použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484
a tento skript
Files to delete:
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\bcae_s.dll
toto nech zkontrolovat tady
http://www.virustotal.com/flash/index_en.html
Kontrola logu HIjackthis -zpomalenej počítač Vyřešeno
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
tak tady posilam ten log ...ale prave se mi zda jako by to byl nejakej error
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clnfkerk
*******************
Script file located at: \??\C:\Documents and Settings\kmgkwbck.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
File C:\WINDOWS\system32\wybeg.ini2 deleted successfully.
File C:\WINDOWS\system32\wybeg.bak1 deleted successfully.
File C:\WINDOWS\system32\wybeg.bak2 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lysanxbb
*******************
Script file located at: \??\C:\Program Files\wlagilet.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
File C:\WINDOWS\system32\wybeg.ini2 not found!
Deletion of file C:\WINDOWS\system32\wybeg.ini2 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.ini2
Status: 0xc0000034
File C:\WINDOWS\system32\wybeg.bak1 not found!
Deletion of file C:\WINDOWS\system32\wybeg.bak1 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.bak1
Status: 0xc0000034
File C:\WINDOWS\system32\wybeg.bak2 not found!
Deletion of file C:\WINDOWS\system32\wybeg.bak2 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.bak2
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 0
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clnfkerk
*******************
Script file located at: \??\C:\Documents and Settings\kmgkwbck.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
File C:\WINDOWS\system32\wybeg.ini2 deleted successfully.
File C:\WINDOWS\system32\wybeg.bak1 deleted successfully.
File C:\WINDOWS\system32\wybeg.bak2 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lysanxbb
*******************
Script file located at: \??\C:\Program Files\wlagilet.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Error: C:\WINDOWS\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\vcmgcd32.dll failed!
Could not process line:
C:\WINDOWS\system32\vcmgcd32.dll
Status: 0xc00000ba
Error: C:\WINDOWS\system32\iifgfgf.dll is a folder, not a file!
Deletion of file C:\WINDOWS\system32\iifgfgf.dll failed!
Could not process line:
C:\WINDOWS\system32\iifgfgf.dll
Status: 0xc00000ba
Error: C:\WINDOWS\rundll16.exe is a folder, not a file!
Deletion of file C:\WINDOWS\rundll16.exe failed!
Could not process line:
C:\WINDOWS\rundll16.exe
Status: 0xc00000ba
Error: C:\WINDOWS\rundl132.dll is a folder, not a file!
Deletion of file C:\WINDOWS\rundl132.dll failed!
Could not process line:
C:\WINDOWS\rundl132.dll
Status: 0xc00000ba
Error: C:\WINDOWS\logo1_.exe is a folder, not a file!
Deletion of file C:\WINDOWS\logo1_.exe failed!
Could not process line:
C:\WINDOWS\logo1_.exe
Status: 0xc00000ba
File C:\WINDOWS\system32\wybeg.ini2 not found!
Deletion of file C:\WINDOWS\system32\wybeg.ini2 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.ini2
Status: 0xc0000034
File C:\WINDOWS\system32\wybeg.bak1 not found!
Deletion of file C:\WINDOWS\system32\wybeg.bak1 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.bak1
Status: 0xc0000034
File C:\WINDOWS\system32\wybeg.bak2 not found!
Deletion of file C:\WINDOWS\system32\wybeg.bak2 failed!
Could not process line:
C:\WINDOWS\system32\wybeg.bak2
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
takze tady je ten log ..zda se ze je to ok a ze se to odstranilo...k cemu to vubec bylo ?
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gkvtbpan
*******************
Script file located at: \??\C:\Documents and Settings\qesllfwc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully.
Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully.
Folder C:\WINDOWS\rundll16.exe deleted successfully.
Folder C:\WINDOWS\rundl132.dll deleted successfully.
Folder C:\WINDOWS\logo1_.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gkvtbpan
*******************
Script file located at: \??\C:\Documents and Settings\qesllfwc.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully.
Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully.
Folder C:\WINDOWS\rundll16.exe deleted successfully.
Folder C:\WINDOWS\rundl132.dll deleted successfully.
