Prosím o kontrolu logu - infikovaný PC

[JANíčOK]

Posielam nový log z HJT a prosím o kontrolu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:24, on 20.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\EPC\BHROOT\BIN\monitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [pdfFactory Pro Dispečér v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /M "Stylus Photo RX620" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Applic\proeWildfire2\i486_nt\obj\pvx_install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9358029312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\monitor.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10258 bytes

[Reklama]

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V HJT můžeš fixnout tyto položky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Případně můžeš poslat log z Kaspersky Online Scanner! (potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu:
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

Pod položkou: Scan Options: - nech zvlolené obě možnosti:

Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files

Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:

- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)
Vlož sem pak ten log.

To co bylo v původním logu tam už není. Máš ještě problémy? Kdyby byly tak dej vědět mrkneme na to.

[JANíčOK]

NOD mi pred chvíľkou opäť vyhlásil prítomnosť vírusu! Idem to skúsiť prečistiť Trojan Removerom. Dám vedieť.

[fredik]

Použij toto:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
pokud by ti vyhodil nějakou chybovou hlášku ComboFix, tak smaž jeho složku na disku C a smaž ho z plochy.

Pak si stáhni znovu ComboFix a dej si ho na plochu.
- jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:

"%userprofile%\Plocha\ComboFix.exe" /killall

a dej Ok.
- spustí se ti CF, pak se po čase restartuje a při najetí zpět do Win. dokonči svou práci.

Pošli pak také log z Kasperského.
Pokud by byl nějaký problém s CF, tak uděláme jiný postup.

[JANíčOK]

Posielam nový log z ComboFixu. Na prvý krát mi vyhodil takúto hlášku

tak som ho vymazal stiahol a spustil.
Idem pustiť Kaspersky Online Scanner! a potom sem dám log.


