po viru nenabíhá správce úloh

kofola55 · Příspěvekod **kofola55** » 30 zář 2007 00:36

v době než jsi mi napsal jsem do kompu pustil Kasperského AV. Ten už něco z toho o čem píšeš odstanil. Zbytek jsem odstranil ručně. Doufám že všechno. postupoval jsem podle tvých rad. Kasperski mi ale zablokoval činnost combo fixu. Mám kaspera vypnout a dát ten combo fix znovu? hláška od Kasperského řílá: Process attempting to gain full access to the system by installing a driver. Writing system registry values from file \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS.

Reklama

kofola55 · Příspěvekod **kofola55** » 30 zář 2007 00:38

posílám ještě poslední log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37, on 2007-09-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\ComboFix\handle.cfexe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K\Plocha\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4679681828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{705C83BD-F1A4-462F-9C2D-A9BAA2C82B7D}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 8941 bytes

Příspěvekod **fredik** » 01 říj 2007 21:29

Tyto položky ti nejdou fixnout v HJT, že se ti furt objevují v logu?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Zkus kasperáka vypnout a udělat log z Combofixu, ale před tím smaž Combofix co máš už stažený a stáhni si ho znovu.

kofola55 · Příspěvekod **kofola55** » 02 říj 2007 16:43

ComboFix 07-10-02.2 - K 2007-10-02 16:28:42.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.123 [GMT 2:00]
Running from: C:\Documents and Settings\K\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikacˇ\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\oembios32.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-02 15:41 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-02 15:38 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-02 15:33 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2007-10-02 15:33 <DIR> d-------- C:\Program Files\MAGIX
2007-10-02 15:32 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-02 15:32 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-10-01 18:08 <DIR> d-------- C:\Program Files\PPT To Video Scout
2007-10-01 12:21 <DIR> d-------- C:\Program Files\QIPAtllan
2007-10-01 02:53 <DIR> d-------- C:\Program Files\image2html
2007-10-01 02:39 <DIR> d-------- C:\Program Files\Easy Text To HTML Converter
2007-09-30 22:26 <DIR> d-------- C:\Program Files\QIP1
2007-09-30 00:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-29 14:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-29 13:34 <DIR> d-------- C:\Program Files\Photo To Sketch
2007-09-29 13:16 160,122 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-09-29 13:16 <DIR> d-------- C:\Program Files\Sqirlz Water Reflections
2007-09-29 13:12 <DIR> d-------- C:\Program Files\Terragen
2007-09-28 00:50 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-28 00:50 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-28 00:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-28 00:43 <DIR> d-------- C:\kav
2007-09-27 13:28 147,968 --a------ C:\WINDOWS\R.COM
2007-09-27 13:28 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-09-27 13:07 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-27 13:07 <DIR> d-------- C:\Program Files\CCleaner
2007-09-27 10:13 <DIR> d-------- C:\Program Files\Avant Browser
2007-09-27 08:42 8,448 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-27 08:42 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-27 00:36 84,992 --a------ C:\WINDOWS\system32\atl70.dll
2007-09-27 00:36 29,696 --a------ C:\WINDOWS\system32\asutl8.dll
2007-09-25 21:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-25 09:29 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-25 09:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-25 09:18 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-25 09:18 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-25 09:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-25 09:07 1,740 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-25 02:20 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-24 07:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-24 07:01 612,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-24 07:01 15,615,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-24 02:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-24 01:15 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-24 01:02 <DIR> d-------- C:\Program Files\AntispyStorm
2007-09-23 22:34 <DIR> d-------- C:\Program Files\PConPoint
2007-09-23 17:07 <DIR> d-------- C:\movies
2007-09-23 10:23 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-23 01:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-23 00:54 <DIR> d-------- C:\Program Files\Power Video Converter
2007-09-22 16:54 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-09-22 16:34 <DIR> d-------- C:\Program Files\elchron.cz
2007-09-21 11:12 <DIR> d-------- C:\Program Files\Zeallsoft
2007-09-21 08:58 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-20 10:55 <DIR> d-------- C:\Program Files\Micropro
2007-09-20 09:57 <DIR> d-------- C:\Program Files\Clickster
2007-09-20 09:45 <DIR> d-------- C:\Program Files\SysFixMaster
2007-09-19 00:31 <DIR> d-------- C:\Program Files\Presentersoft PowerVideoMaker
2007-09-18 22:44 <DIR> d-------- C:\Program Files\GeoVid
2007-09-18 18:26 <DIR> d-------- C:\Program Files\GoQ - NetRadio
2007-09-18 08:58 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-18 08:58 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-09-18 08:58 564,224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-09-18 08:58 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-09-18 08:58 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-09-18 08:58 <DIR> d-------- C:\Program Files\CS Software
2007-09-18 03:31 <DIR> d-------- C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP
2007-09-18 03:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-16 13:24 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2007-09-16 01:30 335 --a------ C:\WINDOWS\mozregistry.dat
2007-09-15 20:52 <DIR> d-------- C:\Program Files\ElcomSoft
2007-09-15 03:43 <DIR> d-------- C:\Program Files\Convert PowerPoint to HTML
2007-09-14 06:47 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2007-09-13 23:43 <DIR> d-------- C:\Program Files\AdventNet
2007-09-13 22:16 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2007-09-13 22:16 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2007-09-13 14:25 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-13 12:40 <DIR> d-------- C:\Program Files\Yamicsoft
2007-09-13 10:53 <DIR> d-------- C:\Program Files\MediaCoder
2007-09-13 10:16 <DIR> d-------- C:\Program Files\IObit
2007-09-13 10:07 <DIR> d-------- C:\Program Files\Absolute Video Splitter Joiner
2007-09-12 20:12 <DIR> d-------- C:\Program Files\JustDo
2007-09-12 16:24 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-12 15:51 <DIR> d-------- C:\Program Files\QIP