Folder C:\WINDOWS\logo1_.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
a k tomu abych to picnul to většinou neni ani třeba)
-
jirka.habrun
- Level 1.5
- Příspěvky: 131
- Registrován: květen 07
- Pohlaví:
- Stav:
Offline
tady posilam ten log z toho combofixu .Mozna ze te zklamu ale muj pc se timnezrychlil
ComboFix 07-06-13 - C:\Documents and Settings\Admin.HOME\Plocha\Udr§ba poźitaźe\ComboFix.exe
"Admin" - 2007-06-13 22:32:02 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-12 23:09 60,416 --a------ C:\WINDOWS\system32\drivers\lctityx^.sys
2007-06-12 22:13 <DIR> d-------- C:\Program Files\ICQToolbar
2007-06-12 21:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Comodo
2007-06-11 16:28 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Comodo
2007-06-11 16:13 <DIR> d-------- C:\Program Files\Comodo
2007-06-11 16:00 <DIR> d-------- C:\Program Files\RegCleaner
2007-06-09 08:30 32,256 --a------ C:\WINDOWS\system32\drivers\maplom.sys
2007-06-09 08:28 <DIR> d-------- C:\Program Files\SlySoft
2007-06-06 20:19 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-06 20:19 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-06 20:19 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-31 06:33 <DIR> d-------- C:\Program Files\ICQ6
2007-05-30 20:00 6,553,600 --a------ C:\DOCUME~1\ADMIN~1.HOM\ntuser.dat
2007-05-29 20:35 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\ICQ
2007-05-28 17:50 <DIR> d-------- C:\Program Files\Easy Editor 2005
2007-05-25 15:33 <DIR> d-------- C:\Program Files\Accolade
2007-05-25 15:32 1,019 --a------ C:\WINDOWS\EReg176.dat
2007-05-23 20:34 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Eset
2007-05-23 16:06 <DIR> d-------- C:\PerfLogs
2007-05-17 22:08 <DIR> d-------- C:\Program Files\OO Software
2007-05-16 20:52 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-05-16 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Eset
2007-05-15 21:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-15 21:54 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-15 21:53 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-14 18:33 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\.thumbnails
2007-05-14 18:14 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\.gimp-2.2
2007-05-14 18:12 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-05-14 18:10 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-05-13 20:52 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-05-13 20:49 147,968 --a------ C:\WINDOWS\R.COM
2007-05-13 20:49 137,216 --a------ C:\WINDOWS\system32\T.COM
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 20:14:20 -------- d-----w C:\Program Files\ICQLite
2007-06-11 17:51:48 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-10 18:49:35 -------- d-----w C:\Program Files\Lx_cats
2007-06-03 11:33:21 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-30 19:07:44 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Skype
2007-05-29 18:36:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-21 14:16:59 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\MegauploadToolbar
2007-05-20 19:40:13 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-19 21:51:53 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Hamachi
2007-05-14 15:46:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-12 11:47:55 -------- d-----w C:\Program Files\DOSBox-0.65
2007-05-11 23:17:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:06:40 202,248 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:06:24 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:19:26 38,160 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-08 17:58:30 -------- d-----w C:\Program Files\Testy Autoškola
2007-05-08 15:38:52 -------- d-----w C:\Program Files\GetRight
2007-05-06 19:55:37 -------- d-----w C:\Program Files\OpenVPN
2007-05-05 16:10:04 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-05 16:08:26 -------- d-----w C:\Program Files\Hamachi
2007-05-05 14:02:18 -------- d-----w C:\Program Files\GamePark
2007-04-30 17:11:04 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Command & Conquer 3 Tiberium Wars
2007-04-26 11:43:48 -------- d-----w C:\Program Files\Futuremark
2007-04-26 11:23:00 -------- d-----w C:\Program Files\MadOnion.com
2007-04-22 18:06:35 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-04-19 20:22:07 -------- d-----w C:\Program Files\Trojan Remover
2007-04-19 20:15:34 -------- d-----w C:\Program Files\Lavasoft
2007-04-19 19:45:20 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Simply Super Software
2007-04-19 19:00:52 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Everest Labs
2007-04-18 18:12:18 -------- d-----w C:\Program Files\Microsoft Works
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 19:18:47 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-04-15 07:16:52 -------- d-----w C:\Program Files\BSplayer Pro
2007-04-11 21:31:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-25 06:14:46 73,684 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-03-25 06:14:46 400,942 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-03-17 13:45:10 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-24 12:12:16 5 --sha-w C:\WINDOWS\system32\bcae_s.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 11:18]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll [2006-10-31 08:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-06 20:18]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Piracy"="C:\WINDOWS\SysUtil.exe" /PIRACY
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 22:38:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-13 22:40:09