ComboFix 08-05-19.4 - Ján Beňo 2008-05-20 18:10:48.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.637 [GMT 2:00]
Running from: C:\Documents and Settings\Ján Beňo\Plocha\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\pPTS41.dll
.
---- Previous Run -------
.
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\pPTS41.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 18:10 . 2008-05-20 18:10 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-20 17:14 . 2008-05-20 17:19 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-20 17:14 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-20 17:14 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-20 17:14 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-20 17:14 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-20 17:14 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-20 14:54 . 2008-05-20 14:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-20 14:54 . 2008-05-20 14:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-20 14:54 . 2008-05-20 14:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-20 14:53 . 2008-05-20 16:37 <DIR> d-------- C:\Program Files\ESET
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\ProductViewExpress
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\7-Zip
2008-05-19 23:38 . 2008-05-19 23:38 6,144 --a------ C:\WINDOWS\system32\cru629.dat.vir
2008-05-19 23:38 . 2008-05-19 23:38 6,144 --a------ C:\WINDOWS\cru629.dat.vir
2008-05-19 21:29 . 2008-05-19 21:29 18,432 --a------ C:\WINDOWS\braviax(2).exe
2008-05-19 19:32 . 2008-05-19 19:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-19 19:29 . 2008-05-19 23:41 <DIR> d-------- C:\SDFix
2008-05-19 18:18 . 2008-05-19 18:18 36,352 --a--c--- C:\WINDOWS\system32\dllcache\figaro(2).sys
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\ćablony
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-19 18:08 . 2008-05-20 18:10 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-05-19 18:06 . 2008-05-19 18:06 18,432 --a------ C:\WINDOWS\braviax.exe.vir
2008-05-19 17:58 . 2008-05-19 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 17:58 . 2008-05-19 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 21:54 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\AOEMView 2008
2008-05-15 19:30 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\ProductViewExpress(2)
2008-05-09 16:55 . 2008-05-09 16:55 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-08 19:53 . 2006-02-16 15:29 102,592 --a------ C:\WINDOWS\system32\corojdk11.dll
2008-05-08 18:21 . 2008-05-08 18:24 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-05-06 21:44 . 2003-03-18 22:20 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2008-05-05 21:24 . 2008-05-08 22:57 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-05 09:30 . 2008-02-15 17:12 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-04-27 16:24 . 2008-05-18 22:44 <DIR> d-------- C:\Program Files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 16:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-19 21:45 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-18 20:05 7,835,822 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-18 20:04 4,437,504 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-05-18 20:04 125,952 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-05-17 22:17 331,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-05-12 20:59 4,363,776 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-12 20:59 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-08 16:25 4,328,448 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-08 16:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-07 19:50 4,488,192 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-07 19:50 104,448 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-07 18:50 --------- d-----w C:\Program Files\Microsoft WSE
2008-05-06 20:16 141,312 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-06 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 22:10 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-04 22:10 4,236,288 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-04-27 20:21 4,151,296 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-27 20:21 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-27 20:19 4,156,928 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-27 20:19 255,488 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-26 17:18 --------- d-----w C:\Program Files\AnyReader
2008-04-23 19:53 --------- d-----w C:\Program Files\SolidWorks
2008-04-22 21:32 4,137,984 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-22 21:32 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-22 21:29 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-22 21:29 4,137,984 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-21 21:07 612,352 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-21 21:07 4,139,008 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-18 20:40 --------- d-----w C:\Program Files\IObit
2008-04-12 23:41 4,060,160 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-12 23:41 121,856 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 21:47 4,021,760 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-10 21:47 168,448 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-10 20:41 --------- d-----w C:\Program Files\SpeedFan
2008-04-10 19:16 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-08 19:48 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-04-08 18:59 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2008-04-08 18:59 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-07 21:56 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-04-07 19:25 --------- d-----w C:\Program Files\Google
2008-04-06 21:30 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-04-06 21:30 3,897,344 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-04-06 18:51 --------- d-----w C:\Program Files\PowerISO
2008-04-06 18:31 4,021,760 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-04-06 18:31 142,848 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-06 17:33 --------- d-----w C:\Program Files\CyberLink
2008-04-06 17:31 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-06 17:31 --------- d-----w C:\Program Files\AVSMedia
2008-04-05 21:42 3,872,256 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-05 21:42 115,200 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-03 19:27 378,368 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-30 19:23 --------- d-----w C:\Program Files\totalcmd
2008-03-30 19:12 --------- d-----w C:\Program Files\qipinfium9000full_slovak
2008-03-28 15:15 459,264 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-28 15:15 3,794,432 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-22 13:42 81,408 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-22 13:42 3,711,488 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-21 20:58 3,736,064 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-21 20:58 100,864 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-21 17:53 --------- d-----w C:\Program Files\MozBackup
2008-03-21 11:23 --------- d-----w C:\Program Files\Java
2008-03-21 11:23 --------- d-----w C:\Program Files\Common Files\Java
2008-03-21 11:20 1,040,384 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-08 22:28 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-08 22:28 3,107,840 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-06 21:56 62,464 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-06 21:56 3,110,400 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-05 21:25 496,128 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-02 00:27 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-02 00:27 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-27 21:27 72,704 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-02-27 21:27 3,052,032 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-02-25 21:57 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-09-06 18:07 7,906 -c--a-w C:\Program Files\irunin.bmp
2007-09-06 18:07 55,719 -c--a-w C:\Program Files\irunin.dat
2007-09-06 18:07 18,226 -c--a-w C:\Program Files\irunin.ini
2007-09-06 18:07 16,152 -c--a-w C:\Program Files\irunin.lng
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"OEXPRESS"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 11:26 77824]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 01:19 278528]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"pdfFactory Pro Dispečér v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-03-29 22:40 483328]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 12:34 755480]
"SolidWorks_CheckForUpdates"="C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2007-09-10 14:15 6460696]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 14:53 949376]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-05-18 14:19 877136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 00:49 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\JustVoip\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\applic\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"=
"C:\\applic\\proeWildfire2\\i486_nt\\obj\\xtop.exe"=
"C:\\applic\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;C:\Program Files\BHPS\Gmg\bin\DBMonService.exe [2007-07-31 17:03]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe [2007-07-31 17:02]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe [2007-07-31 17:02]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 00:49]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2007-03-15 12:09]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 FlarionDTM;Flarion DTM Network Interface;C:\WINDOWS\system32\DRIVERS\FlrnDTM.sys [2005-05-26 14:06]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\configure\command - G:\SETUP.EXE
\Shell\install\command - G:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 15:15:10 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-19 18:00:25 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 18:15:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\JNBEO~1\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\EPC\BHROOT\BIN\MONITOR.EXE
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
.
**************************************************************************
.
Completion time: 2008-05-20 18:35:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 16:35:23