2007-09-12 10:51 <DIR> d-------- C:\Program Files\All Media Fixer
2007-09-12 08:39 <DIR> d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-09-12 01:46 <DIR> d-------- C:\ConverterOutput
2007-09-12 01:16 <DIR> d-------- C:\Program Files\AVSMedia
2007-09-12 00:26 <DIR> d-------- C:\Program Files\The FilmMachine
2007-09-12 00:22 <DIR> d-------- C:\Program Files\MSECache
2007-09-11 23:15 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-09-11 23:14 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-11 23:14 <DIR> d-------- C:\Program Files\Windows Media Components
2007-09-11 23:12 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2007-09-11 23:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-09-11 23:12 <DIR> d-------- C:\Program Files\Common Files\GeoVid
2007-09-11 15:35 <DIR> d-------- C:\Program Files\X1
2007-09-11 14:29 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-09-11 14:29 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-09-11 14:29 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-09-11 14:29 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 16:33 58484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-02 16:33 210164 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-29 14:04 --------- d-------- C:\Program Files\Real
2007-09-29 14:03 --------- d-------- C:\Program Files\Common Files\Real
2007-09-29 04:08 --------- d-------- C:\Program Files\AmazingMIDI
2007-09-27 23:34 --------- d-------- C:\Program Files\Nufsoft
2007-09-27 23:34 --------- d-------- C:\Program Files\NCH Swift Sound
2007-09-27 23:33 --------- d-------- C:\Program Files\TallStick
2007-09-27 23:31 --------- d-------- C:\Program Files\Photozig Albums
2007-09-27 23:28 --------- d-------- C:\Program Files\JPEG Resampler
2007-09-27 23:20 --------- d-------- C:\Program Files\elchron.cz
2007-09-27 23:14 --------- d-------- C:\Program Files\BearFlix
2007-09-27 23:13 --------- d-------- C:\Program Files\AoA Audio Extractor
2007-09-26 23:51 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-25 21:25 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 08:03 274432 --a------ C:\WINDOWS\system32\imon.dll
2007-09-23 22:14 --------- d-------- C:\Program Files\Mail PassView
2007-09-21 11:12 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-21 09:04 --------- d-------- C:\Program Files\WMR11
2007-09-21 08:29 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-21 08:29 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-18 08:58 --------- d-------- C:\Program Files\QuickTime
2007-09-18 03:29 --------- d-------- C:\Program Files\TubeSucker
2007-09-18 03:29 --------- d-------- C:\Program Files\Gabest
2007-09-18 03:27 --------- d-------- C:\Program Files\URUSoft
2007-09-18 03:14 --------- d-------- C:\Program Files\DivX
2007-09-16 10:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-16 09:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 10:36 --------- d-------- C:\Program Files\Wedding Album Maker Gold
2007-09-15 10:09 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-09-12 00:30 --------- d-------- C:\Program Files\AviSynth 2.5
2007-09-11 14:28 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-09-11 01:52 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-09-10 18:09 --------- d-------- C:\Program Files\VinylStudio
2007-09-10 18:09 --------- d-------- C:\Program Files\Naevius YouTube Converter
2007-09-04 23:06 --------- d-------- C:\Program Files\WebLog Expert
2007-09-04 23:01 --------- d-------- C:\Program Files\GuildFTPd
2007-09-04 22:59 --------- d-------- C:\Program Files\DiscoverIt
2007-09-04 22:58 --------- d-------- C:\Program Files\DSaT
2007-09-04 22:58 --------- d-------- C:\Program Files\Cleaner 5 EZ
2007-09-04 22:56 --------- d-------- C:\Program Files\Avi2Dvd
2007-09-04 08:29 --------- d-------- C:\Program Files\ABBYY PDF Transformer 1.0
2007-09-02 01:00 --------- d-------- C:\Program Files\PhotoFiltre
2007-09-01 01:09 --------- d-------- C:\Program Files\Elecard
2007-08-31 18:46 662016 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-27 13:31 --------- d-------- C:\Program Files\Bearshare Premium P2P
2007-08-26 03:13 --------- d-------- C:\Program Files\iSofter
2007-08-26 03:07 --------- d-------- C:\Program Files\bobyte
2007-08-25 11:01 39424 --a------ C:\WINDOWS\zipinst.exe
2007-08-23 10:07 --------- d-------- C:\Program Files\K-Meleon
2007-08-19 03:41 --------- d-------- C:\Program Files\ICQLite
2007-08-19 03:21 --------- d-------- C:\Program Files\Essentials Codec Pack
2007-08-18 02:19 --------- d-------- C:\Program Files\directx
2007-08-17 17:32 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-17 16:14 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 14:01 --------- d-------- C:\Program Files\ProxyPlus
2007-08-16 16:42 --------- d-------- C:\Program Files\Xvid
2007-08-15 12:16 --------- d-------- C:\Program Files\Naevius GVI Converter
2007-08-15 12:04 --------- d-------- C:\Program Files\LightZone
2007-08-15 11:59 --------- d-------- C:\Program Files\ClearSkin
2007-08-14 16:29 --------- d-------- C:\Program Files\Foxit Software
2007-08-13 08:45 --------- d-------- C:\Program Files\PCVirusless
2007-08-13 01:17 --------- d-------- C:\Program Files\Xi
2007-08-13 01:09 --------- d-------- C:\Program Files\Microsoft Virtual PC
2007-08-12 22:23 --------- d-------- C:\Program Files\IPWatcher
2007-08-12 22:20 --------- d-------- C:\Program Files\a-squared Free
2007-08-12 21:51 --------- d-------- C:\Program Files\Google
2007-08-11 01:53 --------- d-------- C:\Program Files\Photobie
2007-08-10 03:46 --------- d-------- C:\Program Files\Trend Micro
2007-08-09 20:18 --------- d-------- C:\Program Files\LH-Subtitle
2007-08-08 12:43 --------- d-------- C:\Program Files\LeoFetch
2007-08-08 12:40 --------- d-------- C:\Program Files\TRELLIAN
2007-08-08 12:23 --------- d-------- C:\Program Files\Sophtware
2007-08-08 11:42 --------- d-------- C:\Program Files\asoftech
2007-08-05 16:30 --------- d-------- C:\Program Files\Corel
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 13:51 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-27 01:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 14:01]
"QuickTime Task"="C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" [2007-09-18 08:59]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"WEBTRAN"=C:\TRANSLAT\MAILTRAN.EXE -l
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SysFixMaster"=C:\Program Files\SysFixMaster\SysFixMaster.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 15:42:29 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-08-08 14:54:25 C:\WINDOWS\Tasks\AutoMe_laduska.job"
"2007-10-01 10:07:00 C:\WINDOWS\Tasks\AutoMe_novinky.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2007-10-01 09:52:00 C:\WINDOWS\Tasks\AutoMe_[Demo] visit web.job"
"2007-10-02 14:10:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-28 15:42:16 C:\WINDOWS\Tasks\Úklid 1. kliknutím.job"
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-02 16:39:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 16:38
.
--- E O F ---

