
S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys [2007-01-08 15:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bd5bdde-95e2-11dc-98bb-0016d35a358c}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59202f72-9036-11dc-98ba-0016d35a358c}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 18:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 21:51:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.

[jaro3]

Můj názor je , že bys měla postupovat podle Barona Prášila jak je uvedeno výše, řešení problému by se jistě urychlilo.