Adresářů: 12, Volných bajtů: 14,396,002,304
Adres ý…: 16, Volněch bajt…: 14,371,717,120

269

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\cru629.dat.vir
C:\WINDOWS\cru629.dat.vir
C:\WINDOWS\braviax.exe.vir
C:\WINDOWS\braviax(2).exe
C:\WINDOWS\system32\dllcache\figaro(2).sys
C:\WINDOWS\system32\dllcache\figaro.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu a ten log z Kaspera.

[JANíčOK]

Kaspersky Online Scanner ešte stále skenuje, keď skončí hneď pošlem oba log súbory.

[JANíčOK]

Posielam log súbory:

Kaspersky Online Scanner
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 12:45:49 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 703072
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
H:\

Scan Statistics:
Total number of scanned objects: 269798
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 05:08:44

Infected Object Name / Virus Name / Last Action
C:\bhdata\GME\DB\baseline_part_20060131\rfile000.000 Object is locked skipped
C:\Documents and Settings\Ján Beňo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\IM\sldIMSchedulerLog_20080-40000-1100_00294.txt Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\history.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\key3.db Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\call256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chat512.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\index2.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\user1024.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\user16384.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Data aplikací\Skype\janbenohz42\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\v02wgv47.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\temp\~DF8922.tmp Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\temp\~DFBA8.tmp Object is locked skipped
C:\Documents and Settings\Ján Beňo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ján Beňo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BHPS\Gmg\bin\GMG_PART_1\disks\tbdsk001 Object is locked skipped
C:\Program Files\BHPS\Gmg\bin\GMG_PART_1\roms\cd\comp000.000 Object is locked skipped
C:\Program Files\BHPS\Gmg\bin\GMG_rw\disks\tbdsk001 Object is locked skipped
C:\Program Files\BHPS\Gmg\Tomcat\dist\logs\localhost_log.2008-05-20.txt Object is locked skipped
C:\Program Files\BHPS\Gmg\Tomcat\dist\webapps\Epc3\WEB-INF\Fog.log Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\flexnet\licensing\ptclmgrd.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_788.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\braviax(2).exe Infected: Trojan.Win32.Agent.gmo skipped
C:\WINDOWS\braviax.exe.vir Infected: Trojan.Win32.Agent.gmo skipped
C:\WINDOWS\cru629.dat.vir Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOME-Y66VPKXIEK.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cru629.dat.vir Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd1469.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1848 Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2776 Object is locked skipped
C:\WINDOWS\Temp\ZLT01d82.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


ComboFix
ComboFix 08-05-20.1 - Ján Beňo 2008-05-21 0:50:17.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.455 [GMT 2:00]
Running from: C:\Documents and Settings\Ján Beňo\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ján Beňo\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\braviax(2).exe
C:\WINDOWS\braviax.exe.vir
C:\WINDOWS\cru629.dat.vir
C:\WINDOWS\system32\cru629.dat.vir
C:\WINDOWS\system32\dllcache\figaro(2).sys
C:\WINDOWS\system32\dllcache\figaro.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\braviax(2).exe
C:\WINDOWS\braviax.exe.vir
C:\WINDOWS\system32\dllcache\figaro(2).sys

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 18:43 . 2008-05-20 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2008-05-20 18:42 . 2008-05-20 18:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 18:42 . 2008-05-20 18:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-20 18:35 . 2008-05-20 18:35 <DIR> d-------- C:\Documents and Settings\Jßn Be˛o
2008-05-20 17:14 . 2008-05-20 17:19 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-20 17:14 . 2008-05-20 17:14 <DIR> d-------- C:\Documents and Settings\Ján Beňo\Data aplikací\Simply Super Software
2008-05-20 17:14 . 2008-05-20 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2008-05-20 17:14 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-20 17:14 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-20 17:14 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-20 17:14 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-20 17:14 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-20 14:54 . 2008-05-20 14:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-05-20 14:54 . 2008-05-20 14:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-05-20 14:54 . 2008-05-20 14:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-20 14:53 . 2008-05-20 16:37 <DIR> d-------- C:\Program Files\ESET
2008-05-20 00:01 . 2008-05-20 18:40 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\ProductViewExpress
2008-05-19 23:45 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\7-Zip
2008-05-19 19:32 . 2008-05-19 19:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-19 18:14 . 2008-05-19 18:14 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Talkback
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací
2008-05-19 18:08 . 2008-05-19 23:41 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-19 17:58 . 2008-05-19 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 17:58 . 2008-05-19 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 21:54 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\AOEMView 2008
2008-05-15 19:30 . 2008-05-19 23:45 <DIR> d-------- C:\Program Files\ProductViewExpress(2)
2008-05-09 16:55 . 2008-05-09 16:55 38 --a------ C:\WINDOWS\avisplitter.INI
2008-05-08 19:53 . 2006-02-16 15:29 102,592 --a------ C:\WINDOWS\system32\corojdk11.dll
2008-05-08 18:21 . 2008-05-08 18:24 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-05-08 16:48 . 2008-05-08 16:48 <DIR> d--h----- C:\Documents and Settings\Ján Beňo\InstallAnywhere
2008-05-08 16:48 . 2008-05-08 16:48 <DIR> d--h----- C:\Documents and Settings\Ján Beňo\InstallAnywhere
2008-05-06 21:44 . 2003-03-18 22:20 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2008-05-05 21:24 . 2008-05-08 22:57 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-05 21:24 . 2008-05-06 20:16 <DIR> d-------- C:\Documents and Settings\Ján Beňo\Data aplikací\IDM
2008-05-05 09:30 . 2008-02-15 17:12 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-04-27 16:24 . 2008-05-18 22:44 <DIR> d-------- C:\Program Files\Autodesk
2008-04-20 11:02 . 2008-04-20 11:02 <DIR> d-------- C:\Documents and Settings\Ján Beňo\Data aplikací\EBookSys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 22:51 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\Skype
2008-05-20 22:48 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\DMCache
2008-05-20 22:01 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\skypePM
2008-05-20 17:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-20 16:42 --------- d-----w C:\Program Files\ICQToolbar
2008-05-20 16:15 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\IM
2008-05-19 21:45 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-19 21:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-05-19 14:17 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\SolidWorks
2008-05-18 20:05 7,835,822 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-18 20:04 4,437,504 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-05-18 20:04 125,952 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-05-17 22:17 331,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-05-12 20:59 4,363,776 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-12 20:59 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-08 16:25 4,328,448 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-08 16:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-07 19:50 4,488,192 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-07 19:50 104,448 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-07 18:59 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\Autodesk
2008-05-07 18:50 --------- d-----w C:\Program Files\Microsoft WSE
2008-05-06 20:16 141,312 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-06 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 22:10 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-05-04 22:10 4,236,288 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-04-29 17:22 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-04-27 20:21 4,151,296 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-27 20:21 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-27 20:19 4,156,928 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-27 20:19 255,488 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-26 17:18 --------- d-----w C:\Program Files\AnyReader
2008-04-23 19:53 --------- d-----w C:\Program Files\SolidWorks
2008-04-22 21:32 4,137,984 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-22 21:32 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-22 21:29 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-22 21:29 4,137,984 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-21 21:07 612,352 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-21 21:07 4,139,008 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-18 20:40 --------- d-----w C:\Program Files\IObit
2008-04-15 21:08 --------- d-----w C:\Documents and Settings\Ján Beňo\Data aplikací\LangSoft
2008-04-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\LangSoft
2008-04-12 23:41 4,060,160 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-12 23:41 121,856 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 21:47 4,021,760 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-10 21:47 168,448 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-10 20:41 --------- d-----w C:\Program Files\SpeedFan
2008-04-10 19:16 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-08 19:48 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2008-04-08 18:59 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2008-04-08 18:59 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-07 21:56 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-04-07 19:25 --------- d-----w C:\Program Files\Google
2008-04-06 21:30 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-04-06 21:30 3,897,344 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-04-06 18:51 --------- d-----w C:\Program Files\PowerISO
2008-04-06 18:31 4,021,760 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-04-06 18:31 142,848 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-06 17:33 --------- d-----w C:\Program Files\CyberLink
2008-04-06 17:31 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-06 17:31 --------- d-----w C:\Program Files\AVSMedia
2008-04-05 21:42 3,872,256 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-05 21:42 115,200 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-03 19:27 378,368 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-03-30 19:23 --------- d-----w C:\Program Files\totalcmd
2008-03-30 19:12 --------- d-----w C:\Program Files\qipinfium9000full_slovak
2008-03-28 15:15 459,264 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-28 15:15 3,794,432 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-22 13:42 81,408 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-03-22 13:42 3,711,488 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-03-21 20:58 3,736,064 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-03-21 20:58 100,864 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-03-21 17:53 --------- d-----w C:\Program Files\MozBackup
2008-03-21 11:23 --------- d-----w C:\Program Files\Java
2008-03-21 11:23 --------- d-----w C:\Program Files\Common Files\Java
2008-03-21 11:20 1,040,384 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-03-08 22:28 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-03-08 22:28 3,107,840 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-03-06 21:56 62,464 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-03-06 21:56 3,110,400 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-03-05 21:25 496,128 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-02 20:48 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2008-03-02 00:27 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-03-02 00:27 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-02-27 21:27 72,704 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-02-27 21:27 3,052,032 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-02-25 21:57 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-22 17:37 8,704 ----a-w C:\WINDOWS\system32\ibfs32.dll
2007-09-06 18:07 7,906 -c--a-w C:\Program Files\irunin.bmp
2007-09-06 18:07 55,719 -c--a-w C:\Program Files\irunin.dat
2007-09-06 18:07 18,226 -c--a-w C:\Program Files\irunin.ini
2007-09-06 18:07 16,152 -c--a-w C:\Program Files\irunin.lng
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 00:49 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"OEXPRESS"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-23 11:26 77824]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 01:19 278528]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-19 20:00 98304]
"pdfFactory Pro Dispečér v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-03-29 22:40 483328]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 12:34 755480]
"SolidWorks_CheckForUpdates"="C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2007-09-10 14:15 6460696]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-20 14:53 949376]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-05-18 14:19 877136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 00:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\JustVoip\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\applic\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"=
"C:\\applic\\proeWildfire2\\i486_nt\\obj\\xtop.exe"=
"C:\\applic\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;C:\Program Files\BHPS\Gmg\bin\DBMonService.exe [2007-07-31 17:03]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe [2007-07-31 17:02]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe [2007-07-31 17:02]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-18 00:49]
R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2007-03-15 12:09]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S3 FlarionDTM;Flarion DTM Network Interface;C:\WINDOWS\system32\DRIVERS\FlrnDTM.sys [2005-05-26 14:06]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\configure\command - G:\SETUP.EXE
\Shell\install\command - G:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 15:15:10 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-20 18:00:35 C:\WINDOWS\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 00:54:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3884] 0x83DB1B78

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\JNBEO~1\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-05-21 1:04:46
ComboFix-quarantined-files.txt 2008-05-20 23:04:29
ComboFix2.txt 2008-05-20 16:35:32

Adresářů: 11, Volných bajtů: 23,786,385,408
Adresářů: 15, Volných bajtů: 23,772,286,976

262

Počas čistenia ComboFixom NOD vyhlásil zopár vírusov a hneď ich dával do karantény:

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V HJT můžeš fixnout tyto položky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš ještě problémy?

[JANíčOK]

Ďakujem za pomoc!!! Dnes som celý Windows prešiel NOD-om a nenašiel nič takže vyzerá, že je všetko v poriadku. V tých posledných dvoch log-och z ComboFix-u a Kaspreského už nie je nič podozrivé?

[fredik]

Nemáš za co, logy vypadají dobře. Pokud by jsi měl nějaké problémy tak dej vědět.

[Lord_Castor]

Nazdar všichni, myslím, že by stačilo na problem "traviax.exe" pouze smazat v nouzovém režimu tento soubor:
C:\windows\system32\traviax.exe

já to tak udělala a je po hlášce.Jestli máte někdo připomínky, sem s nima,rád se něčemu novému přiučím!