Prosím o kontrolu logu a pomoc s "navex15" Vyřešeno

[jaro3]

Zkus v normálním , pokud to nepůjde tak v nouzovém (stav nouze).

[Reklama]

[Alan-K]

Šlo v normálním, ale neproběhlo to bez chyb...

ComboFix 08-11-19.08 - Alan 2008-11-20 16:31:06.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3225 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alan\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alan\Data aplikací\inst.exe
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\INSTALL.LOG
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004104_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004112_.tmp.dll
c:\windows\system32\_004113_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004117_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004123_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004128_.tmp.dll
c:\windows\system32\_004130_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004136_.tmp.dll
c:\windows\system32\_004138_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004147_.tmp.dll
c:\windows\system32\_004149_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004158_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004163_.tmp.dll
c:\windows\system32\_004164_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004178_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004186_.tmp.dll
c:\windows\system32\_004189_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004191_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004193_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_006221_.tmp.dll
c:\windows\system32\_006222_.tmp.dll
c:\windows\system32\_006223_.tmp.dll
c:\windows\system32\_006224_.tmp.dll
c:\windows\system32\_006231_.tmp.dll
c:\windows\system32\_006232_.tmp.dll
c:\windows\system32\_006233_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006236_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006240_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006243_.tmp.dll
c:\windows\system32\_006244_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006247_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006251_.tmp.dll
c:\windows\system32\_006255_.tmp.dll
c:\windows\system32\_006256_.tmp.dll
c:\windows\system32\_006258_.tmp.dll
c:\windows\system32\_006261_.tmp.dll
c:\windows\system32\_006263_.tmp.dll
c:\windows\system32\_006264_.tmp.dll
c:\windows\system32\_006265_.tmp.dll
c:\windows\system32\_006266_.tmp.dll
c:\windows\system32\_006267_.tmp.dll
c:\windows\system32\_006270_.tmp.dll
c:\windows\system32\_006271_.tmp.dll
c:\windows\system32\_006272_.tmp.dll
c:\windows\system32\_006273_.tmp.dll
c:\windows\system32\_006274_.tmp.dll
c:\windows\system32\_006279_.tmp.dll
c:\windows\system32\_006281_.tmp.dll

----- BITS: Možné infikované stránky -----

hxxp://gllto.glpals.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-20 do 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-20 14:43 . 2008-11-20 16:17 <DIR> d-------- C:\SDFix
2008-11-20 14:00 . 2008-11-20 14:00 <DIR> d-------- C:\rsit
2008-11-20 00:25 . 2008-11-20 00:25 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\AltrixSoft
2008-11-20 00:24 . 2008-11-20 00:24 <DIR> d-------- c:\program files\Hard Drive Inspector
2008-11-19 20:50 . 2008-11-19 20:50 <DIR> d-------- c:\program files\RegCleaner
2008-11-19 19:05 . 2008-11-19 19:18 <DIR> d-------- c:\program files\SeaTools Enterprise
2008-11-19 19:05 . 2008-11-19 19:05 0 --a------ c:\windows\PROTOCOL.INI
2008-11-19 17:44 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Common Files\Canopus Shared
2008-11-19 17:44 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Canopus
2008-11-19 17:42 . 2008-11-19 17:42 <DIR> d-------- c:\program files\WinFast
2008-11-19 17:42 . 2008-11-19 17:42 <DIR> d-------- c:\program files\Windows Defender(2)
2008-11-19 17:42 . 2008-11-19 17:43 <DIR> d-------- c:\program files\Creative
2008-11-19 17:40 . 2008-11-19 17:40 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-19 17:30 . 2008-11-19 17:39 <DIR> d-------- c:\program files\Windows Sidebar(2)
2008-11-19 16:46 . 2008-11-19 17:40 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Norton
2008-11-19 16:34 . 2008-11-19 16:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\NortonInstaller
2008-11-19 15:07 . 2008-11-19 15:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-18 19:49 . 2008-11-19 17:43 <DIR> d-------- c:\program files\FinalUninstaller
2008-11-14 15:08 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Acoustica CD Label Maker
2008-11-14 15:08 . 2008-11-14 15:08 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Acoustica
2008-11-14 15:04 . 2008-11-19 17:44 <DIR> d-------- c:\program files\KnockOut 2(2)
2008-11-13 13:28 . 2008-11-19 01:28 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\nView_Wallpaper
2008-11-13 13:14 . 2008-11-13 13:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Grass Valley
2008-11-13 12:48 . 2008-11-18 18:28 499 --a------ c:\windows\PowerReg.dat
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\program files\Grass Valley
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\program files\Common Files\Grass Valley
2008-11-11 20:10 . 2008-11-11 20:10 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\VitySoft
2008-11-06 21:33 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2008-11-06 21:33 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2008-11-06 21:33 . 2007-04-25 16:20 4,030,144 --a------ c:\windows\system32\drivers\alcxwdm.sys
2008-11-06 21:33 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2008-11-06 21:33 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2008-11-06 21:31 . 2008-11-06 21:31 <DIR> d-------- c:\program files\Realtek AC97
2008-11-06 21:31 . 2007-04-16 15:28 577,536 --a------ c:\windows\SOUNDMAN.EXE
2008-11-06 21:31 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2008-11-06 21:31 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2008-11-06 21:13 . 2008-11-06 21:13 315,392 --a------ c:\windows\HideWin.exe
2008-11-06 02:10 . 2008-11-06 02:11 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Creative ASR2
2008-11-06 01:55 . 2008-11-19 18:32 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Simply Super Software
2008-11-06 01:55 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-06 01:55 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\unrar3.dll
2008-11-06 01:55 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-06 01:55 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-06 01:55 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-06 01:34 . 2008-11-06 21:44 60,416 --a------ c:\windows\ALCFDRTM.VER
2008-11-06 01:34 . 2008-11-06 01:34 60,416 --------- c:\windows\ALCFDRTM.EXE
2008-11-06 01:29 . 2008-11-06 01:29 123 --a------ c:\windows\rootkitno.ini
2008-11-06 00:31 . 2008-11-06 01:10 30,072 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 30,072 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 27,984 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 27,984 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:50 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2008-11-06 00:31 . 2008-11-06 01:50 1,080 --a------ c:\windows\system32\settings.sfm
2008-11-06 00:31 . 2008-11-06 01:10 384 --a------ c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.dat
2008-11-06 00:31 . 2008-11-06 01:10 384 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20011102}.dat
2008-11-06 00:19 . 2008-11-06 02:13 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Creative
2008-11-05 23:23 . 2008-11-05 23:23 (2) -rahs-ot- c:\windows\winstart.bat
2008-11-02 20:59 . 2008-11-02 20:59 169 --a------ c:\windows\RtlRack.ini
2008-11-02 20:59 . 2008-11-02 20:59 84 --a------ c:\windows\avrack.ini
2008-11-02 20:58 . 2002-11-21 15:07 765,952 --a------ c:\windows\system\crlds3d.dll
2008-11-02 20:58 . 2003-07-31 21:08 744 --------- c:\windows\system32\drivers\alcxinit.dat
2008-11-02 12:07 . 2003-07-10 11:00 222,293 -ra------ c:\windows\system32\SET3E.tmp
2008-11-02 01:51 . 1999-09-22 23:18 2,167,684 --------- c:\windows\system32\CT2MGM.SF2
2008-11-02 01:51 . 2000-02-25 12:49 1,048,576 --a------ c:\windows\system32\CT1MGM.ROM
2008-11-02 01:51 . 2008-11-02 01:51 184 --a------ c:\windows\system32\e000005.dat
2008-11-02 01:34 . 2008-07-07 10:37 15,896 --------- c:\windows\system32\drivers\PFModNT.sys
2008-11-02 01:10 . 2008-11-06 02:28 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-02 00:15 . 2008-06-27 19:21 100,888 --a------ c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTERFXFX.SYS
2008-11-01 23:02 . 2008-11-01 23:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2008-11-01 22:45 . 2008-04-14 00:15 49,408 --a------ c:\windows\system32\drivers\stream.sys
2008-11-01 22:45 . 2008-04-14 00:15 49,408 --a--c--- c:\windows\system32\dllcache\stream.sys
2008-11-01 22:25 . 2008-11-01 22:25 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 22:22 . 2008-11-01 22:22 319 --a------ c:\windows\game.ini
2008-10-30 14:11 . 2008-10-30 14:11 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\HDRsoft
2008-10-29 13:36 . 2008-10-29 13:36 <DIR> d-------- c:\program files\PhotomatixPro3
2008-10-23 16:07 . 2008-10-23 16:07 99,904 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-10-22 00:38 . 2008-10-22 01:02 <DIR> d-------- C:\ikony pro PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 22:15 --------- d-----w c:\program files\Ulead Systems
2008-11-19 22:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Symantec
2008-11-19 21:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-19 20:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 20:24 --------- d-----w c:\program files\particleIllusion_3
2008-11-19 17:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 17:35 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-19 16:44 --------- d-----w c:\program files\AKVIS
2008-11-19 16:43 --------- d-----w c:\program files\QuickTime
2008-11-19 16:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Canopus
2008-11-19 16:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-19 16:42 --------- d-----w c:\program files\Ashampoo
2008-11-19 12:53 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-18 20:51 --------- d-----w c:\program files\Microsoft IntelliType Pro
2008-11-18 19:04 --------- d-----w c:\documents and settings\Alan\Data aplikací\ZoomBrowser EX
2008-11-18 19:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\ZoomBrowser
2008-11-18 17:33 --------- d-----w c:\documents and settings\Alan\Data aplikací\Vso
2008-11-17 16:09 --------- d-----w c:\program files\EPSON Print CD
2008-11-17 11:31 --------- d-----w c:\documents and settings\Alan\Data aplikací\Canopus
2008-11-13 13:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-06 01:24 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-05 22:55 --------- d-----w c:\program files\Zoner
2008-11-05 22:26 --------- d-----w c:\program files\Spb Wallet
2008-11-05 21:58 --------- d-----w c:\program files\HeroCraft
2008-11-01 23:15 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-30 12:23 --------- d-----w c:\documents and settings\Alan\Data aplikací\Lasersoft Imaging
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 19:05 3,452 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-10-19 00:32 --------- d-----w c:\program files\Java
2008-10-11 13:53 --------- d-----w c:\documents and settings\Alan\Data aplikací\Canon
2008-10-06 19:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-06 19:26 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-06 19:26 --------- d-----w c:\program files\Common Files\xing shared
2008-10-06 19:26 --------- d-----w c:\program files\Common Files\Real
2008-10-06 17:03 --------- d-----w c:\program files\FrameShow
2008-10-04 11:40 --------- d-----w c:\program files\Codec Pack - All In 1
2008-10-04 11:38 737,280 ----a-w c:\windows\iun6002.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 15:43 84,936 ----a-w c:\windows\system32\ElbyVCD.dll
2008-09-27 00:32 --------- d-----w c:\program files\CoreCodec
2008-09-26 23:43 --------- d-----w c:\documents and settings\Alan\Data aplikací\CoreCodec
2008-09-26 23:04 --------- d-----w c:\program files\Sony
2008-09-26 22:10 --------- d-----w c:\program files\FLAC
2008-09-26 21:29 --------- d-----w c:\program files\SystemRequirementsLab
2008-09-24 10:29 29,184 ----a-w c:\windows\system32\drivers\VClone.sys
2008-09-22 23:37 --------- d-----w c:\program files\DVD-RB PRO
2008-09-22 23:31 --------- d-----w c:\program files\Sony Setup
2008-09-22 23:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sony
2008-09-22 15:58 --------- d-----w c:\program files\Imagineer Systems Ltd
2008-09-22 14:21 --------- d-----w c:\program files\FOX Video Converter
2008-09-22 14:20 81,920 ----a-w c:\documents and settings\Alan\Data aplikací\ezpinst.exe
2008-09-22 14:20 47,360 ----a-w c:\documents and settings\Alan\Data aplikací\pcouffin.sys
2008-09-22 13:45 --------- d-----w c:\program files\VSO
2008-09-21 23:00 817,664 ---h--w c:\windows\system32\wodfamoh.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-07 11:12 203,776 ----a-w c:\windows\system32\clrviddc.dll
2008-09-07 08:34 34,308 ----a-w c:\windows\system32\Chip.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-05-23 20:50 0 -c--a-w c:\documents and settings\All Users\Data aplikací\PKP_DLbz.DAT
2008-04-25 14:54 8 --sh--r c:\documents and settings\All Users\Data aplikací\92FE4C067B.sys
2008-03-19 19:16 624 ----a-w c:\program files\MyMobiler.lnk
2006-08-20 20:10 513,608 ----a-w c:\documents and settings\Alan\Data aplikací\GDIPFONTCACHEV1.DAT
2004-06-21 12:23 1,319,424 ----a-w c:\program files\MysticalTTC.exe
2003-12-04 16:01 1,419,264 ----a-w c:\program files\Mystical_PlugIn_TTC.8bf
2001-07-17 15:15 66,680 ----a-w c:\program files\ARDS1.ttf
2006-04-22 10:14 56 --sha-r c:\windows\system32\040D52D172.sys
2007-04-28 12:20 88 --sha-r c:\windows\system32\92FE4C067B.sys
2007-06-06 18:52 8,036 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Lto Manager"="c:\program files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2006-04-13 53248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" [2002-12-03 c:\windows\MIDIDEF.EXE]

c:\documents and settings\Alan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-08-24 110592]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-09-07 114688]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-04 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Expression\\Media Reader 1.0\\MediaReader.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2008-11-02 15896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2008-09-07 6016]

*Newly Created Service* - PROCEXP90
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-RemoteControl - (no file)
HKLM-Run-RemoteCenter - (no file)
HKLM-Run-CTXFIREG - CTxfiReg.exe


.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\Alan\Data aplikací\Mozilla\Firefox\Profiles\edmvs930.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.cz/
FF -: plugin - c:\documents and settings\Alan\Data aplikacĂ­\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 16:33:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?W??146&?V??\???8????????V??8????V??B\RO????8???????????????????????????h?????6~?V???????????b@?????????????????@$?|?????$?|??7~??@???:~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-20 16:35:04
ComboFix-quarantined-files.txt 2008-11-20 15:34:38

Před spuštěním: Volných bajtů: 18 992 713 728
Po spuštění: Volných bajtů: 19,093,032,960

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

390 --- E O F --- 2008-11-19 18:22:19

[jaro3]

Ještě tam jsou šmejdi...
Zkus nyní ještě ten SDFix.Kdyby nešel tak:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Alan-K]

...tak doufám, že jsem to udělal správně, SDFix mi jednou, tedy asi na třetí pokus proběhl v nouzovém režimu, v nornálním režimu padá...

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1414
Windows 5.1.2600 Service Pack 3

2008-11-20 20:09:09
mbam-log-2008-11-20 (20-09-09).txt

Typ skenu: Rychlý sken
Objektu skenováno: 62276
Uplynulý cas: 3 minute(s), 51 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Co se dá dělat, časem jsem dodám soubory na virustotal nebo script do CF.

[Alan-K]

Nové modré okno...


pocitace

IRQL_NOT_LESS_OR_EQUAL

pokud je to poprve, co vidite tuto obrazovkus chybou zastaveni pocitac,
restartujte pocitac. pokud se obrazovka objevi znovu, pokracujte temito kroky:

ujistete se, ze novy hardware a software jsou spravne nainstalovany.
pokud se jedna o novou instalaci, obratte se na dodavatele hardwaru nebo
softwaru a vyzadejte si pripadne aktualizace systemu windows

pokud potize potrvaji, vypnete nebo odeberte instalovany hardware
nbo software. zakazte mozosti pameti systemu BIOS, napriklad ukladani
do mezipameti nebo stinove rizeni.
pokud potrebujete pro odebrani nebo vypnuti soucasti pouzit nouzovy rezim,
restartujte pocitac, po stisknuti klavesy F8 vyberte upresnit moznosti
spousteni a pote vyberte polozku nouzovy rezim.

Technicke informace:

*** STOP: 0x0000000A (0x00040001,0x00000002,0x00000001,0x80701A2A)

Zahajovani vypisu fyzicke pameti RAM
vypis fyzicke pameti RAM na disk: (tady běží počítadlo 1-?)

Doufám, že jsem to opsal přesně, za případné chyby se omlouvám...

[Alan-K]

.. a teď mi několikrát při startu ještě vyskočilo toto:

http://oca.microsoft.com/resredit.aspx? ... usive%2b20%State=1&ID=bbba2125-601c-43ed-96b6-83e703b9637d&lcid=1029&OS=5.1.2600.2.00010100.3.0. Přesvědčete se, zda je název zadán správně, a akci opakujete. Pro hledání souboru klepněte na tlačítko Start a pak na položku hledat.

Jako normální oknu ve Windows...teda varovné, né normální...

[jaro3]

Co s tím , je to zavirovaný ještě nejspíš chyba HW/SW. S tou chybou nevím, ovladače, HDD, RAM:
http://support.microsoft.com/kb/314063/cs

Kdyby se to zmátořilo:
Toto otestuj na Virustotal
c:\windows\PowerReg.dat
c:\windows\rootkitno.ini
c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
c:\windows\system32\settingsbkup.sfm
c:\windows\system32\settings.sfm
c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.dat
c:\windows\winstart.bat
c:\windows\system32\e000005.dat
c:\windows\system32\wodfamoh.dll
c:\documents and settings\All Users\Data aplikací\92FE4C067B.sys
c:\documents and settings\Alan\Data aplikací\GDIPFONTCACHEV1.DAT
c:\windows\system32\040D52D172.sys
c:\windows\system32\92FE4C067B.sys

Vlož sem výsledky nákaz , pokud bude 0/36, tak to sem nedávej.
Pak mám ještě script, ale až po výsledku, zítra.

[Alan-K]

...tak tady to je, některé soubory tam nejsou, možná je vymazal SDFix...tam, kde nic nebylo jsem připsal čisté a u toho jednoho tam byl ten samý soubor dvakrát a v obouch něco ...asi je?



c:\windows\PowerReg.dat čisté
c:\windows\rootkitno.ini čisté
c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx čisté
c:\windows\system32\settingsbkup.sfm čisté
c:\windows\system32\settings.sfm čisté
c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.dat čisté
c:\windows\winstart.bat jsem nenašel
c:\windows\system32\e000005.dat čisté
c:\windows\system32\wodfamoh.dll tam byl dvakrát a něco tam je (viz dole)
c:\documents and settings\All Users\Data aplikací\92FE4C067B.sys jsem nenašel
c:\documents and settings\Alan\Data aplikací\GDIPFONTCACHEV1.DAT čisté
c:\windows\system32\040D52D172.sys jsem nenašel
c:\windows\system32\92FE4C067B.sys jsem nenašel


Soubor wodfamod.dll přijatý 2008.11.20 22:31:33 (CET)
Současný stav: Dokončeno
Výsledek: 1/36 (2.78%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 -
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 -
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 -
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.20 -
NOD32 3628 2008.11.20 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.20 -
Rising 21.04.32.00 2008.11.20 -
SecureWeb-Gateway 6.7.6 2008.11.20 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 Trojan-Downloader.Win32.VB.ji
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Rozšiřující informace
File size: 221184 bytes
MD5...: 3ccef7d3cc4ea8dfac701d79a0433cd8
SHA1..: bfec4572f992bc09a30fdff4bea59919e7c909a4
SHA256: 62caf57652b9445b1cc1e0d6b25bb8da79970690221e84811ca2b7f088d0ec8f
SHA512: 5ae9060d590d430b9685d112de5806cc0b71ca1f434313cbe7018bb27d8f9c79
fe70037d2aaff950d265cc0d9396dd469722eca60e0dd0f1e3c09338f1f68d1d
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10053001
timedatestamp.....: 0x3fb477d8 (Fri Nov 14 06:36:08 2003)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x28000 0x13200 8.00 b0ad5dbdf35f68a473ad3b1ce2efbee7
.rdata 0x29000 0x5000 0x5000 5.08 be14a622abd7f94fa681220217f08461
.data 0x2e000 0x7000 0xe00 7.74 8b857d5511f63a1cf4aa6f5ddd32a24a
.rsrc 0x35000 0x1b000 0x1a000 8.00 16f0a15ee7de2622e7bac5775460f5b3
.reloc 0x50000 0x3000 0x1400 7.89 8e143693bedec7550798b9a8e209c154
.aspack 0x53000 0x2000 0x1600 5.63 acb1c33b449195c0cc9d05752c2c69a6
.adata 0x55000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 10 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetDlgItem
> gdi32.dll: SwapBuffers
> comdlg32.dll: GetOpenFileNameA
> advapi32.dll: RegQueryValueExA
> ole32.dll: CreateStreamOnHGlobal
> avifil32.dll: AVISaveOptions
> gdiplus.dll: GdipCreateFontFamilyFromName
> opengl32.dll: glTexEnvf
> glu32.dll: gluScaleImage

( 0 exports )
packers (Kaspersky): ASPack
packers (F-Prot): Aspack

Soubor wodfamoh.dll přijatý 2008.11.20 22:38:07 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 2/36 (5.56%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.20 -
AntiVir 7.9.0.34 2008.11.20 -
Authentium 5.1.0.4 2008.11.20 -
Avast 4.8.1281.0 2008.11.20 -
AVG 8.0.0.199 2008.11.20 -
BitDefender 7.2 2008.11.20 -
CAT-QuickHeal 10.00 2008.11.20 -
ClamAV 0.94.1 2008.11.20 -
DrWeb 4.44.0.09170 2008.11.20 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6219 2008.11.20 -
Ewido 4.0 2008.11.20 -
F-Prot 4.4.4.56 2008.11.20 -
F-Secure 8.0.14332.0 2008.11.20 -
Fortinet 3.117.0.0 2008.11.20 -
GData 19 2008.11.20 -
Ikarus T3.1.1.45.0 2008.11.20 Virus.Win32.Ganda
K7AntiVirus 7.10.529 2008.11.20 -
Kaspersky 7.0.0.125 2008.11.20 -
McAfee 5440 2008.11.20 -
Microsoft 1.4104 2008.11.20 -
NOD32 3628 2008.11.20 -
Norman 5.80.02 2008.11.20 -
Panda 9.0.0.4 2008.11.20 -
PCTools 4.4.2.0 2008.11.20 -
Prevx1 V2 2008.11.20 -
Rising 21.04.32.00 2008.11.20 -
SecureWeb-Gateway 6.7.6 2008.11.20 -
Sophos 4.35.0 2008.11.20 -
Sunbelt 3.1.1801.2 2008.11.14 Trojan-Downloader.Win32.VB.ji
Symantec 10 2008.11.20 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.20 -
VBA32 3.12.8.9 2008.11.20 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.20 -
Rozšiřující informace
File size: 817664 bytes
MD5...: b9ebf5a4b313a78eba3cfb723cce984d
SHA1..: 2cee7dddbcc9ebfdf4c9047dffa795ab8fbf8fcc
SHA256: d120a0ba1098654801bfb1c9ce8ba6126556086398dcfab1aa3f5cbed0dc8939
SHA512: db1b77a29efd05e7b6a916f820b43ed48ab0179e6dcce1288eb37b09eb3c8021
b9870b6fc05fe702aafbd55d3c5a87ca495f6c108df41a2b246cd5bbc96473c3
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10107001
timedatestamp.....: 0x4517b2ca (Mon Sep 25 10:43:22 2006)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x41000 0x1de00 8.00 ecca931392a31ac77a401fa133b7d63f
.rdata 0x42000 0x7000 0x7000 5.33 63d3034b528f57c14acd758c33b4172e
.data 0x49000 0xf000 0x1200 7.57 62b909793465acb3122430e905490e58
.rsrc 0x58000 0xab000 0x9e000 8.00 2b7364c572f3f384480c19635e09608e
.reloc 0x103000 0x4000 0x1e00 7.83 4d27b99f6fb860e7c607cfc0fe677edd
.aspack 0x107000 0x2000 0x1600 5.58 11cc4367711f1da68805dde6b3661672
.adata 0x109000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 9 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: InvalidateRect
> gdi32.dll: DeleteDC
> comdlg32.dll: GetOpenFileNameA
> ole32.dll: CreateStreamOnHGlobal
> avifil32.dll: AVIStreamRelease
> opengl32.dll: wglGetProcAddress
> glu32.dll: gluOrtho2D
> gdiplus.dll: GdipResetPath

( 0 exports )
packers (Kaspersky): ASPack
packers (F-Prot): Aspack

[jaro3]

Je divný , že tam máš dvakrát Windows Defender a Windows Sidebar, koukni tam (program files)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\SDFix

Files::
c:\windows\system32\wodfamoh.dll
c:\windows\system32\SET3E.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.

//EDIT:Máš dva na testy: Soubor wodfamod.dll přijatý 2008.11.20 22:31:33 (CET)
a
Soubor wodfamoh.dll přijatý 2008.11.20 22:38:07 (CET)
Pokud je tam máš tak ten script bude takto:

Kód: Vybrat vše

Folder::
C:\SDFix

Files::
c:\windows\system32\wodfamoh.dll
c:\windows\system32\wodfamod.dll
c:\windows\system32\SET3E.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


[Alan-K]

...zdravim, dopoledne jsem dodělal Scan System s antivirem AVIRA...našel mi dva "viry" (downloader a trojan)...vymazal jsem z plochy jeden texták do koše a koš jsem vysypal....PC šlo v "pohodě" asi 6 hodin...restartoval jsem a v koši byl ten vysypanej texták, a Scan System mi zase hlásí už dva "viry"...

Složku Windows Defender jsem už včera mazal, protože ho nemám nainstalovaný déle jak...????
A Windows sidebar byli obě prázdné, tak jsem je smazal taky...

Teď jdu dělat to co jsi my popsal výše...jestli to nezvořu...

--- tady je výpis z Avira ---



Avira AntiVir Personal
Report file date: 2008-11-21 13:29

Scanning for 1045334 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ALAN-FA8D0V0D2Z

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 00:08:47
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 00:08:49
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 00:08:49
ANTIVIR3.VDF : 7.1.0.120 150528 Bytes 2008-11-21 12:29:12
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-21 00:08:57
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-21 00:08:56
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-21 00:08:55
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-21 00:08:54
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-21 00:08:54
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-21 00:08:53
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-21 00:08:52
AEGEN.DLL : 8.1.1.5 323956 Bytes 2008-11-21 12:29:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 2008-11-21 12:29:12
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-21 00:08:50
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2008-11-21 13:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'SD Monitor.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'CtHelper.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'type32.exe' - '1' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
Scan process 'umonit.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '66' files ).


Starting the file scan:

Begin scan in 'C:\' <BOSS>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\EPSON\spr200\win2000\SETUP\SETUP.EXE
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> epstp32u.exe
[2] Archive type: RSRC
--> Object
[3] Archive type: CAB (Microsoft)
--> EPSPTDVE.EXE
[4] Archive type: RSRC
--> Object
[5] Archive type: CAB (Microsoft)
--> EPSTL216.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab
[0] Archive type: CAB (Microsoft)
--> OUTLACCT.DLL
[DETECTION] Contains HEUR/Damaged suspicious code
--> OLKFSTUB.DLL
[DETECTION] Contains HEUR/Damaged suspicious code
[NOTE] The file was deleted!
C:\MSOCache\All Users\{90120000-00A1-0405-0000-0000000FF1CE}-C\OnoteLR.cab
[0] Archive type: CAB (Microsoft)
--> ONGUIDE.ONEPKG_1029
[1] Archive type: CAB (Microsoft)
--> Zaￄﾍￃﾭnￃﾡme s aplikacￃﾭ OneNote.one
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> FONTHASH.BIN_1033
[WARNING] No further files can be extracted from this archive. The archive will be closed


End of the scan: 2008-11-21 13:50
Used time: 20:32 Minute(s)

The scan has been canceled!

6325 Scanning directories
123597 Files were scanned
0 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
123593 Files not concerned
866 Archives were scanned
5 Warnings
1 Notes

[Alan-K]

Takže ten první script jsem musel udělat, protože u toho druhého mi to asi 3x spadlo. Tady je ten první, Tvůj původní script a hned po něm tam je ten druhý v pořadí...

---1---
ComboFix 08-11-20.02 - Alan 2008-11-21 13:58:40.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3113 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Alan\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\AdminCheck2.txt
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\CSweg.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\CheckApina1.txt
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\attrib.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups_old\backupreg.zip
c:\sdfix\backups_old\catchme.log
c:\sdfix\backups_old\HOSTS
c:\sdfix\backups_old1\backupreg.zip
c:\sdfix\backups_old1\backups.zip
c:\sdfix\backups_old1\catchme.log
c:\sdfix\backups_old1\HOSTS
c:\sdfix\beepFA0.TXT
c:\sdfix\beepFA1.TXT
c:\sdfix\beepFA2.TXT
c:\sdfix\beepFA3.TXT
c:\sdfix\beepFA4.TXT
c:\sdfix\beepxcodec0.TXT
c:\sdfix\beepxcodec1.TXT
c:\sdfix\beepxcodec2.TXT
c:\sdfix\beepxcodec3.TXT
c:\sdfix\beepxcodec4.TXT
c:\sdfix\bpTEST1.TXT
c:\sdfix\bpTEST3.TXT
c:\sdfix\catchme.exe
c:\sdfix\Catchme.log
c:\sdfix\clean.reg
c:\sdfix\cleanD.reg
c:\sdfix\DBFix.bat
c:\sdfix\dnif.exe
c:\sdfix\dummy.exe
c:\sdfix\dummy.sys
c:\sdfix\editreg.exe
c:\sdfix\FilekillList1.txt
c:\sdfix\FileList2.txt
c:\sdfix\Find.txt
c:\sdfix\FindAdbandrun1.txt
c:\sdfix\FindAdbandrun2.txt
c:\sdfix\FindAdbandrun3.txt
c:\sdfix\FindAdbandrun3a.txt
c:\sdfix\FindAdbandrun4.txt
c:\sdfix\FindAdbandrun4a.txt
c:\sdfix\FindAdbandrun5.txt
c:\sdfix\FindAdbandrun6.txt
c:\sdfix\Findav2009.txt
c:\sdfix\Findav2009a.txt
c:\sdfix\Findbhos1.txt
c:\sdfix\FindIRCBrute.txt
c:\sdfix\Findroguerun1.txt
c:\sdfix\Findrun002.txt
c:\sdfix\Findrun002a.txt
c:\sdfix\Findrun30.txt
c:\sdfix\Findrun31.txt
c:\sdfix\Findrun31a.txt
c:\sdfix\Findrun31b.txt
c:\sdfix\Findrun32.txt
c:\sdfix\Findrunbifrose1.txt
c:\sdfix\Findrunbot1.txt
c:\sdfix\FindrunDW_Start.txt
c:\sdfix\CheckApin1.txt
c:\sdfix\CheckApin3.txt
c:\sdfix\Checkasp.txt
c:\sdfix\Checkcom.txt
c:\sdfix\Checkdllpatcher1.txt
c:\sdfix\Checkdllpatcherssod1.txt
c:\sdfix\Checkdllpatcherssod2.txt
c:\sdfix\CheckIRCNoPic0.txt
c:\sdfix\CheckKrakRuns.txt
c:\sdfix\CheckKrakRuns0.txt
c:\sdfix\CheckKrakRuns1.txt
c:\sdfix\CheckKrakRuns3.txt
c:\sdfix\CheckKrakRuns4.txt
c:\sdfix\CheckKrakRuns5.txt
c:\sdfix\CheckKrakRuns6.txt
c:\sdfix\CheckLDPINC1.txt
c:\sdfix\CheckProdID1.txt
c:\sdfix\CheckRuns.txt
c:\sdfix\CheckRuns2.txt
c:\sdfix\CheckRunsSrv1.txt
c:\sdfix\Checkss1.txt
c:\sdfix\Checkss2.txt
c:\sdfix\Checkss3.txt
c:\sdfix\Checkssnw1a.txt
c:\sdfix\Checkssnw2a.txt
c:\sdfix\Checkssnwprog2e.txt
c:\sdfix\ChecksTime1.txt
c:\sdfix\ChecksTime2.txt
c:\sdfix\CheckSTS1.txt
c:\sdfix\CheckSTS2.txt
c:\sdfix\Checkusersdir1a.txt
c:\sdfix\Checkusersdir2a.txt
c:\sdfix\ndl
c:\sdfix\RemLat.txt
c:\sdfix\Remlat1.txt
c:\sdfix\Remlat2.txt
c:\sdfix\Remlat3.txt
c:\sdfix\Remlat4.txt
c:\sdfix\Remlat6a.txt
c:\sdfix\Remlat6b.txt
c:\sdfix\Remlat6c.txt
c:\sdfix\Remlat6d.txt
c:\sdfix\Report.txt
c:\sdfix\Report_old_1.txt
c:\sdfix\Report_old_2.txt
c:\sdfix\rtsdnif.exe
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\temp00
c:\sdfix\TEST800.TXT
c:\sdfix\TEST801.TXT
c:\sdfix\TEST802.TXT
c:\sdfix\TEST803.TXT
c:\sdfix\TEST804.TXT
c:\sdfix\TEST805.TXT
c:\sdfix\TEST806.TXT
c:\sdfix\TESTADMedBHO1a.txt
c:\sdfix\TESTADS1.txt
c:\sdfix\TESTADS2.txt
c:\sdfix\TESTADS3.txt
c:\sdfix\TESTADS4.txt
c:\sdfix\TESTADS5.txt
c:\sdfix\TESTADS6.txt
c:\sdfix\TESTAv20081.txt
c:\sdfix\TESTbambanner3.txt
c:\sdfix\TESTbank2.TXT
c:\sdfix\TESTbdat1.TXT
c:\sdfix\TESTbdat1a.TXT
c:\sdfix\TESTbdat2.TXT
c:\sdfix\TESTbdat2a.TXT
c:\sdfix\TESTbdat3.TXT
c:\sdfix\TESTbdat3a.TXT
c:\sdfix\TESTbdat4.TXT
c:\sdfix\TESTbdat4a.TXT
c:\sdfix\TESTbho.txt
c:\sdfix\TESTBHO12.TXT
c:\sdfix\TESTBHO13.TXT
c:\sdfix\TESTBHO15.TXT
c:\sdfix\TESTBHO16.TXT
c:\sdfix\TESTBHO18.TXT
c:\sdfix\TESTBHO18a.TXT
c:\sdfix\TESTBHO18B.TXT
c:\sdfix\TESTBHO19.TXT
c:\sdfix\TESTBHO19a.TXT
c:\sdfix\TESTBHO19B.TXT
c:\sdfix\TESTBHOa.TXT
c:\sdfix\TESTBITS00.TXT
c:\sdfix\TESTBITS1.TXT
c:\sdfix\TestbotsServ1.txt
c:\sdfix\TestbotsServ2.txt
c:\sdfix\TESTBZ1.TXT
c:\sdfix\TESTBZ2.TXT
c:\sdfix\TESTClbtds3.txt
c:\sdfix\TESTClbtds3A.txt
c:\sdfix\TESTcpmsky3.txt
c:\sdfix\TESTCPVHKU0.txt
c:\sdfix\TESTcpvtoolbar1.txt
c:\sdfix\TESTdllpatcherbat.TXT
c:\sdfix\TESTDropper1.txt
c:\sdfix\TESTDropper2.txt
c:\sdfix\TestFakeAlertRun1.txt
c:\sdfix\TESTfakebsd0.txt
c:\sdfix\TESTfakeg4.TXT
c:\sdfix\TESTfakeg5.TXT
c:\sdfix\TESTfbsoda1.TXT
c:\sdfix\TESTfbsoda2.TXT
c:\sdfix\TESTgooochibrowser3.txt
c:\sdfix\TESTinnbanner1.txt
c:\sdfix\TESTLDPinch0.txt
c:\sdfix\TESTLDPinch1.txt
c:\sdfix\TESTLDPinch2.txt
c:\sdfix\TESTLDPinch3.txt
c:\sdfix\TESTLDPinch4a.txt
c:\sdfix\TESTLDPinch4b.txt
c:\sdfix\Testmbrsinowal1.txt
c:\sdfix\Testmbrsinowal3.txt
c:\sdfix\TESTmidi1.txt
c:\sdfix\TESTmidi2.txt
c:\sdfix\TESTmidi3.txt
c:\sdfix\TESTmidi4.txt
c:\sdfix\TESTmidi5.txt
c:\sdfix\TESTmirar1a.TXT
c:\sdfix\TESTmirar2a.TXT
c:\sdfix\TESTmxlivemedia3.txt
c:\sdfix\TESTMySidesearch3.txt
c:\sdfix\TESTNeb0.TXT
c:\sdfix\TESTNeb1.TXT
c:\sdfix\TESTNOTIF3.TXT
c:\sdfix\TESTNOTIF4.TXT
c:\sdfix\TESTPakesSpam1.TXT
c:\sdfix\TESTPakesSpam2.TXT
c:\sdfix\TESTProtect1.TXT
c:\sdfix\TESTPureMorph.TXT
c:\sdfix\TESTPureMorph00.TXT
c:\sdfix\TESTPureMorph01.TXT
c:\sdfix\TESTPureMorph0a.TXT
c:\sdfix\TESTPureMorph0b.TXT
c:\sdfix\TESTPureMorph0c.TXT
c:\sdfix\TESTPushbot1.TXT
c:\sdfix\TESTrightonadz3.txt
c:\sdfix\TESTRkAgent010.txt
c:\sdfix\TESTRkAgent0110.txt
c:\sdfix\TESTRkAgent10.txt
c:\sdfix\TESTRkAgent110.txt
c:\sdfix\TESTrkagentfile0.TXT
c:\sdfix\TESTrkagentfile1.TXT
c:\sdfix\TESTrkagentfile2.TXT
c:\sdfix\TESTrkagentfile3.TXT
c:\sdfix\TESTrkagentfile4.TXT
c:\sdfix\TESTrkagentfile5.TXT
c:\sdfix\TESTrkagentfile5a.TXT
c:\sdfix\TESTrkagentfile6.TXT
c:\sdfix\TESTrkagentfile7.TXT
c:\sdfix\TESTRkAgentnw1.txt
c:\sdfix\TESTRkAgentprotect1.txt
c:\sdfix\TESTRkAgentprotect2.txt
c:\sdfix\TESTRkAgentprotect3.txt
c:\sdfix\TESTrkagentsys1.TXT
c:\sdfix\TESTrkagentsys10.TXT
c:\sdfix\TESTrkagentsys11.TXT
c:\sdfix\TESTrkagentsys12.TXT
c:\sdfix\TESTrkagentsys13.TXT
c:\sdfix\TESTrkagentsys14.TXT
c:\sdfix\TESTrkagentsys2.TXT
c:\sdfix\TESTrkagentsys3.TXT
c:\sdfix\TESTrkagentsys4.TXT
c:\sdfix\TESTrkagentsys5.TXT
c:\sdfix\TESTrkagentsys6.TXT
c:\sdfix\TESTrkagentsys6a.TXT
c:\sdfix\TESTrkagentsys7.TXT
c:\sdfix\TESTrkagentsys7a.TXT
c:\sdfix\TESTrkagentsys8.TXT
c:\sdfix\TESTrkagentsys8a.TXT
c:\sdfix\TESTrkagentsys9.TXT
c:\sdfix\TESTrkCore1.TXT
c:\sdfix\TESTrkCore2.TXT
c:\sdfix\TESTrkCore3.TXT
c:\sdfix\TESTrkrustock1.TXT
c:\sdfix\TESTrkrustock1a.TXT
c:\sdfix\TESTrkrustock1b.TXT
c:\sdfix\TESTrkrustock1c.TXT
c:\sdfix\TESTrkrustock1d.TXT
c:\sdfix\TESTrkrustock1e.TXT
c:\sdfix\TESTrkrustock1f.TXT
c:\sdfix\TESTrkrustock1g.TXT
c:\sdfix\TESTrkrustock1h.TXT
c:\sdfix\TESTrkrustock1i.TXT
c:\sdfix\TESTrkrustock1j.TXT
c:\sdfix\TESTrkrustock1k.TXT
c:\sdfix\TESTrkrustock1l.TXT
c:\sdfix\TESTrkrustock1m.TXT
c:\sdfix\TESTrkrustock1n.TXT
c:\sdfix\TESTrkrustock1o.TXT
c:\sdfix\TESTrkrustock1p.TXT
c:\sdfix\TESTrkrustock1q.TXT
c:\sdfix\TESTrkrustock1r.TXT
c:\sdfix\TESTrkrustock1s.TXT
c:\sdfix\TESTrkrustock1t.TXT
c:\sdfix\TESTrkrustock1u.TXT
c:\sdfix\TESTrkrustock1v.TXT
c:\sdfix\TESTrkrustock1w.TXT
c:\sdfix\TESTrkrustock1x.TXT
c:\sdfix\TESTrkrustock1y.TXT
c:\sdfix\TESTrkrustock1z.TXT
c:\sdfix\TESTrkrustock1z1a.TXT
c:\sdfix\TESTrkrustock1z1b.TXT
c:\sdfix\TESTrkrustock1z1c.TXT
c:\sdfix\TESTrkrustock1z1e.TXT
c:\sdfix\TESTrkrustock1z1f.TXT
c:\sdfix\TESTrkrustock1z1g.TXT
c:\sdfix\TESTrkrustock1z1h.TXT
c:\sdfix\TESTrkrustock1z1i.TXT
c:\sdfix\TESTrkrustock1z1j.TXT
c:\sdfix\TESTrkrustock1z1k.TXT
c:\sdfix\TESTrkrustock1z1l.TXT
c:\sdfix\testruss1.txt
c:\sdfix\testruss1a.txt
c:\sdfix\testruss2.txt
c:\sdfix\testruss3.txt
c:\sdfix\TESTScreenSave1.TXT
c:\sdfix\TESTScreenSavebmp1.TXT
c:\sdfix\TESTSecCleaner.txt
c:\sdfix\TESTSecPro1.txt
c:\sdfix\TESTSecProar.txt
c:\sdfix\TESTsilentbanker1.TXT
c:\sdfix\TESTsilentbanker2.TXT
c:\sdfix\TESTspreadbot1.TXT
c:\sdfix\TESTssnw0a.TXT
c:\sdfix\testssodl.txt
c:\sdfix\TestStart0.txt
c:\sdfix\TestStart1.txt
c:\sdfix\TestStart2.txt
c:\sdfix\TestStart3.txt
c:\sdfix\TESTstartupusr.TXT
c:\sdfix\TESTStormRuns1a.txt
c:\sdfix\TESTStormRuns1b.txt
c:\sdfix\TESTStormRuns2.txt
c:\sdfix\TESTsts1.TXT
c:\sdfix\TESTsts1a.TXT
c:\sdfix\TESTsts2.TXT
c:\sdfix\TESTsuperiorads3.txt
c:\sdfix\TESTtaskmg1.TXT
c:\sdfix\TESTtdsss1.TXT
c:\sdfix\TESTtdsss1a.TXT
c:\sdfix\TESTtdsss1b.TXT
c:\sdfix\TESTtdsss2.TXT
c:\sdfix\TESTtdsss2a.TXT
c:\sdfix\TESTtdsss2b.TXT
c:\sdfix\TESTtdsss2c.TXT
c:\sdfix\TESTtdsss2d.TXT
c:\sdfix\TESTtdsss2e.TXT
c:\sdfix\TESTtdsss2f.TXT
c:\sdfix\TESTtdsss2g.TXT
c:\sdfix\TESTtdsss2h.TXT
c:\sdfix\TestTinyProxy1.txt
c:\sdfix\testTofsee1.txt
c:\sdfix\testTofsee1a.txt
c:\sdfix\testTofsee1b.txt
c:\sdfix\testTofsee5.txt
c:\sdfix\testTofsee5a.txt
c:\sdfix\testTofsee5b.txt
c:\sdfix\TESTTTCBHO1.TXT
c:\sdfix\TESTui0a.TXT
c:\sdfix\TESTui1.TXT
c:\sdfix\TESTui1a.TXT
c:\sdfix\TESTui2a.TXT
c:\sdfix\TESTui3a.TXT
c:\sdfix\TESTuisep08.TXT
c:\sdfix\TESTuisep08a.TXT
c:\sdfix\TESTuisep08b.TXT
c:\sdfix\TESTuisep08c.TXT
c:\sdfix\testusers1.txt
c:\sdfix\TESTVundo0.txt
c:\sdfix\TESTVundo1.txt
c:\sdfix\TESTVundofile1.txt
c:\sdfix\TESTVundofile2.txt
c:\sdfix\TESTWOUT1.txt
c:\sdfix\TESTWOUT2.txt
c:\sdfix\TESTXorpix1.txt
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\wlog1.txt
c:\sdfix\wlog2.txt
c:\sdfix\XP_VirusAlert_Repair.inf
.
---- Previous Run -------
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://gllto.glpals.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-21 do 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-21 09:02 . 2008-11-21 09:02 <DIR> d--hs---- C:\found.000
2008-11-21 01:07 . 2008-11-21 01:07 <DIR> d-------- c:\program files\Avira
2008-11-21 01:07 . 2008-11-21 01:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avira
2008-11-21 00:22 . 2008-11-21 00:54 <DIR> d-------- c:\program files\UnHackMe
2008-11-20 21:36 . 2008-11-20 21:36 <DIR> d-------- C:\rsit
2008-11-20 20:01 . 2008-11-20 20:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-20 20:01 . 2008-11-20 20:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-20 20:01 . 2008-11-20 20:01 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Malwarebytes
2008-11-20 20:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 20:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 17:29 . 2008-11-20 17:29 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Sony Ericsson
2008-11-20 00:25 . 2008-11-20 00:25 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\AltrixSoft
2008-11-20 00:24 . 2008-11-20 00:24 <DIR> d-------- c:\program files\Hard Drive Inspector
2008-11-19 20:50 . 2008-11-19 20:50 <DIR> d-------- c:\program files\RegCleaner
2008-11-19 19:05 . 2008-11-19 19:18 <DIR> d-------- c:\program files\SeaTools Enterprise
2008-11-19 19:05 . 2008-11-19 19:05 0 --a------ c:\windows\PROTOCOL.INI
2008-11-19 17:44 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Common Files\Canopus Shared
2008-11-19 17:44 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Canopus
2008-11-19 15:07 . 2008-11-19 15:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-18 19:49 . 2008-11-19 17:43 <DIR> d-------- c:\program files\FinalUninstaller
2008-11-14 15:08 . 2008-11-19 17:44 <DIR> d-------- c:\program files\Acoustica CD Label Maker
2008-11-14 15:08 . 2008-11-14 15:08 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Acoustica
2008-11-14 15:04 . 2008-11-19 17:44 <DIR> d-------- c:\program files\KnockOut 2(2)
2008-11-13 13:28 . 2008-11-19 01:28 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\nView_Wallpaper
2008-11-13 13:14 . 2008-11-13 13:14 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Grass Valley
2008-11-13 12:48 . 2008-11-18 18:28 499 --a------ c:\windows\PowerReg.dat
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\program files\Grass Valley
2008-11-13 11:22 . 2008-11-13 11:22 <DIR> d-------- c:\program files\Common Files\Grass Valley
2008-11-11 20:10 . 2008-11-11 20:10 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\VitySoft
2008-11-06 21:33 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2008-11-06 21:33 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2008-11-06 21:33 . 2007-04-25 16:20 4,030,144 --a------ c:\windows\system32\drivers\alcxwdm.sys
2008-11-06 21:33 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2008-11-06 21:33 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2008-11-06 21:31 . 2008-11-06 21:31 <DIR> d-------- c:\program files\Realtek AC97
2008-11-06 21:31 . 2007-04-16 15:28 577,536 --a------ c:\windows\SOUNDMAN.EXE
2008-11-06 21:31 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2008-11-06 21:31 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2008-11-06 21:13 . 2008-11-06 21:13 315,392 --a------ c:\windows\HideWin.exe
2008-11-06 02:10 . 2008-11-06 02:11 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Creative ASR2
2008-11-06 01:55 . 2008-11-19 18:32 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Simply Super Software
2008-11-06 01:55 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-06 01:55 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\unrar3.dll
2008-11-06 01:55 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-06 01:55 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-06 01:55 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-06 01:34 . 2008-11-06 21:44 60,416 --a------ c:\windows\ALCFDRTM.VER
2008-11-06 01:34 . 2008-11-06 01:34 60,416 --------- c:\windows\ALCFDRTM.EXE
2008-11-06 01:29 . 2008-11-06 01:29 123 --a------ c:\windows\rootkitno.ini
2008-11-06 00:31 . 2008-11-06 01:10 30,072 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 30,072 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 27,984 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:10 27,984 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-06 00:31 . 2008-11-06 01:50 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2008-11-06 00:31 . 2008-11-06 01:50 1,080 --a------ c:\windows\system32\settings.sfm
2008-11-06 00:31 . 2008-11-06 01:10 384 --a------ c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-20011102}.dat
2008-11-06 00:31 . 2008-11-06 01:10 384 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20011102}.dat
2008-11-06 00:19 . 2008-11-06 02:13 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\Creative
2008-11-05 23:23 . 2008-11-21 00:23 (2) -rahs-ot- c:\windows\winstart.bat
2008-11-02 20:59 . 2008-11-02 20:59 169 --a------ c:\windows\RtlRack.ini
2008-11-02 20:59 . 2008-11-02 20:59 84 --a------ c:\windows\avrack.ini
2008-11-02 20:58 . 2002-11-21 15:07 765,952 --a------ c:\windows\system\crlds3d.dll
2008-11-02 20:58 . 2003-07-31 21:08 744 --------- c:\windows\system32\drivers\alcxinit.dat
2008-11-02 12:07 . 2003-07-10 11:00 222,293 -ra------ c:\windows\system32\SET3E.tmp
2008-11-02 01:51 . 1999-09-22 23:18 2,167,684 --------- c:\windows\system32\CT2MGM.SF2
2008-11-02 01:51 . 2000-02-25 12:49 1,048,576 --a------ c:\windows\system32\CT1MGM.ROM
2008-11-02 01:51 . 2008-11-02 01:51 184 --a------ c:\windows\system32\e000005.dat
2008-11-02 01:34 . 2008-07-07 10:37 15,896 --------- c:\windows\system32\drivers\PFModNT.sys
2008-11-02 01:10 . 2008-11-06 02:28 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-20011102}.rfx
2008-11-02 00:15 . 2008-06-27 19:21 100,888 --a------ c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTERFXFX.SYS
2008-11-01 23:02 . 2008-11-01 23:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\nView_Profiles
2008-11-01 22:45 . 2008-04-14 00:15 49,408 --a------ c:\windows\system32\drivers\stream.sys
2008-11-01 22:45 . 2008-04-14 00:15 49,408 --a--c--- c:\windows\system32\dllcache\stream.sys
2008-11-01 22:25 . 2008-11-01 22:25 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 22:22 . 2008-11-01 22:22 319 --a------ c:\windows\game.ini
2008-10-30 14:11 . 2008-10-30 14:11 <DIR> d-------- c:\documents and settings\Alan\Data aplikací\HDRsoft
2008-10-29 13:36 . 2008-10-29 13:36 <DIR> d-------- c:\program files\PhotomatixPro3
2008-10-23 16:07 . 2008-10-23 16:07 99,904 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-10-22 00:38 . 2008-10-22 01:02 <DIR> d-------- C:\ikony pro PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 23:53 --------- d-----w c:\program files\Java
2008-11-20 23:52 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-20 23:33 --------- d-----w c:\program files\Quick GPS Connection Data Download Manager
2008-11-20 23:21 --------- d-----w c:\documents and settings\Alan\Data aplikací\ZoomBrowser EX
2008-11-19 22:15 --------- d-----w c:\program files\Ulead Systems
2008-11-19 22:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Symantec
2008-11-19 20:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 20:24 --------- d-----w c:\program files\particleIllusion_3
2008-11-19 17:44 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-19 17:35 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-19 16:44 --------- d-----w c:\program files\AKVIS
2008-11-19 16:43 --------- d-----w c:\program files\QuickTime
2008-11-19 16:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Canopus
2008-11-19 16:43 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2008-11-19 16:42 --------- d-----w c:\program files\Ashampoo
2008-11-19 12:53 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-11-18 20:51 --------- d-----w c:\program files\Microsoft IntelliType Pro
2008-11-18 19:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\ZoomBrowser
2008-11-18 17:33 --------- d-----w c:\documents and settings\Alan\Data aplikací\Vso
2008-11-17 16:09 --------- d-----w c:\program files\EPSON Print CD
2008-11-17 11:31 --------- d-----w c:\documents and settings\Alan\Data aplikací\Canopus
2008-11-13 13:04 --------- d-----w c:\program files\Common Files\Adobe
2008-11-05 22:55 --------- d-----w c:\program files\Zoner
2008-11-05 22:26 --------- d-----w c:\program files\Spb Wallet
2008-11-05 21:58 --------- d-----w c:\program files\HeroCraft
2008-11-01 23:15 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-30 12:23 --------- d-----w c:\documents and settings\Alan\Data aplikací\Lasersoft Imaging
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 19:05 3,452 --sha-w c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2008-10-11 13:53 --------- d-----w c:\documents and settings\Alan\Data aplikací\Canon
2008-10-06 19:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-06 19:26 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-06 19:26 --------- d-----w c:\program files\Common Files\xing shared
2008-10-06 19:26 --------- d-----w c:\program files\Common Files\Real
2008-10-06 17:03 --------- d-----w c:\program files\FrameShow
2008-10-04 11:40 --------- d-----w c:\program files\Codec Pack - All In 1
2008-10-04 11:38 737,280 ----a-w c:\windows\iun6002.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 15:43 84,936 ----a-w c:\windows\system32\ElbyVCD.dll
2008-09-27 00:32 --------- d-----w c:\program files\CoreCodec
2008-09-26 23:43 --------- d-----w c:\documents and settings\Alan\Data aplikací\CoreCodec
2008-09-26 23:04 --------- d-----w c:\program files\Sony
2008-09-26 22:10 --------- d-----w c:\program files\FLAC
2008-09-26 21:29 --------- d-----w c:\program files\SystemRequirementsLab
2008-09-24 10:29 29,184 ----a-w c:\windows\system32\drivers\VClone.sys
2008-09-22 23:37 --------- d-----w c:\program files\DVD-RB PRO
2008-09-22 23:31 --------- d-----w c:\program files\Sony Setup
2008-09-22 23:27 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sony
2008-09-22 15:58 --------- d-----w c:\program files\Imagineer Systems Ltd
2008-09-22 14:21 --------- d-----w c:\program files\FOX Video Converter
2008-09-22 14:20 81,920 ----a-w c:\documents and settings\Alan\Data aplikací\ezpinst.exe
2008-09-22 14:20 47,360 ----a-w c:\documents and settings\Alan\Data aplikací\pcouffin.sys
2008-09-22 13:45 --------- d-----w c:\program files\VSO
2008-09-21 23:00 817,664 ---h--w c:\windows\system32\wodfamoh.dll
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-07 11:12 203,776 ----a-w c:\windows\system32\clrviddc.dll
2008-09-07 08:34 34,308 ----a-w c:\windows\system32\Chip.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-05-23 20:50 0 -c--a-w c:\documents and settings\All Users\Data aplikací\PKP_DLbz.DAT
2008-04-25 14:54 8 --sh--r c:\documents and settings\All Users\Data aplikací\92FE4C067B.sys
2008-03-19 19:16 624 ----a-w c:\program files\MyMobiler.lnk
2004-06-21 12:23 1,319,424 ----a-w c:\program files\MysticalTTC.exe
2003-12-04 16:01 1,419,264 ----a-w c:\program files\Mystical_PlugIn_TTC.8bf
2001-07-17 15:15 66,680 ----a-w c:\program files\ARDS1.ttf
2006-04-22 10:14 56 --sha-r c:\windows\system32\040D52D172.sys
2007-04-28 12:20 88 --sha-r c:\windows\system32\92FE4C067B.sys
2007-06-06 18:52 8,036 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-20_16.34.18,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-20 13:50:44 827,392 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-20 18:32:08 1,069,056 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
- 2008-11-20 13:50:44 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-11-20 18:32:08 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-09 12:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-11-21 00:08:58 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-11-20 15:19:11 12,372 ----a-w c:\windows\system32\Tablet.dat
+ 2008-11-21 12:27:57 12,372 ----a-w c:\windows\system32\Tablet.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2006-07-26 53248]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" [2002-12-03 c:\windows\MIDIDEF.EXE]

c:\documents and settings\Alan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-08-24 110592]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-09-07 114688]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-04 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Expression\\Media Reader 1.0\\MediaReader.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe" [2008-11-21 68865]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2008-11-02 15896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-14 69120]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS []
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2008-09-07 6016]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 14:02:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?USB\V?W??146&?V??\???8????????V??8????V??B\RO????8???????????????????????????h?????6~?V???????????b@?????????????????@$?|?????$?|??7~??@???:~????????????????????@???????????????t??????????????|`$?|?????$?|U$?|??????????????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-21 14:03:55
ComboFix-quarantined-files.txt 2008-11-21 13:03:46
ComboFix2.txt 2008-11-20 18:11:18
ComboFix3.txt 2008-11-20 15:35:05

Před spuštěním: Volných bajtů: 18,612,666,368
Po spuštění: Volných bajtů: 18,586,992,640

719 --- E O F --- 2008-11-19 18:22:19