kofola55 · Příspěvekod **kofola55** » 02 říj 2007 16:45

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:07, on 2.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\K\Plocha\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4679681828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{705C83BD-F1A4-462F-9C2D-A9BAA2C82B7D}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 7334 bytes

kofola55 · Příspěvekod **kofola55** » 02 říj 2007 16:52

Takže ještě jednou prosím o kontrolu logu.
Je tam ComboFix i HJT.
zatím aspoň děkuju za pevné nervy.

)))

kofola55 · Příspěvekod **kofola55** » 04 říj 2007 23:04

Taskmanager už běhá tak,jak má. Nehoří. Až budeš mít chvilku,koukni se,prosím na ty logy ať mám jistotu,že je vše jak má být,jo?
Děkuju.

Příspěvekod **fredik** » 07 říj 2007 12:34

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin

FileLook::
C:\WINDOWS\system32\DLLDEV32i.dll

DirLook::
C:\WINDOWS\system32\acespy
C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

kofola55 · Příspěvekod **kofola55** » 07 říj 2007 21:58

ComboFix 07-10-07.2 - K 2007-10-07 21:46:10.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.102 [GMT 2:00]
Running from: C:\Documents and Settings\K\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\K\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 21:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:29 <DIR> d-------- C:\Program Files\PowerShrink
2007-10-07 15:50 <DIR> d-------- C:\Program Files\PPTexpert
2007-10-07 15:09 <DIR> d-------- C:\PMAIL
2007-10-07 15:00 292,864 --a------ C:\WINDOWS\system32\aecrsav2.dll
2007-10-07 15:00 183,296 --a------ C:\WINDOWS\system32\aeccrypt.dll
2007-10-07 15:00 <DIR> d-------- C:\Program Files\IronWare Communication
2007-10-07 14:59 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-07 14:46 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-10-07 14:06 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-07 14:06 <DIR> d-------- C:\Program Files\FireTune
2007-10-07 13:13 <DIR> d-------- C:\Program Files\FileZilla Server
2007-10-07 12:25 <DIR> d-------- C:\Program Files\Folder Marker
2007-10-07 00:23 <DIR> d-------- C:\Program Files\Wondershare
2007-10-06 22:05 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-06 22:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-06 21:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-06 21:53 <DIR> dr-h----- C:\MSOCache
2007-10-06 09:57 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-10-06 02:11 <DIR> d-------- C:\Program Files\Reveal 1.2
2007-10-06 02:08 <DIR> d-------- C:\Program Files\GoFTP
2007-10-06 02:05 <DIR> d-------- C:\Program Files\Foto-Mosaik
2007-10-06 01:59 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2007-10-06 01:58 <DIR> d-------- C:\Program Files\DCEnhancer
2007-10-06 01:55 <DIR> d-------- C:\Program Files\Verdict Free
2007-10-06 01:43 <DIR> d-------- C:\Program Files\OO Software
2007-10-06 01:38 <DIR> d-------- C:\Program Files\nLite
2007-10-05 08:55 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-05 08:55 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-05 03:17 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-04 20:24 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-10-04 20:24 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-04 20:24 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-04 20:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-04 20:24 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-04 14:56 216,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-04 14:56 18,303,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-04 14:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-04 13:17 <DIR> d-------- C:\Program Files\Flash2X
2007-10-04 02:12 <DIR> d-------- C:\ks
2007-10-04 02:10 274,432 --a------ C:\Documents and Settings\K\demyq.exe
2007-10-04 02:10 <DIR> d-------- C:\Documents and Settings\K\cs-CZ
2007-10-04 02:04 <DIR> d-------- C:\Program Files\Code-it Software
2007-10-03 09:57 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-03 09:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-03 09:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-03 09:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-03 09:33 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-03 09:29 <DIR> d-------- C:\Program Files\Room Arranger
2007-10-03 01:04 <DIR> d-------- C:\Program Files\Systerac XP Tools 4
2007-10-02 23:08 <DIR> d-------- C:\Program Files\PSPad editor
2007-10-02 20:54 <DIR> d-------- C:\Program Files\IE7Pro
2007-10-02 15:41 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-02 15:38 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-02 15:33 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2007-10-02 15:33 <DIR> d-------- C:\Program Files\MAGIX
2007-10-02 15:32 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-02 15:32 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-10-01 18:08 <DIR> d-------- C:\Program Files\PPT To Video Scout
2007-10-01 12:21 <DIR> d-------- C:\Program Files\QIPAtllan
2007-10-01 02:53 <DIR> d-------- C:\Program Files\image2html
2007-10-01 02:39 <DIR> d-------- C:\Program Files\Easy Text To HTML Converter
2007-09-30 22:26 <DIR> d-------- C:\Program Files\QIP1
2007-09-29 14:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-29 13:34 <DIR> d-------- C:\Program Files\Photo To Sketch
2007-09-29 13:16 160,122 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-09-29 13:16 <DIR> d-------- C:\Program Files\Sqirlz Water Reflections
2007-09-29 13:12 <DIR> d-------- C:\Program Files\Terragen
2007-09-28 00:43 <DIR> d-------- C:\kav
2007-09-27 13:07 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-27 13:07 <DIR> d-------- C:\Program Files\CCleaner
2007-09-27 10:13 <DIR> d-------- C:\Program Files\Avant Browser
2007-09-27 08:42 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-27 00:36 84,992 --a--c--- C:\WINDOWS\system32\atl70.dll
2007-09-27 00:36 29,696 --a--c--- C:\WINDOWS\system32\asutl8.dll
2007-09-25 21:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-25 09:29 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-09-25 09:18 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-25 09:07 1,740 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-25 02:20 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-24 07:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-24 02:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-24 01:15 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-24 01:02 <DIR> d-------- C:\Program Files\AntispyStorm
2007-09-23 22:34 <DIR> d-------- C:\Program Files\PConPoint
2007-09-23 17:07 <DIR> d-------- C:\movies
2007-09-23 01:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-23 00:54 <DIR> d-------- C:\Program Files\Power Video Converter
2007-09-22 16:54 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-09-22 16:34 <DIR> d-------- C:\Program Files\elchron.cz
2007-09-21 11:12 <DIR> d-------- C:\Program Files\Zeallsoft
2007-09-21 08:58 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-20 10:55 <DIR> d-------- C:\Program Files\Micropro
2007-09-20 09:57 <DIR> d-------- C:\Program Files\Clickster
2007-09-20 09:45 <DIR> d-------- C:\Program Files\SysFixMaster
2007-09-19 00:31 <DIR> d-------- C:\Program Files\Presentersoft PowerVideoMaker
2007-09-18 22:44 <DIR> d-------- C:\Program Files\GeoVid
2007-09-18 18:26 <DIR> d-------- C:\Program Files\GoQ - NetRadio
2007-09-18 08:58 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-18 08:58 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 21:49 246164 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-07 21:49 21380 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 19:28 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 12:14 --------- d-------- C:\Program Files\Google
2007-10-04 20:21 --------- d-------- C:\Program Files\DivX
2007-10-04 13:12 --------- d-------- C:\Program Files\WMR11
2007-10-04 02:03 5363712 --a------ C:\Program Files\Flash this!.msi
2007-09-29 14:04 --------- d-------- C:\Program Files\Real
2007-09-29 14:03 --------- d-------- C:\Program Files\Common Files\Real
2007-09-29 04:08 --------- d-------- C:\Program Files\AmazingMIDI
2007-09-27 23:34 --------- d-------- C:\Program Files\Nufsoft
2007-09-27 23:34 --------- d-------- C:\Program Files\NCH Swift Sound
2007-09-27 23:33 --------- d-------- C:\Program Files\TallStick
2007-09-27 23:31 --------- d-------- C:\Program Files\Photozig Albums
2007-09-27 23:28 --------- d-------- C:\Program Files\JPEG Resampler
2007-09-27 23:27 --------- d-------- C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-27 23:20 --------- d-------- C:\Program Files\elchron.cz
2007-09-27 23:14 --------- d-------- C:\Program Files\BearFlix
2007-09-27 23:13 --------- d-------- C:\Program Files\AoA Audio Extractor
2007-09-26 23:51 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-24 08:03 274432 --a------ C:\WINDOWS\system32\imon.dll
2007-09-23 22:14 --------- d-------- C:\Program Files\Mail PassView
2007-09-21 11:12 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-21 08:29 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-21 08:29 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-18 08:58 --------- d-------- C:\Program Files\QuickTime
2007-09-18 03:29 --------- d-------- C:\Program Files\TubeSucker
2007-09-18 03:29 --------- d-------- C:\Program Files\Gabest
2007-09-18 03:27 --------- d-------- C:\Program Files\URUSoft
2007-09-18 03:13 --------- d-------- C:\Program Files\Browse3D
2007-09-16 10:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-16 09:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 10:36 --------- d-------- C:\Program Files\Wedding Album Maker Gold
2007-09-15 10:09 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-09-12 00:30 --------- d-------- C:\Program Files\AviSynth 2.5
2007-09-11 14:28 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-09-11 01:52 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-09-10 18:09 --------- d-------- C:\Program Files\VinylStudio
2007-09-10 18:09 --------- d-------- C:\Program Files\Naevius YouTube Converter
2007-09-04 23:06 --------- d-------- C:\Program Files\WebLog Expert
2007-09-04 23:01 --------- d-------- C:\Program Files\GuildFTPd
2007-09-04 22:59 --------- d-------- C:\Program Files\DiscoverIt
2007-09-04 22:58 --------- d-------- C:\Program Files\DSaT
2007-09-04 22:58 --------- d-------- C:\Program Files\Cleaner 5 EZ
2007-09-04 22:56 --------- d-------- C:\Program Files\Avi2Dvd
2007-09-04 08:29 --------- d-------- C:\Program Files\ABBYY PDF Transformer 1.0
2007-09-02 01:00 --------- d-------- C:\Program Files\PhotoFiltre
2007-09-01 01:09 --------- d-------- C:\Program Files\Elecard
2007-08-27 13:31 --------- d-------- C:\Program Files\Bearshare Premium P2P
2007-08-26 03:13 --------- d-------- C:\Program Files\iSofter
2007-08-26 03:07 --------- d-------- C:\Program Files\bobyte
2007-08-25 11:01 39424 --a------ C:\WINDOWS\zipinst.exe
2007-08-23 10:07 --------- d-------- C:\Program Files\K-Meleon
2007-08-19 03:41 --------- d-------- C:\Program Files\ICQLite
2007-08-18 02:19 --------- d-------- C:\Program Files\directx
2007-08-17 17:32 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-17 16:14 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 14:01 --------- d-------- C:\Program Files\ProxyPlus
2007-08-15 12:16 --------- d-------- C:\Program Files\Naevius GVI Converter
2007-08-15 12:04 --------- d-------- C:\Program Files\LightZone
2007-08-15 11:59 --------- d-------- C:\Program Files\ClearSkin
2007-08-14 16:29 --------- d-------- C:\Program Files\Foxit Software
2007-08-13 08:45 --------- d-------- C:\Program Files\PCVirusless
2007-08-13 01:17 --------- d-------- C:\Program Files\Xi
2007-08-13 01:09 --------- d-------- C:\Program Files\Microsoft Virtual PC
2007-08-12 22:23 --------- d-------- C:\Program Files\IPWatcher
2007-08-12 22:20 --------- d-------- C:\Program Files\a-squared Free
2007-08-11 01:53 --------- d-------- C:\Program Files\Photobie
2007-08-10 03:46 --------- d-------- C:\Program Files\Trend Micro
2007-08-09 20:18 --------- d-------- C:\Program Files\LH-Subtitle
2007-08-08 12:43 --------- d-------- C:\Program Files\LeoFetch
2007-08-08 12:40 --------- d-------- C:\Program Files\TRELLIAN
2007-08-08 12:23 --------- d-------- C:\Program Files\Sophtware
2007-08-08 11:42 --------- d-------- C:\Program Files\asoftech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 13:51 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- C:\WINDOWS\system32\DLLDEV32i.dll ----

Company:
File Description:
File Version: 3, 7, 0, 12
Product Name: DLLDEV32i
Copyright:
Original file name: DLLDEV32i.dll

---- Directory of C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP ----

2007-09-18 03:31 241664 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla4.dll
2007-09-18 03:31 147456 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla.dll
2007-09-18 03:31 126817 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla6.exe
2007-09-18 03:31 121425 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla5.dll
2007-09-18 03:31 11027 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseData.ini

---- Directory of C:\WINDOWS\system32\acespy ----

2007-09-27 08:42 28416 --a------ C:\WINDOWS\system32\acespy\systune.exe
2007-09-27 08:42 27904 --a------ C:\WINDOWS\system32\acespy\__acelog.ndx

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" [2007-09-18 08:59]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09]
"YouTube CrazyVideos"="C:\Program Files\YoutubeCrazyVideos\YoutubeCrazyVideos 2.exe" []
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-02-27 16:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"demyq"="C:\Documents and Settings\K\demyq.exe" [2007-09-27 23:47]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"WEBTRAN"=C:\TRANSLAT\MAILTRAN.EXE -l
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SysFixMaster"=C:\Program Files\SysFixMaster\SysFixMaster.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 15:23:21 C:\WINDOWS\Tasks\1-Click Maintenance.job"
"2007-08-08 14:54:25 C:\WINDOWS\Tasks\AutoMe_laduska.job"
"2007-10-07 10:07:00 C:\WINDOWS\Tasks\AutoMe_novinky.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2007-10-07 09:52:01 C:\WINDOWS\Tasks\AutoMe_[Demo] visit web.job"
"2007-10-07 13:45:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-05 15:23:26 C:\WINDOWS\Tasks\Úklid 1. kliknutím.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 21:52:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 21:55:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 21:55
.
--- E O F ---

Příspěvekod **fredik** » 08 říj 2007 17:33

Vytvoř si nový CFScript a tento krát do něj vlož toto:

Kód: Vybrat vše

Folder::
C:\WINDOWS\system32\acespy

a dej sem pak log.

Otestuj tento soubor na VirusTotall:
C:\Documents and Settings\K\demyq.exe
a vlož sem pak výsledek.

kofola55 · Příspěvekod **kofola55** » 08 říj 2007 19:54

ComboFix 07-10-08.3 - K 2007-10-08 18:31:46.4 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.104 [GMT 2:00]
Running from: C:\Documents and Settings\K\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\K\Plocha\CFScript_used_2007-10-07@21.46.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 18:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 11:34 <DIR> d-------- C:\Program Files\XnView
2007-10-08 10:05 <DIR> d-------- C:\Program Files\Saleen Software
2007-10-08 03:44 <DIR> d-------- C:\WINDOWS\system32\ebay
2007-10-08 03:44 <DIR> d-------- C:\Program Files\Ashampoo
2007-10-08 03:29 <DIR> d-------- C:\Program Files\ThreatFire
2007-10-08 03:29 52,032 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2007-10-08 03:29 38,720 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2007-10-08 03:29 34,624 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2007-10-08 03:29 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2007-10-08 03:21 <DIR> d-------- C:\Program Files\VisiFly
2007-10-08 00:40 <DIR> d-------- C:\Program Files\KC Softwares
2007-10-07 23:39 <DIR> d-------- C:\Program Files\PowerPoint to Flash
2007-10-07 19:29 <DIR> d-------- C:\Program Files\PowerShrink
2007-10-07 15:50 <DIR> d-------- C:\Program Files\PPTexpert
2007-10-07 15:09 <DIR> d-------- C:\PMAIL
2007-10-07 15:00 <DIR> d-------- C:\Program Files\IronWare Communication
2007-10-07 15:00 292,864 --a------ C:\WINDOWS\system32\aecrsav2.dll
2007-10-07 15:00 183,296 --a------ C:\WINDOWS\system32\aeccrypt.dll
2007-10-07 14:59 307,200 --a------ C:\WINDOWS\IsUn0405.exe
2007-10-07 14:46 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-10-07 14:06 <DIR> d-------- C:\Program Files\FireTune
2007-10-07 14:06 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-07 13:13 <DIR> d-------- C:\Program Files\FileZilla Server
2007-10-07 12:25 <DIR> d-------- C:\Program Files\Folder Marker
2007-10-07 00:23 <DIR> d-------- C:\Program Files\Wondershare
2007-10-06 22:05 <DIR> d-------- C:\Program Files\Microsoft Works
2007-10-06 22:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-06 21:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-06 21:53 <DIR> dr-h----- C:\MSOCache
2007-10-06 09:57 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-10-06 02:11 <DIR> d-------- C:\Program Files\Reveal 1.2
2007-10-06 02:08 <DIR> d-------- C:\Program Files\GoFTP
2007-10-06 02:05 <DIR> d-------- C:\Program Files\Foto-Mosaik
2007-10-06 01:59 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2007-10-06 01:58 <DIR> d-------- C:\Program Files\DCEnhancer
2007-10-06 01:55 <DIR> d-------- C:\Program Files\Verdict Free
2007-10-06 01:43 <DIR> d-------- C:\Program Files\OO Software
2007-10-06 01:38 <DIR> d-------- C:\Program Files\nLite
2007-10-05 08:55 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-05 08:55 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-05 03:17 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-04 20:24 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-04 20:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-04 20:24 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-10-04 20:24 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-04 20:24 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-04 14:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-04 14:56 22,665,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-04 14:56 356,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-04 13:17 <DIR> d-------- C:\Program Files\Flash2X
2007-10-04 02:12 <DIR> d-------- C:\ks
2007-10-04 02:10 <DIR> d-------- C:\Documents and Settings\K\cs-CZ
2007-10-04 02:04 <DIR> d-------- C:\Program Files\Code-it Software
2007-10-03 09:57 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-03 09:52 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2007-10-03 09:52 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2007-10-03 09:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-03 09:33 <DIR> d-------- C:\Program Files\Common Files\ParallelGraphics
2007-10-03 09:29 <DIR> d-------- C:\Program Files\Room Arranger
2007-10-03 01:04 <DIR> d-------- C:\Program Files\Systerac XP Tools 4
2007-10-02 23:08 <DIR> d-------- C:\Program Files\PSPad editor
2007-10-02 20:54 <DIR> d-------- C:\Program Files\IE7Pro
2007-10-02 15:41 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-02 15:38 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2007-10-02 15:38 487,424 --a------ C:\WINDOWS\system32\DLLAV32.dll
2007-10-02 15:38 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-10-02 15:38 188,416 --a------ C:\WINDOWS\system32\DLLRES32.dll
2007-10-02 15:38 163,840 --a------ C:\WINDOWS\system32\DLLDEV32.dll
2007-10-02 15:38 151,552 --a------ C:\WINDOWS\system32\DLLDRV32.dll
2007-10-02 15:38 114,688 --a------ C:\WINDOWS\system32\DLLCDA32.dll
2007-10-02 15:38 94,208 --a------ C:\WINDOWS\system32\DLLCPY32.dll
2007-10-02 15:38 65,536 --a------ C:\WINDOWS\system32\DLLPTL32.dll
2007-10-02 15:38 61,440 --a------ C:\WINDOWS\system32\DLLCDF32.dll
2007-10-02 15:38 57,344 --a------ C:\WINDOWS\system32\DLLTPO32.dll
2007-10-02 15:38 53,248 --a------ C:\WINDOWS\system32\DLLPRJ32.dll
2007-10-02 15:38 53,248 --a------ C:\WINDOWS\system32\DLLIO32.dll
2007-10-02 15:38 49,152 --a------ C:\WINDOWS\system32\DLLPRF32.dll
2007-10-02 15:38 45,056 --a------ C:\WINDOWS\system32\DLLIMG32.dll
2007-10-02 15:38 40,960 --a------ C:\WINDOWS\system32\DLLRD32.dll
2007-10-02 15:38 36,864 --a------ C:\WINDOWS\system32\DLLPNT32.dll
2007-10-02 15:38 32,768 --a------ C:\WINDOWS\system32\STRING32.dll
2007-10-02 15:38 32,768 --a------ C:\WINDOWS\system32\DLLMSC32.dll
2007-10-02 15:38 32,768 --a------ C:\WINDOWS\system32\DLLISO32.dll
2007-10-02 15:38 32,768 --a------ C:\WINDOWS\system32\DLLDIR32.dll
2007-10-02 15:38 24,576 --a------ C:\WINDOWS\system32\TTIC32.dll
2007-10-02 15:38 24,576 --a------ C:\WINDOWS\system32\TTI32.dll
2007-10-02 15:38 24,576 --a------ C:\WINDOWS\system32\DLLIX.dll
2007-10-02 15:33 <DIR> d-------- C:\Program Files\MAGIX
2007-10-02 15:33 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2007-10-02 15:32 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-10-02 15:32 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-01 18:08 <DIR> d-------- C:\Program Files\PPT To Video Scout
2007-10-01 12:21 <DIR> d-------- C:\Program Files\QIPAtllan
2007-10-01 02:53 <DIR> d-------- C:\Program Files\image2html
2007-10-01 02:39 <DIR> d-------- C:\Program Files\Easy Text To HTML Converter
2007-09-30 22:26 <DIR> d-------- C:\Program Files\QIP1
2007-09-29 14:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-29 13:34 <DIR> d-------- C:\Program Files\Photo To Sketch
2007-09-29 13:16 <DIR> d-------- C:\Program Files\Sqirlz Water Reflections

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 04:30 278756 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-08 04:30 25892 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 19:28 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-07 12:14 --------- d-------- C:\Program Files\Google
2007-10-04 20:21 --------- d-------- C:\Program Files\DivX
2007-10-04 13:12 --------- d-------- C:\Program Files\WMR11
2007-10-04 02:03 5363712 --a------ C:\Program Files\Flash this!.msi
2007-09-29 14:04 --------- d-------- C:\Program Files\Real
2007-09-29 14:03 --------- d-------- C:\Program Files\Common Files\Real
2007-09-29 04:08 --------- d-------- C:\Program Files\AmazingMIDI
2007-09-27 23:34 --------- d-------- C:\Program Files\Nufsoft
2007-09-27 23:34 --------- d-------- C:\Program Files\NCH Swift Sound
2007-09-27 23:33 --------- d-------- C:\Program Files\TallStick
2007-09-27 23:31 --------- d-------- C:\Program Files\Photozig Albums
2007-09-27 23:28 --------- d-------- C:\Program Files\JPEG Resampler
2007-09-27 23:27 --------- d-------- C:\Program Files\intelliScore Polyphonic WAV to MIDI Converter Demo
2007-09-27 23:20 --------- d-------- C:\Program Files\elchron.cz
2007-09-27 23:14 --------- d-------- C:\Program Files\BearFlix
2007-09-27 23:13 --------- d-------- C:\Program Files\AoA Audio Extractor
2007-09-26 23:51 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-24 08:03 274432 --a------ C:\WINDOWS\system32\imon.dll
2007-09-23 22:14 --------- d-------- C:\Program Files\Mail PassView
2007-09-21 11:12 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-21 08:29 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-09-21 08:29 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-18 08:58 --------- d-------- C:\Program Files\QuickTime
2007-09-18 03:29 --------- d-------- C:\Program Files\TubeSucker
2007-09-18 03:29 --------- d-------- C:\Program Files\Gabest
2007-09-18 03:27 --------- d-------- C:\Program Files\URUSoft
2007-09-18 03:13 --------- d-------- C:\Program Files\Browse3D
2007-09-16 10:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-16 09:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 10:36 --------- d-------- C:\Program Files\Wedding Album Maker Gold
2007-09-15 10:09 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-09-12 00:30 --------- d-------- C:\Program Files\AviSynth 2.5
2007-09-11 14:28 --------- d-------- C:\Program Files\Common Files\Download Manager
2007-09-11 01:52 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-09-10 18:09 --------- d-------- C:\Program Files\VinylStudio
2007-09-10 18:09 --------- d-------- C:\Program Files\Naevius YouTube Converter
2007-09-07 02:00 --------- d-------- C:\Program Files\Photo Effect Studio
2007-09-04 23:06 --------- d-------- C:\Program Files\WebLog Expert
2007-09-04 23:01 --------- d-------- C:\Program Files\GuildFTPd
2007-09-04 22:59 --------- d-------- C:\Program Files\DiscoverIt
2007-09-04 22:58 --------- d-------- C:\Program Files\DSaT
2007-09-04 22:58 --------- d-------- C:\Program Files\Cleaner 5 EZ
2007-09-04 22:56 --------- d-------- C:\Program Files\Avi2Dvd
2007-09-04 08:29 --------- d-------- C:\Program Files\ABBYY PDF Transformer 1.0
2007-09-02 01:00 --------- d-------- C:\Program Files\PhotoFiltre
2007-09-01 01:09 --------- d-------- C:\Program Files\Elecard
2007-08-27 13:31 --------- d-------- C:\Program Files\Bearshare Premium P2P
2007-08-26 03:13 --------- d-------- C:\Program Files\iSofter
2007-08-26 03:07 --------- d-------- C:\Program Files\bobyte
2007-08-25 11:01 39424 --a------ C:\WINDOWS\zipinst.exe
2007-08-23 10:07 --------- d-------- C:\Program Files\K-Meleon
2007-08-19 03:41 --------- d-------- C:\Program Files\ICQLite
2007-08-18 02:19 --------- d-------- C:\Program Files\directx
2007-08-17 17:32 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-17 16:14 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 14:01 --------- d-------- C:\Program Files\ProxyPlus
2007-08-15 12:16 --------- d-------- C:\Program Files\Naevius GVI Converter
2007-08-15 12:04 --------- d-------- C:\Program Files\LightZone
2007-08-15 11:59 --------- d-------- C:\Program Files\ClearSkin
2007-08-14 16:29 --------- d-------- C:\Program Files\Foxit Software
2007-08-13 08:45 --------- d-------- C:\Program Files\PCVirusless
2007-08-13 01:17 --------- d-------- C:\Program Files\Xi
2007-08-13 01:09 --------- d-------- C:\Program Files\Microsoft Virtual PC
2007-08-12 22:23 --------- d-------- C:\Program Files\IPWatcher
2007-08-12 22:20 --------- d-------- C:\Program Files\a-squared Free
2007-08-11 01:53 --------- d-------- C:\Program Files\Photobie
2007-08-10 03:46 --------- d-------- C:\Program Files\Trend Micro
2007-08-09 20:18 --------- d-------- C:\Program Files\LH-Subtitle
2007-08-08 12:43 --------- d-------- C:\Program Files\LeoFetch
2007-08-08 12:40 --------- d-------- C:\Program Files\TRELLIAN
2007-08-08 12:23 --------- d-------- C:\Program Files\Sophtware
2007-08-08 11:42 --------- d-------- C:\Program Files\asoftech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 13:51 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2003-04-06 11:39 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- C:\WINDOWS\system32\DLLDEV32i.dll ----

Company:
File Description:
File Version: 3, 7, 0, 12
Product Name: DLLDEV32i
Copyright:
Original file name: DLLDEV32i.dll

---- Directory of C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP ----

2007-09-18 03:31 241664 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla4.dll
2007-09-18 03:31 147456 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla.dll
2007-09-18 03:31 126817 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla6.exe
2007-09-18 03:31 121425 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseCustomCalla5.dll
2007-09-18 03:31 11027 --a------ C:\WINDOWS\EBA6C87D657248E390B8569D4CE96B30.TMP\WiseData.ini

---- Directory of C:\WINDOWS\system32\acespy ----

2007-09-27 08:42 28416 --a------ C:\WINDOWS\system32\acespy\systune.exe
2007-09-27 08:42 27904 --a------ C:\WINDOWS\system32\acespy\__acelog.ndx

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\CS Software\CS Codec Solution\QT\QTSystem\qttask.exe" [2007-09-18 08:59]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 18:09]
"YouTube CrazyVideos"="C:\Program Files\YoutubeCrazyVideos\YoutubeCrazyVideos 2.exe" []
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-02-27 16:55]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2007-10-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"demyq"="C:\Documents and Settings\K\demyq.exe" []
"moky"="C:\Documents and Settings\K\Plocha\moky.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"WEBTRAN"=C:\TRANSLAT\MAILTRAN.EXE -l
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SysFixMaster"=C:\Program Files\SysFixMaster\SysFixMaster.exe
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe"

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys
S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM);C:\WINDOWS\system32\DRIVERS\se2Bunic.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 15:23:21 C:\WINDOWS\Tasks\1-Click Maintenance.job"
"2007-08-08 14:54:25 C:\WINDOWS\Tasks\AutoMe_laduska.job"
"2007-10-08 10:07:01 C:\WINDOWS\Tasks\AutoMe_novinky.job"
- C:\Program Files\asoftech\AutoMe\am.exe
"2007-10-08 09:52:02 C:\WINDOWS\Tasks\AutoMe_[Demo] visit web.job"
"2007-10-08 07:45:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-05 15:23:26 C:\WINDOWS\Tasks\Úklid 1. kliknutím.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 18:36:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 18:40:47
.
--- E O F ---

kofola55 · Příspěvekod **kofola55** » 08 říj 2007 20:05

Soubor demyq.ini přijatý 2007.10.08 19:59:10 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/32 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.8.0 2007.10.08 -
AntiVir 7.6.0.20 2007.10.08 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.08 -
AVG 7.5.0.488 2007.10.08 -
BitDefender 7.2 2007.10.08 -
CAT-QuickHeal 9.00 2007.10.08 -
ClamAV 0.91.2 2007.10.08 -
DrWeb 4.44.0.09170 2007.10.08 -
eSafe 7.0.15.0 2007.10.07 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.08 -
FileAdvisor 1 2007.10.08 -
Fortinet 3.11.0.0 2007.10.08 -
F-Prot 4.3.2.48 2007.10.06 -
F-Secure 6.70.13030.0 2007.10.08 -
Ikarus T3.1.1.12 2007.10.08 -
Kaspersky 7.0.0.125 2007.10.08 -
McAfee 5136 2007.10.08 -
Microsoft 1.2908 2007.10.08 -
NOD32v2 2578 2007.10.08 -
Norman 5.80.02 2007.10.08 -
Panda 9.0.0.4 2007.10.08 -
Prevx1 V2 2007.10.08 -
Rising 19.44.02.00 2007.10.08 -
Sophos 4.22.0 2007.10.08 -
Sunbelt 2.2.907.0 2007.10.06 -
Symantec 10 2007.10.08 -
TheHacker 6.2.6.079 2007.10.07 -
VBA32 3.12.2.4 2007.10.08 -
VirusBuster 4.3.26:9 2007.10.08 -
Webwasher-Gateway 6.0.1 2007.10.08 -
Rozšiřující informace
File size: 89 bytes
MD5: 22bdf4d351eb1927b4a3bfdb5444338b
SHA1: ca6730f0fe71fb5ca8b5e6f58fbe280c2ee7c4cd
packers: UTF-8

po viru nenabíhá správce úloh

Fredíkovi

Výsledek z Combofix

Combofix

VirusTotal

Kdo je online