C:\ComboFix-quarantined-files.txt ... 2007-06-13 22:39
C:\ComboFix2.txt ... 2007-06-12 22:03
--- E O F ---
ComboFix 07-06-13 - C:\Documents and Settings\Admin.HOME\Plocha\Udr§ba poźitaźe\ComboFix.exe
"Admin" - 2007-06-13 22:32:02 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-12 23:09 60,416 --a------ C:\WINDOWS\system32\drivers\lctityx^.sys
2007-06-12 22:13 <DIR> d-------- C:\Program Files\ICQToolbar
2007-06-12 21:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Comodo
2007-06-11 16:28 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Comodo
2007-06-11 16:13 <DIR> d-------- C:\Program Files\Comodo
2007-06-11 16:00 <DIR> d-------- C:\Program Files\RegCleaner
2007-06-09 08:30 32,256 --a------ C:\WINDOWS\system32\drivers\maplom.sys
2007-06-09 08:28 <DIR> d-------- C:\Program Files\SlySoft
2007-06-06 20:19 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-06 20:19 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-06 20:19 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-31 06:33 <DIR> d-------- C:\Program Files\ICQ6
2007-05-30 20:00 6,553,600 --a------ C:\DOCUME~1\ADMIN~1.HOM\ntuser.dat
2007-05-29 20:35 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\ICQ
2007-05-28 17:50 <DIR> d-------- C:\Program Files\Easy Editor 2005
2007-05-25 15:33 <DIR> d-------- C:\Program Files\Accolade
2007-05-25 15:32 1,019 --a------ C:\WINDOWS\EReg176.dat
2007-05-23 20:34 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Eset
2007-05-23 16:06 <DIR> d-------- C:\PerfLogs
2007-05-17 22:08 <DIR> d-------- C:\Program Files\OO Software
2007-05-16 20:52 <DIR> d-------- C:\WINDOWS\system32\eScan
2007-05-16 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Eset
2007-05-15 21:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-15 21:54 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-15 21:53 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-14 18:33 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\.thumbnails
2007-05-14 18:14 <DIR> d-------- C:\DOCUME~1\ADMIN~1.HOM\.gimp-2.2
2007-05-14 18:12 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-05-14 18:10 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-05-13 20:52 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-05-13 20:49 147,968 --a------ C:\WINDOWS\R.COM
2007-05-13 20:49 137,216 --a------ C:\WINDOWS\system32\T.COM
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 20:14:20 -------- d-----w C:\Program Files\ICQLite
2007-06-11 17:51:48 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-10 18:49:35 -------- d-----w C:\Program Files\Lx_cats
2007-06-03 11:33:21 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-30 19:07:44 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Skype
2007-05-29 18:36:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-21 14:16:59 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\MegauploadToolbar
2007-05-20 19:40:13 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-19 21:51:53 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Hamachi
2007-05-14 15:46:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-12 11:47:55 -------- d-----w C:\Program Files\DOSBox-0.65
2007-05-11 23:17:53 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:06:40 202,248 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:06:24 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:19:26 38,160 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-05-08 17:58:30 -------- d-----w C:\Program Files\Testy Autoškola
2007-05-08 15:38:52 -------- d-----w C:\Program Files\GetRight
2007-05-06 19:55:37 -------- d-----w C:\Program Files\OpenVPN
2007-05-05 16:10:04 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-05 16:08:26 -------- d-----w C:\Program Files\Hamachi
2007-05-05 14:02:18 -------- d-----w C:\Program Files\GamePark
2007-04-30 17:11:04 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Command & Conquer 3 Tiberium Wars
2007-04-26 11:43:48 -------- d-----w C:\Program Files\Futuremark
2007-04-26 11:23:00 -------- d-----w C:\Program Files\MadOnion.com
2007-04-22 18:06:35 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-04-19 20:22:07 -------- d-----w C:\Program Files\Trojan Remover
2007-04-19 20:15:34 -------- d-----w C:\Program Files\Lavasoft
2007-04-19 19:45:20 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Simply Super Software
2007-04-19 19:00:52 -------- d-----w C:\DOCUME~1\ADMIN~1.HOM\DATAAP~1\Everest Labs
2007-04-18 18:12:18 -------- d-----w C:\Program Files\Microsoft Works
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 19:18:47 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-04-15 07:16:52 -------- d-----w C:\Program Files\BSplayer Pro
2007-04-11 21:31:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-25 06:14:46 73,684 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-03-25 06:14:46 400,942 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-03-17 13:45:10 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-24 12:12:16 5 --sha-w C:\WINDOWS\system32\bcae_s.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 11:18]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll [2006-10-31 08:55]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-06 20:18]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Piracy"="C:\WINDOWS\SysUtil.exe" /PIRACY
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 22:38:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-13 22:40:09
C:\ComboFix-quarantined-files.txt ... 2007-06-13 22:39
C:\ComboFix2.txt ... 2007-06-12 22:03
--- E O F ---
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů